Roundup: Kenya, Israel, India, US and more

(Aug 20, 2018) In this week’s Privacy Tracker legislative roundup, read about a recent proposal in Australia that would require encrypted data to be shared with law enforcement if deemed relevant to an investigation. India’s government seeks comments on its draft data protection bill. In Kenya, the ICT Ministry has drafted a law that would create safeguards for how personal data is handled. In Israel, a new enforcement system designed to examine the implementation of the country’s privacy laws was announced. A... Read More

Can New York's cybersecurity rules work on a federal level?

(Aug 20, 2018) As the third phase of New York’s Cybersecurity Requirements for Financial Services Companies is set to begin, professionals are pondering whether the cybersecurity requirements could be used as the basis for federal rules, American Banker reports. On Sept. 4, banks will be required to encrypt nonpublic data and start “audit trails” to manage the fallout from data breaches. Ballard Spahr Co-Practice Leader of its Privacy and Data Security Group Edward McAndrew said the regulation from the New Yor... Read More

EPIC alleges Google violated 2011 FTC settlement

(Aug 20, 2018) The Electronic Privacy Information Center has sent a letter to the U.S. Federal Trade Commission alleging Google violated the terms of its 2011 settlement for tracking location data without consent, The Associated Press reports. The advocacy group pushed the FTC to examine Google’s data practices, which ultimately led to the 2011 settlement in which the tech company agreed to no longer misrepresent the amount of control users have over their data. Meanwhile, Google is facing a class-action lawsu... Read More

Another employer accused of violating Illinois BIPA

(Aug 20, 2018) An employer has been accused of violating the Illinois Biometric Information Privacy Act, Cook County Record reports. Hegewisch Development Corp. allegedly failed to inform its employees on the reasons why their fingerprints had been collected and the length of time the information was to be stored. The plaintiffs also alleged the company shared the biometric information with third parties and failed to schedule a time to destroy the data. The case against Hegewisch comes after another lawsuit w... Read More

DHS kicks off second phase of facial recognition for international travelers

(Aug 20, 2018) The U.S. Department of Homeland Security is starting the next phase of its facial-recognition partnership with the Customs and Border Patrol and Transportation Security Administration aimed to identify international travelers, FedScoop reports. The Traveler Verification Service’s second phase will have the CBP and TSA collect previously acquired images of passengers traveling on specific international flights and match them up against pictures taken at TSA checkpoints. DHS released its privacy i... Read More

DOJ asks Facebook to bypass Messenger encryption for investigation

(Aug 20, 2018) Facebook has received a request from the U.S. Department of Justice asking the tech company to bypass the encryption in its Messenger app for a law enforcement investigation, Reuters reports. A San Francisco federal court judge heard arguments in the case as the DOJ seeks the voice conversations of a suspect with alleged ties to the MS-13 gang. Facebook is reportedly contesting the agency’s demand, according to three individuals briefed on the case. Meanwhile, Facebook is saying users suing over... Read More

GAO comptroller general: 'Urgent actions' needed to protect privacy, cybersecurity

(Aug 20, 2018) In a column for The Hill, Government Accountability Office Comptroller General Gene Dodaro says the agency has made more than 3,000 recommendations since 2010 to agencies "aimed at addressing cybersecurity shortcomings in each of these action areas. However, as of this month, about 1,000 have not been implemented." He warns that urgent actions are needed to protect critical infrastructure and the privacy of the American people. The GAO has "identified a range of critical cyber challenges facing ... Read More

Personal data of 417K affected in university breach

(Aug 20, 2018) A data breach affecting email accounts at Augusta University Health may have compromised the sensitive health information of approximately 417,000 individuals, including patients, AJC reports. Compromised data includes patient names, addresses, diagnoses, medications, lab results, birth dates, medical record numbers, surgical information, dates of service, and other insurance information. Social Security numbers and driver's license data may have also been affected "for a small percentage of ind... Read More