NIST provides guidance on how to bridge privacy, cyber-security processes
NIST’s new Privacy Framework offers much-needed guidance to help companies align their data privacy and cyber-security risk management practices.
Sen. Wyden introduces ‘strongest-ever’ privacy bill
Sen. Ron Wyden (D-Ore.) has introduced an updated version of his previously drafted data privacy bill that threatens jail time for executives at corporations that misuse Americans’ data.
White paper: Mitigate privacy risks and exploit valuable data
The new California Consumer Privacy Act (CCPA) takes effect on January 1, 2020. Ahead of this milestone – and with several States working on new data management regulations – many financial services organizations are concerned with the risks of non-compliance.
California governor gives nod of approval to 7 CCPA amendments
Amendments to the California Consumer Privacy Act add clarity, offer a BTB communication reprieve to businesses, and ensure consumers have a method for submitting more information requests.
California AG’s proposed CCPA regs leave more questions than answers
Companies subject to the California Consumer Privacy Act requirements now have 24 pages of direction on how to comply with the new law. But will that be enough?
Libra Association soldiers on after PayPal withdraws
PayPal leaving Facebook’s Libra project is just a bump in the road in the drive toward developing a global digital currency payments network, a Libra Association spokesperson says.
CCPA compliance costs projected to reach $55B
An economic impact assessment of California’s upcoming privacy law forecasts short-term disadvantages for smaller companies and emerging markets around compliance solutions and data-based product initiatives.
Webcast: Managing cookies for GDPR, CCPA compliance
As consumers’ awareness of the use of cookies and similar tracking technologies has begun to soar, global lawmakers and regulators have taken a keen interest in how companies are using website and mobile tracking – particularly in the area of consent. This has evidenced itself through enforcement actions, new EU ...
Facebook suspends apps over privacy concerns
Facebook announced it has suspended “tens of thousands” of apps as part of an investigation launched in the aftermath of last year’s Cambridge Analytica scandal.
Facebook’s Zuckerberg schmoozes with Trump, lawmakers
Facebook CEO Mark Zuckerberg met with about a half dozen senators at a dinner this week before visiting the White House to meet with President Trump. The key focus of the visit: discussing the future of internet regulation.
Ecuador to expedite privacy law following massive breach
The Ecuadorian government has given itself 72 hours to finish drafting a national privacy law following a massive data breach that put the personal information of perhaps its entire population at risk.
Last-minute CCPA changes strike business-friendly tone
Recently approved tweaks to California’s upcoming privacy law don’t change the fact compliance prep should already be well underway, experts say.
Survey highlights pain points of GDPR implementation
Most organizations failed to meet the May 2018 deadline to comply with the launch of the EU’s tough new privacy rules, and the majority of them still find compliance a challenge, according to a recent survey.
Vestager keeps competition role in new Commission
Margrethe Vestager is staying put as Europe’s leader in the fight against anti-competitive practices, with a continued focus on Big Tech.
Amazon's Bezos among 51 CEOs calling for national data privacy law
CEOs from 51 different companies, including Amazon, Walmart, and Salesforce, have sent a letter to congressional leaders urging the passing of a comprehensive consumer data privacy law.
European Commission still gunning for Big Tech
Coming on the heels of big enforcement actions against Google, Apple, Facebook, and Amazon, the European Commission is vowing to keep fighting against technology giants profiting at others’ expense.
Compliance lessons from the Google/Uber trade secrets mess
A federal grand jury’s indictment of Anthony Scott Levandowski for allegedly stealing trade secrets from Google may be a wake-up call to protect intellectual property more aggressively.
Google, YouTube reach $170M ‘groundbreaking’ settlement for violating children’s privacy
Google and its subsidiary YouTube will pay $170 million to settle allegations that the video-sharing service illegally collected personal information from children without their parents’ consent.
Microsoft facing GDPR probe in Ireland
The Dutch Data Protection Agency has referred Microsoft to its home EU regulator in Ireland regarding new privacy concerns with its Windows 10 operating system.
Mastercard reveals data breaches in third-party loyalty program
Mastercard is investigating two data breaches relating to a loyalty program it ran in Germany following a leak of personal information that saw customers’ names, addresses, and credit card numbers circulating on the internet.
Greek parliament approves implementation of EU data law
Lawmakers in Greece voted to approve the implementation of partner legislation to the GDPR into national law, one month after being threatened with fines by the European Commission.
European Data Protection Supervisor head Giovanni Buttarelli passes away
European Data Protection Supervisor Giovanni Buttarelli has passed away, his office announced in a statement Wednesday. He was 62.
ICO investigating facial recognition technology in key London district
Concerns abound over whether or not using facial recognition technology violates consumer privacy.
Alexa isn’t sure if she cares about my privacy (and neither am I)
I lose no sleep over how much of my data privacy I potentially sacrifice in my daily life, and neither do most of us—deep down.
European Central Bank announces data breach
The European Central Bank announced unauthorized parties breached the security measures protecting its Banks’ Integrated Reporting Dictionary (BIRD) Website, which is hosted by an external provider.
Capital One hacker may have targeted dozens more
It appears Capital One may be just one in a long list of companies and organizations to be victimized by what now appears to be the inner workings of a serial hacker, in what the Department of Justice is calling one of “the largest cyber intrusions and data thefts in ...
Data privacy vs. national security: Moving the conversation forward
Data privacy compliance and national security seem to be in opposition—with one coming at the expense of the other. It’s time to instead focus the conversation on identifying opportunities for the private sector and government to collaborate.
How GDPR, CCPA impact healthcare compliance
While most healthcare organizations have pretty much nailed down their data privacy requirements for HIPAA and HITECH, new privacy mandates under the GDPR and CCPA could throw a wrench into the system.
Facebook loses appeal, faces costly privacy class action
The ruling of a federal appeals court has Facebook once again at risk of facing fines north of $1 billion for alleged misuse of users’ biometric data.
Facebook, Libra questioned by global data leaders
Data privacy leaders from the United States, United Kingdom, European Union, and Canada are among a group to come together and voice their concerns over Facebook’s planned venture into the cryptocurrency space with Libra.
White paper: Workforce Optimization and Data Privacy Compliance
With at least five regulations already in place and the California Consumer Privacy Act (CCPA) on the horizon, it is time to start thinking ahead to ensure your organization can meet many different compliance requirements.
Capital One announces massive data breach
Capital One Financial announced a hacker obtained the personal information of approximately 100 million individuals in the United States and approximately six million individuals in Canada.
EU assessment: GDPR showing results, but ‘work needs to continue’
The EU’s tough new data rules are “bearing fruit,” but some member states have still not put GDPR into law, and only 20 percent of EU citizens seem aware of which public authority is responsible for protecting their personal information.
Facebook settlement was barely worth waiting for
The compliance aspects of what will be expected of Facebook going forward were fair enough, but a lack of personal liability has us questioning the settlement.
The Facebook Effect: ‘Price of privacy violations just went up’
The FTC hit Facebook with a ground-breaking $5 billion penalty for privacy violations, but the bigger takeaway for CCOs is the unprecedented new privacy and corporate governance obligations the company must implement.
Facebook to pay $100M for misleading disclosures
In addition to its record-breaking FTC fine, Facebook on Wednesday reached a $100 million settlement with the SEC for making misleading disclosures regarding the risk of misuse of its user data.
Lesson from Equifax penalty (at least $575M): Breach ‘entirely preventable’
What resulted in the largest-ever breach of consumer data culminated in the largest data breach enforcement action in history.
What we can learn from the biggest GDPR fines so far
Recent record-breaking fines for GDPR violations levied on British Airways and Marriott by the U.K. Information Commissioner’s Office offer a glimpse into what GDPR enforcement might look like going forward and serve up a warning to companies that data privacy protocols must be foolproof.
All eyes on how Ireland will handle Big Tech and GDPR
Ireland—home EU regulator to Big Tech firms including Google, Twitter, and Facebook—is the key country not to have issued a GDPR-related fine yet, though the regulator has said it has started at least 19 inquiries into the sector.
GDPR enforcement varies widely by country
Most EU countries have now issued fines under the GDPR. Determining which are the toughest enforcers depends on one’s viewpoint—we lay out country-by-country look at the enforcement trends to date.
Congress, Treasury take swings at Facebook’s Libra plan
A plan by Facebook to enter the world of virtual currency is attracting predictable skepticism in Washington. It could also expedite the slow emergence of national data protection laws.
FTC looks worryingly timid in staying silent on Facebook
The FTC, by dragging its feet and keeping silent on a massive Facebook fine, raises concerns about its potential role as top cop on the data privacy beat.
After another arrogant move, Facebook needs to be put in check
The social media company is hardly quiet about its crypto initiative, but nevertheless failed to see the materiality of creating a global payments system.
Fed Chair urges caution with Facebook virtual currency venture
Count Federal Reserve Chairman Jerome Powell and several members of Congress as concerned observers of Facebook’s planned foray into the world of virtual currency.
Marriott reveals $124M GDPR fine for data breach
Marriott has disclosed in a filing with the SEC that the U.K.’s Information Commissioner’s Office intends to fine it roughly £99 million (U.S. $124 million) for infringements of the EU’s GDPR.
U.K.'s CMA mulls new regulator to tackle Big Tech
The CMA, U.K.’s competition watchdog, explores whether a separate regulator is needed to oversee leading digital firms that have become “data monopolies” that stifle competition.
British Airways faces record-setting GDPR fine of $230 million
British Airways was hit Monday with the largest penalty to date under the EU’s GDPR, a £183.39m (U.S. $230 million) fine stemming from the compromised data of nearly 500,000 customers.
FTC expands scope of data security compliance requirements
The FTC is turning up the heat on the data security compliance requirements companies must meet in the event of an enforcement action following a data breach.
Facebook exec echoes calls for regulation
One of Facebook’s top executives added his voice to the growing movement among technology firms that the sector cannot police the internet on its own.
Vote: Would you give up social media use for lifetime data privacy?
Would you give up social media for life in order to guarantee a lifetime of data privacy? According to a study by global cyber-security company Kaspersky, nearly 4 in 10 (38 percent) consumers would.