CISA director urges multifactor authentication adoption
U.S. Cybersecurity and Infrastructure Security Agency Director Jen Easterly called on organizations to push their users to adopt multifactor authentication, GovInfoSecurity reports.
Discover the latest industry insights and developments with our News from Around the Web page. We curate feeds from a variety of reputable organizations, bringing you a comprehensive overview of relevant news and trends. Stay informed and connected with the most current updates from across the web.
Judge grants 'summary judgment' for Amazon, Microsoft in BIPA cases
Amazon and Microsoft were granted summary judgment in a federal lawsuit that alleged its use of IBM’s Diversity in Faces Dataset violated the Illinois Biometric Information Privacy Act, Biometric Update reports. The complaint against the companies alleged the Diversity in Faces Dataset contained biometric data obtained without the permission of two Illinois residents.
Cybersecurity startup receives investment funds to stop human error in breaches
A London-based cybersecurity startup hopes to take human error out of data breaches, Reuters reports. OutThink announced it raised $10 million in early-stage investments, primarily bankrolled by venture capital firm AlbionVC.
Class-action lawsuit would see California residents obtain enhanced damages
A U.S. District Court magistrate recently recommended a sub-class of California residents in a class-action data breach lawsuit receive enhanced damages over other members, Reuters reports. The magistrate ruled the California Consumer Privacy Act allows that victims of breaches could receive compensation of $100 to $750, but victims in other states may only be eligible to receive “incidental” damages. As a result, California class members in the data breach lawsuit against Dickey’s Barbeque Restaurants may receive $100 each, double what non-California residents may get.
Op-ed: 'Unregulated data economy' will weaponize abortion data
The U.S. Supreme Court decision to overturn Roe v. Wade resulted in data brokers becoming key cogs in some states’ efforts to criminalize reproductive health care, Duke University graduate Joanne Kim and undergrad student Aden Klein write in the Technology Policy Press. They said that beyond personal data obtained from period tracker health applications, data brokers “have already been outed for selling data on pregnant women and abortion-relation information.” Both writers previously worked on Duke’s data brokerage research project.
Remembering David Flaherty
Peers described David Flaherty, British Columbia’s first information and privacy commissioner, as a leader in the field who was ahead of his time and paved the way for what it has become today. Flaherty, who served as an assistant to privacy scholar Alan F. Westin at Columbia University in 1964 and became a renowned scholar in his own right, died last week.
Tracking EU-US Data Privacy Framework developments
The EU and the U.S. continue to make progress toward a finalized agreement on trans-Atlantic data flows. The IAPP Resource Center has a topic page dedicated to keeping privacy professionals apprised of the latest developments related to the EU-U.S. Data Privacy Framework. The page will be updated on a rolling basis with guidance, analysis and resources covering obligations and commitments under the proposed framework.
MEPs criticize proposed EU-US Data Privacy Framework
German members of European Parliament came out against strength of measures included in the U.S. executive order to stand up the EU-U.S. Data Privacy Framework, Netzpolitik reports. MEP Birgit Sippel said the new measures are a sign of progress to address national security issues previously cited by the Court of Justice of the European Union, but "further legislative measures in the (U.S.)" will be necessary.
Japan's PIPC introduces data mapping toolkit
Japan's data protection authority, the Personal Information Protection Commission, released a data mapping toolkit for private entities. The PIPC said the new resource is aimed at "organizing the data handled by the business as a whole and visualizing the handling situation." The regulator indicated the toolkit was created in response to increased data handling among organizations and the "increasing need to properly manage that data."Full Story
Canadian ad group updates interest-based advertising principles
The Digital Advertising Alliance of Canada announced changes to compliance principles for its AdChoices self-regulatory program for interest-based advertising. The updates include adoption of interest-based advertising terming versus behavioral advertising, a "plain language notice" concept, and notice requirements when using a consent management provider. Multiple Canadian privacy laws and the proposed Bill C-27, the Digital Charter Implementation Act of 2022, were reviewed to formulate the updates.