Security operations teams from large companies are grappling with upward of 51 “incidents” per day on average, reports InfoSecurity Magazine, citing a report from security vendor Trellix.
The U.K. Information Commissioner's Office announced a notice of intent to fine TikTok 27 million GBP for alleged U.K. data protection violations. The ICO's investigation found potential violations concerning nonconsensual processing of minors' data, unlawful processing of special category data and insufficient transparency. "I’ve been clear that our work to better protect children online involves working with organisations but will also involve enforcement action where necessary," U.K.
State Sen. Andrew Gounardes, D-N.Y., introduced a children's privacy bill to the New York Senate that mirrors the recently-passed California Age-Appropriate Design Code Act. Senate Bill 9563, the New York Child Data Privacy and Protection Act, covers minors age 17 and under and would require data protection impact assessments, privacy-by-default settings and limits on children's data practices.
The IAPP has closely tracked the very active U.S. comprehensive state privacy legislation landscape since 2018. To document the exponential growth, the IAPP Research and Insights team published a new tool breaking down the increased legislative work state lawmakers have put toward state-level privacy initiatives from 2018 through 2022 to provide historical context. The IAPP also tracks the status of U.S.
Australian Prime Minister Anthony Albanese vowed to tighten breach notification rules to banks after a cyberattack of Optus affected 10 million customers, Reuters reports. Albanese called the breach “a huge wakeup call” as nearly 40% of the country's population had their personally identifiable information stolen. Optus, owned by Singapore Telecoms, claimed the hacker’s IP address “appeared to move between countries in Europe,” but did not state how its system may have been breached.
The U.S. Federal Communications Commission approved a proposal that could allow for a crackdown on spam text messages, Axios reports. Commissioners voted 4-0 Sept.
In this week’s global legislative roundup, India’s Minister of State for Electronics and Information Technology gave an update on the redrafted Personal Data Protection Bill. The EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs pushed for a review of the Irish Data Protection Commission’s enforcement actions. Denmark banned use of Google Analytics for U.S. data transfers.
In an interview with The Indian Express, Indian Minister of State for Electronics and Information Technology Rajeev Chandrasekhar discussed potential aspects of the country's reworked data protection bill.
A recent U.S. appellate court decision against an advertising technology company for an alleged Pennsylvania law violation has spurred other lawsuits against online companies, MediaPost reports. The U.S. Court of Appeals for the 3rd Circuit ruled adtech company NaviStone violated a Pennsylvania wire tapping law when it and a retailer allegedly used tracking tech that sends an email to “’anonymous’ web users” after the complainant visited a website.
European Parliament's Committee on Civil Liberties, Justice and Home Affairs recommended an independent review of the Irish Data Protection Commission's EU General Data Protection Regulation enforcement. The proposed review follows a visit by a delegation of LIBE members to Ireland for meetings with DPC staff and Big Tech platforms.