OneTrust founder and CEO Kabir Barday, CIPP/E, CIPP/US, CIPM, CIPT, FIP, was sued for allegedly making decisions without informing the company board of directors, the Atlanta Business Chronicle reports, citing court documents obtained by Law360.
The U.K. Financial Conduct Authority announced it would continue an initiative to provide synthetic data sets “to help increase innovation and choice in financial services,” Reuters reports.
U.S. citizens utilizing mental health applications often are putting their sensitive health data at risk, according to a : report published by Duke University’s Cyber Policy Program.
The California Privacy Protection Agency is accepting preliminary comments on proposed rulemaking on cybersecurity audits, risk assessments and automated decision-making under the California Privacy Rights Act. "Comments will assist the Agency in developing new regulations that implement the law in the most effective manner," the agency said.
IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, looks at the latest privacy developments in the nation's capital, including efforts to tackle what may be the "midlife of internet policymaking." Zweifel-Keegan said, "there is so much yet to tackle: from competition to censorship to CSAM to cybersecurity to, of course, data privacy and algorithmic harms." He explores discussions unfolding and potential solutions, and compromises, being offered.Full Story
The European Commission released the "European Digital Identity Wallet Architecture and Reference Framework." The document, part of the EU's toolbox toward implementing a European Digital Identity Framework, is intended to "provide all the specifications needed to develop an interoperable EUDI Wallet Solution based on common standards and practices" and will be "complemented and updated over time through the process of establishing the toolbox."
The renewal of portions of the Foreign Intelligence Surveillance Act set to expire at the end of 2023 is facing challenges as lawmakers say the program intrudes on Americans' privacy, The Wall Street Journal reports. U.S.
France's data protection authority, the Commission nationale de l'informatique et des libertés, published a study on the economic stakes of the Data Governance Act, set to enter into force Sept. 24.
The Saudi Data and Artificial Intelligence Authority launched the Data and Privacy Regulatory Sandbox offering guidance, consultations and expertise to "capitalize on the value of data" while "safeguarding consumers' personal data rights." The SDAIA said the sandbox aims to "encourage technological innovation in the fields of data and privacy" and ensure data privacy laws and regulations keep pace with "industry technical progre
As privacy compliance checks in litigation and regulatory enforcement become more comprehensive, one way to evaluate a company’s privacy program is through a penetrative test of its cybersecurity controls, Baker McKenzie’s Brian Hengesbaugh, Cristina Messerschmidt and Jerome Tomas write. A "pen" test includes identifying key elements of compliance in a company's privacy program to test, deciding what applications are “in-scope” of the exercise and reporting findings “in the form of privileged legal memorandums” that outline recommendations.