Senate committee calls for privacy law updates in response to Statistics Canada plan

(Dec 14, 2018) The Senate Committee on Banking, Trade and Commerce urges the federal government to update privacy legislation in response to Statistics Canada’s plan to obtain the financial information of 500,000 citizens, Global News reports. The committee’s report states the Canadian government should modernize the Privacy Act and the Personal Information Protection and Electronic Documents Act in order to bring Canada’s law closer to global legislation, such as the EU General Data Protection Regulation. “Ca... Read More

Survey: Majority of citizens favor federal US privacy law

(Dec 13, 2018) An online survey conducted by Arm Treasure Data found 72 percent of citizens are in favor of a federal U.S. privacy law, Multichannel Merchant reports. While the majority of the 600 individuals surveyed are in favor of a federal privacy law, most respondents have not asked companies to delete any personal data they may hold and do not plan to do so in the future. Only 15.1 percent asked a company to delete their data, and another 8.5 percent considered asking. Respondents also believe tech compa... Read More

MIT researchers develop algorithm to identify people in anonymized data sets

(Dec 11, 2018) A study published in “IEEE Transactions on Big Data” revealed how researchers were able to identify individuals from anonymized data sets produced within a city, Fast Company reports. The researchers took two data sets from Singapore that only had the time and place of each data point. The group from the MIT Senseable City Lab used an algorithm to match the users whose data was seen in both sets. Over the course of 11 weeks, the algorithm was able to match data subjects with a 95 percent accurac... Read More

New report compares GDPR to CCPA

(Dec 11, 2018) A report from the Future of Privacy Forum and DataGuidance provides a comparison of the EU General Data Protection Regulation and the California Consumer Privacy Act of 2018. “Comparing privacy laws: GDPR v. CCPA” highlights how the two differ in scope of applicability, collection limitations and accountability while also showing the similarities, including definitions, protections for minors under 16, and the inclusion of rights to access personal information. DataGuidance CEO David Longford sa... Read More

AI, machine learning, data privacy, blockchain top of mind for platforms

(Dec 11, 2018) Following the MIT Initiative on the Digital Economy’s 2018 Platform Strategy Summit, a 28-page conference report summarizes highlights and key takeaways from speakers. The report notes top issues for platforms included implications of artificial intelligence, machine learning, blockchain-enabled technologies, data privacy and emerging regulations. It also pointed to the competition for tech talent, the economic impact of digital platforms, and new opportunities as trends to watch. Speakers from ... Read More

Congressional report says Equifax breach was 'preventable'

(Dec 10, 2018) The U.S. House Oversight Committee released a report Monday on last year's data breach of Equifax, saying the incident was "entirely preventable" and that the company mishandled its response, according to Politico. "Equifax failed to fully appreciate and mitigate its cybersecurity risks," the Congressional report states. Two factors led to the breach: The company's structure allowed gaps between IT policy development and operations, and the company grew too fast, creating a series of legacy syst... Read More

Report finds 29 percent of EU organizations considered compliant with GDPR

(Dec 7, 2018) A report from IT Governance found that six months after the implementation of the EU General Data Protection Regulation, only 29 percent considered themselves compliant, TechRepublic reports. The report surveyed 210 firms across industries in the EU, finding that while nearly 60 percent were aware of data subject access requests, only 29 percent had plans to operationalize the change. The report also found that 61 percent of organizations said basic controls were in place to address data securit... Read More

Study: Canada's data breach rule may hurt SMBs

(Dec 7, 2018) A study from commercial insurer Aon examined the effects Canada’s new data breach notification law could have on small- and medium-sized businesses, the Canadian Underwriter reports. The study states those businesses may have to pay “crippling compliance costs,” as well as monitor the actions of third parties. “For organizations without appropriate cyber liability cover in place, responding to such a breach could be financially crippling,” the study finds. Aon recommends any small- or medium-siz... Read More

Dutch government commissioned DPIA on Microsoft Office ProPlus

(Dec 6, 2018) Privacy Company released the results of a data protection impact assessment commissioned by the Dutch government on Microsoft Office ProPlus. The DPIA was done to "help the individual government organisations map and assess the data protection risks for data subjects caused by this data processing, and to ensure adequate safeguards to prevent or at least mitigate these risks." The report covers descriptions of Office’s diagnostic data processing and the lawfulness of those activities. The DPIA a... Read More

Privacy Risk Study: Year 3

(Dec 6, 2018) Understanding risk is vital to the operation of a mature privacy program. Many privacy laws around the world, including the EU General Data Protection Regulation, are essentially exercises in risk assessment. What is the appropriate protection and policy, privacy pros are constantly asked, for a given data set? The answer to this question demands risk assessment. Luckily, because the U.S. Securities and Exchange Commission requires most publicly traded companies to annually disclose potential ri... Read More