The hack of Uber should serve as a warning sign that current market incentives do not prioritize cybersecurity, author and security technologist Bruce Schneier writes for The New York Times.
The U.S. Government Accountability Office published a report examining the status of privacy leadership within 24 government agencies. The GAO found each agency has a designated privacy official, but those individuals "may have numerous other duties and may not bring a needed focus on privacy." The report goes on to recommend U.S. Congress draft legislation to require the appointment of privacy-focused personnel. Meanwhile, members of U.S.
TechCrunch reports Indian Parliament published the draft Telecommunication Bill 2022, which aims to regulate digital communications. The bill allows the government to view all online communications in cases of perceived national security or public safety concerns while giving agencies immunity from potential lawsuits stemming from such intervention. The legislation also addresses spam messages, proposing consent requirements and a "Do Not Disturb" registry.
Two class-action lawsuits have been filed against Meta on behalf of Apple iOS users for allegedly bypassing their privacy preferences, Ars Technica reports. The lawsuits are based on the research conducted by former Google engineer Felix Krause, who alleges Meta sought to recoup lost advertising revenue by inserting a tracking code on external websites their users visited while using the in-application browser for Facebook or Instagram.
Several branches of the U.S. military purchased an internet monitoring tool that purportedly covers 90% of global internet traffic, according to contracting data reviewed by Vice. The monitoring tool, Augury, made by cybersecurity company Team Cymru, is “powered by data purchases from the private sector.” Augury combines large amounts of data that is packaged for government and corporate customers that have purchased the service.
Hush, a digital privacy firm, announced it received $4 million in seed funding, Martech Series reports. The company’s service utilizes “advanced (artificial intelligence) technology (that) protects members’ full digital footprint and highlights vulnerabilities,” which could assist customers in being proactive to address cybersecurity problems.
Multiple mobile health applications “share (user) information with a broad collection of advertisers,” according to an investigation conducted by The Washington Post. While data most apps share does not directly identify users, they typically use a sequence of numbers, or identifiers, linked to a user’s device, the investigation found. The app makers generally argued sharing a keyword search by a user is not equivalent to disclosing their health concerns. However, privacy advocates warned selling user identifiers and keyword searches “opens consumers to unnecessary risk,” because the U.S.
IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, breaks down the latest privacy happenings from the U.S. capital, including a call for focus on purpose specification principles over much-discussed data minimization. Also, notes on happenings concerning the U.S. Federal Trade Commission, Meta and the metaverse.Full Story
Quebec’s data protection authority, Le Commission d’accès à l’information du Quebec, announced certain business requirements under Bill 64, which updates the province's private sector privacy law, have taken effect. The new obligations include privacy officer appointments, mandatory breach notification, biometric information system registration and user consent exceptions. Additional requirements will take force in 2023 and 2024.