Partisan split on federal US privacy law hinders progress

(Feb 19, 2019) The Wall Street Journal reports U.S. lawmakers continue to be divided on what form a federal U.S. privacy law should take. The partisan split stems from Republicans who seek national rules to override state laws and Democrats who do not want a federal law to replace stronger legislation found on the state level. “The fact that — even after many hearings last year on the misuse of personal data — not one consensus bill has been introduced is telling,” Georgetown Law Institute for Technology and P... Read More

Report looks at China's biotech development in the US

(Feb 19, 2019) A recent report from the U.S.-China Economic and Security Review Commission examines China’s biotechnology development, HealthITSecurity reports. Among the key findings, the report notes the Chinese government has identified health care–related data as important to the development of biotech and made its collection a national priority. The report notes, “Chinese biotechnology companies are acquiring technologies crucial to advancement in the field as well as amassing large collections of clinica... Read More

Potential privacy issues found in 2010 census data

(Feb 19, 2019) According to a top agency official at the U.S. Census Bureau, an internal team found that basic personal information for 138 million Americans could be reconstructed from encrypted 2010 census data, NBC News reports. Compromised data included age, gender, location, race and ethnicity but was only discovered through internal hacking efforts. The discovery has raised concern over the Trump administration’s attempt to add a citizenship question to the 2020 census. The agency plans to use a form of ... Read More

Roundup: Kenya, Canada, EU, US and more

(Feb 19, 2019) In this week's Privacy Tracker global legislative roundup, read about Kenya's recently amended national ID law that will require citizens, immigrants and refugees to share their DNA, GPS coordinates and various biometric data before receiving identification documents. The Romanian Presidency of the Council of Europe has released amended text for the proposed ePrivacy Regulation. The Supreme Court of Canada found that students had a reasonable expectation of privacy, even if the school employs se... Read More

Global News Roundup — Feb. 12–19, 2019

(Feb 19, 2019) In this week's Privacy Tracker global legislative roundup, read about Kenya's recently amended national ID law that will require citizens, immigrants and refugees to share their DNA, GPS coordinates and various biometric data before receiving identification documents. The Romanian Presidency of the Council of Europe has released amended text for the proposed ePrivacy Regulation. The Supreme Court of Canada found that students had a reasonable expectation of privacy, even if the school employs se... Read More

Notes from the IAPP Editorial Director, Feb. 15, 2019

(Feb 15, 2019) Greetings from Portsmouth, New Hampshire! This was a busy week for U.S.-based privacy news, so I'll cut to the chase. Both at the state and federal levels, new privacy laws are being considered or tweaked, as is the case of the California Consumer Privacy Act. On the state level and in part borrowing from the CCPA, Massachusetts state Sen. Cynthia Creem introduced new data privacy legislation that includes a consumer private right of action if their personal or biometric data is improperly coll... Read More

FTC negotiating multibillion-dollar fine with Facebook over privacy practices

(Feb 15, 2019) The U.S. Federal Trade Commission has entered negotiations with Facebook over a potential multibillion-dollar fine to settle the agency’s probe into the tech company’s privacy practices, The Washington Post reports. A pair of individuals close to the inquiry said Facebook has expressed concerns with the demands made by the FTC. While the two sides have not agreed on a total for the penalty, it is expected to be the largest fine ever administered by the agency. Facebook confirmed it has entered d... Read More

Wendy's to pay $50M to settle data breach lawsuit

(Feb 15, 2019) Reuters reports Wendy’s has agreed to pay $50 million to resolve a lawsuit tied to its 2015 data breach. The lawsuit was brought forward by financial institutions that allege the restaurant chain’s negligence allowed malicious actors to steal payment card information. The $50 million settlement will be distributed to 7,500 banks and credit unions that had to issue 18 million payment cards compromised in the incident. The settlement will be finalized after it receives court approval.Full Story... Read More

Student discovers vulnerability in Stanford's data management system

(Feb 15, 2019) A vulnerability in a third-party content management system used by Stanford University allowed students to view the Common Applications and high school transcripts of other Stanford students, The Stanford Daily reports. After requesting to view their own admission documents under the Family Educational Rights and Privacy Act, students were then able to access the sensitive personal information of others. Between Jan. 28 and 29, a student accessed 81 records while determining the scope of the vul... Read More

Hacker steals 127M records

(Feb 15, 2019) After stealing close to 620 million user records from 16 websites last year, the same hacker is reported to have stolen another 127 million records from eight websites, TechCrunch reports. Dating site Coffee Meets Bagel announced its user data was involved in the breach but reminded users that no financial information or passwords were stored. In an email to users, the company said, “As always, we recommend you take extra caution against any unsolicited communications that ask you for your perso... Read More