Free tools and resources for Data Protection Officers!

Tag Archives for " US "

Marriott attack adds urgency to calls for tougher privacy laws in US

Democratic senators are demanding tougher data privacy laws and bigger fines in the States for organisations that fall short in their duty to safeguard user data, the Inquirer reports.

The calls follow revelations of a hack suffered by the Marriott hotel chain that may have compromised the personal data of up to 500 million of the organisation’s customers.

Full article: Marriott attack adds urgency to calls for tougher privacy laws in US

New Law Could Give U.K. Unconstitutional Access to Americans’ Personal Data

This form of international data-sharing could put Americans’ privacy at risk and expose citizens to potential Fourth Amendment abuses, critics say. The possible agreement stems from the Clarifying Lawful Overseas Use of Data Act, or CLOUD Act, for which Justice Department officials have lobbied since 2016 and which President Donald Trump signed into law in March.

Full article: New Law Could Give U.K. Unconstitutional Access to Americans’ Personal Data, Human Rights Groups Warn

GDPR vs. CCPA

The General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) and the California Consumer Privacy Act of 2018 (‘CCPA’) both aim to guarantee strong protection for individuals regarding their personal data and apply to businesses that collect, use, or share consumer data, whether the information was obtained online or offline.

As highlighted by the Guide, the two laws bear similarity in relation to their definition of certain terminology; the establishment of additional protections for individuals under 16 years of age; and the inclusion of rights to access personal information.

Full article: FPF and DataGuidance Comparison Guide: GDPR vs. CCPA

GDPR territorial guide has ‘sting in tail’ for US companies

Guidance published by an EU data protection watchdog on the territorial scope of the General Data Protection Regulation (GDPR) is likely to raise concern about the costs to US companies of entering the EU market.

“The sting in this document is in the last line for US corporates,” Ann Henry of Pinsent Masons said. “It is the law-abiding companies that will appoint a representative. Arguably making a representative liable will make it more difficult to find people or bodies willing to take on the role of representative given the extent of potential liability both by means of regulatory enforcement and through private rights of action under the GDPR regime.”

Full article: GDPR territorial guide has ‘sting in tail’ for US companies

The CLOUD Act and the Warrant Canaries That (Sometimes) Live There

The Clarifying Lawful Overseas Use of Data Act (Pub. L. No. 115-141 (2018), or the CLOUD Act, was enacted in the U.S. on March 23, 2018, in response to difficulties U.S. law enforcement agencies (LEAs) had when attempting to gain access to data held by cloud service providers through Stored Communication Act (SCA) warrants, as the SCA did not contemplate cloud computing when it was enacted into law; likewise, LEAs were also forced to utilize U.S. Senate-approved mutual legal-assistance treaties (T.I.A.S. No. 10-201 or MLATs) or letters rogatory to access data stored overseas.

Full article: The CLOUD Act and the Warrant Canaries That (Sometimes) Live There

E-commerce is winning as most Americans now trust online business with their data

Despite conflicting opinions about online privacy, customers choose to shop with companies that take reasonable security precautions.

Most Americans are actually willing to online shop with retailers that previously faced a security breach—if they have taken measures to secure data, according to the report. With years of conflicting news about cybersecurity threats and breaches, users have almost become desensitized to the information, the report found.

Full article: Why e-commerce is winning: Most Americans now trust online retailers with their data – TechRepublic

FTC Gives Final Approval to Settlements in Privacy Shield Cases

US Federal Trade Commission has given final approval to settlements with four companies over allegations that they falsely claimed certification under the EU-U.S. Privacy Shield framework, which establishes a process to allow companies to transfer consumer data from European Union countries to the United States in compliance with EU law.

As part of the proposed settlements with the FTC, all four companies are prohibited from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any self-regulatory or standard-setting organization, and must comply with FTC reporting requirements. In addition, VenPath and SmartStart must continue to apply the Privacy Shield protections to personal information they collected while participating in the program, protect it by another means authorized by the Privacy Shield framework, or return or delete the information within 10 days of the order.

Source: FTC Gives Final Approval to Settlements with Four Companies Related to EU-U.S. Privacy Shield | Federal Trade Commission

A leaky database of SMS text messages exposed password resets and 2FA codes

A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more.

The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn’t protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages.

Source: A leaky database of SMS text messages exposed password resets and two-factor codes | TechCrunch

Americans more concerned about data privacy than healthcare

Americans believe that companies should have a mission that goes beyond the money—one that has a positive impact on world hunger, job creation and education, according to the latest Harris Poll data.  According to 65 percent of survey participants, Data privacy most pressing issue.

Source: Americans more concerned about data privacy than healthcare, study says

1 2 3 33
>