Privacy Commissioner of New Zealand Michael Webster discussed protections against breaches of privacy stemming from unnecessary access to employee data. Webster said such violations are one of the least understood or reported breaches under the Privacy Act because they are typically seen as harmless, but can lead to instances of harassment by malicious actors.Full story
U.K. Secretary of State for Science, Innovation and Technology Peter Kyle told the Office of Communications it must put the Online Safety Act into practice as soon as possible to ensure online companies are providing safe products for consumers.
To better enhance the security of sensitive personal information stored by a company, privacy professionals should have an understanding of how "not only structured query language," or NoSQL, databases function, former U.S. government privacy officer Todd Walls, CIPP/G, writes. He provides an overview of NoSQL databases while outlining risks and mitigation strategies around potential "injection attacks."Full story
Reuters reports lawsuits from several U.S. states arguing Meta failed to protect children from social media-induced mental harms can go forward after the U.S. District Court for the Northern District of California rejected a dismissal request. Other social media companies must also face personal injury lawsuits from individual plaintiffs not party to the states' lawsuits, the court ruled.Full story
The Data Protection Authority of Sri Lanka is asking stakeholders to weigh in on draft regulations regarding the criteria and requirements for data protection officer appointments by a data controller or processor. Feedback will be accepted until 15 Nov.Full story
The Future of Privacy Forum released a report outlining risks associated with AI-generated content and policymakers' steps toward navigating these challenges. Immersive Technologies Senior Policy Analyst Jameson Spivack said, while regulators have addressed some AI concerns, many efforts are "limited in its reach and implicates a number of tradeoffs that policymakers should address going forward."Full story
DNA testing company Nebula Genomics is facing a class-action lawsuit after it was accused of violating Illinois' Genetic Information Privacy Act, Reuters reports. The lawsuit claimed the company shared consumer information, including purchases, with third-party advertising tools without users' consent.Full story
Nigeria's Data Protection Commission extended the registration deadline for data controllers and processors to 31 Oct. Data controllers and processors of major importance must not engage with noncompliant data controllers that fail to register with the DPC.Full story
Google will implement a data retention policy that limits access to data after 11 years, including information stored in Google's advertising services. The policy aims to limit data collection, however, "advertisers may identify a difference in reporting due to different values being returned."Full story
The U.S. Federal Trade Commission's proposed data breach settlement with Marriott-Starwood hotels "contains what appears to be the commission's first-ever 'right to be forgotten' requirement in a cybersecurity enforcement action, IAPP Cybersecurity Law Center Director Jim Dempsey writes. He said the settlement "adds something new" with the FTC requiring the company to provide customers with a link to request the deletion of their personal data.Full story