Notes from the IAPP, Jan. 24, 2020

(Jan 24, 2020) Greetings from Portsmouth, New Hampshire! Facial recognition was the big topic of privacy news this week, sparked in large part by an article Kashmir Hill wrote for The New York Times about startup company Clearview AI. The company developed an app that allows users to compare photos of an individual to a database that contains 3 billion images. The company obtained them by scraping public photos from a number of social media sites and websites, including Facebook, YouTube and Venmo. You can re... Read More

IAPP releases revised CCPA operational impacts e-book

(Jan 24, 2020) The California Consumer Privacy Act was conceived and born in record time — not exactly “two days,” as the story goes, but close — resulting in a comprehensive consumer privacy law that occasionally suffers from redundancy, drafting errors and lack of clarity. The IAPP's newly revised e-book, "Top 5 Operational Impacts of the California Consumer Privacy Act," is intended to help privacy professionals make operational sense of the law. The book, which is free in the IAPP store, helps decipher who... Read More

Sen. Markey asks Clearview about law enforcement's facial-recognition tech use

(Jan 24, 2020) U.S. Sen. Ed Markey, D-Mass., has asked Clearview AI for information about the law enforcement agencies that have used its facial-recognition technology, CNET reports. In a letter to Clearview CEO Hoan Ton-That, Markey also asked about any past breaches and whether its systems identify children under the age of 13. "Clearview's product appears to pose particularly chilling privacy risks, and I am deeply concerned that it is capable of fundamentally dismantling Americans' expectation that they ca... Read More

One-stop shop for CCPA information, resources

(Jan 24, 2020) While preparations for the California Consumer Privacy Act seemed like a heavy lift for privacy pros, the work doesn't get any easier with the law now in effect. The IAPP Resource Center can help alleviate compliance concerns. The Resource Center carries a whole section dedicated to CCPA content and tools that will help ease the burden on those working to comply with the law. Featured resources available include background information, official documents, analysis pieces and compliance aids.Full... Read More

Sen. Hassan proposes state cybersecurity coordinator bill

(Jan 24, 2020) U.S. Sen. Maggie Hassan, D-N.H., has introduced the Cybersecurity State Coordinator Act to Congress. The proposed legislation calls for the Senate Committee on Homeland Security & Governmental Affairs to appoint each state a federally funded coordinator to address cybersecurity threats. Besides growing instances of cyberattacks, the bipartisan bill notes "there is an urgent need for greater engagement and expertise from the federal government to help these entities build their resilience and... Read More

Op-ed: DNA collection at US borders risks future of privacy

(Jan 24, 2020) In an op-ed for The New York Times, Professors Daniel Morales, Natalie Ram and Jessica Roberts write about the potential for "dystopia" as the U.S. rolls out DNA collection for detained immigrants at ports of entry. The trio argues the government program "took a decisive step toward collecting and tracking" not only for immigrants, but also potentially U.S. citizens in the future. "Anonymity can be of real social value. Being able to stay unknown enables people to do important things," the autho... Read More

EHR CEO urges hospitals to oppose HHS data-sharing bill

(Jan 24, 2020) Electronic health record company Epic Systems is urging leaders of the country’s largest hospitals to oppose rules proposed by the U.S. Department of Health and Human Services that would make it easier to share patient information, CNBC reports. In an email to CEOs and presidents of hospital systems, Epic CEO Judy Faulkner asked recipients to sign a letter voicing opposition and stated concern that patients will "lose control of their confidential health information." Meanwhile, according to an ... Read More

A breakdown of proposed Va. privacy law

(Jan 23, 2020) Law firm Adams and Reese has generated an overview of the Virginia Privacy Act, which was introduced to the Virginia General Assembly Jan. 8. While comparing the VPA to the California Consumer Privacy Act, the law firm found the VPA's definition of "sale" aligns more with the definition in Nevada's privacy legislation. The VPA also differentiates itself with provisions that require data controllers to perform and track privacy risk assessments for every processing activity it conducts.Full Story... Read More

Marijuana data leak impacts 30K

(Jan 23, 2020) A database containing sensitive information belonging to 30,000 people linked to the medical and recreational marijuana industry has been compromised, ZDNet reports. On Dec. 24, 2019, vpnMentor’s research team identified an unsecured Amazon S3 bucket owned by THSuite, a point-of-sale system used in the marijuana industry. Patient and staff names, birthdates, addresses, medical ID numbers and purchase details were exposed. There could be consequences for the breach under the Health Insurance Port... Read More

US Supreme Court will not review Facebook BIPA case

(Jan 22, 2020) The U.S. Supreme Court will not review Facebook's case over alleged violations of the Illinois Biometric Information Privacy Act, The Hill reports. Facebook has been accused of using its photo-tagging feature to identify users' faces and suggest names without consent. Facebook argued the class-action lawsuit should not continue, as the users did not prove the privacy violations constituted "real-world harm." The court ultimately disagreed with the tech company. The U.S. Court of Appeals for the ... Read More