The technology provider of the Oklahoma Student Loan Authority suffered a data breach that exposed personally identifiable information of more than 2.5 million people, Bleeping Computer reports. Nelnet Servicing was targeted by hackers in June and “likely” compromised the company network and remained on its systems until July 22. Nelnet provides technology services to OSLA and EdFinancial, a student loan institution.
The $1.2 million California Consumer Privacy Act fine against retailer Sephora put businesses on notice that the California attorney general's office stands ready to crack down on data mishandling. The first-ever enforcement action under the CCPA also shows the attorney general's interpretation of the law, particularly as it relates to data sales and consumer opt-outs.
Hong Kong’s Office of the Privacy Commissioner for Personal Data reminded covered entities to begin complying with the Cyberspace Administration of China's Security Assessment Measures on Cross-border Transfers of Data, which took effect Sept. 1. Hong Kong-based companies doing business in mainland China may be required to report their security reviews on transfers to the CAC if they meet certain coverage thresholds.
The Dutch Ministry of Justice and Security's Scientific Research and Documentation Center published a review of the implementation of the EU General Data Protection Regulation in the Netherlands. The government-backed study explored 16 questions related to enforcement policies of the Dutch data protection authority, Autoriteit Persoonsgegevens.
The U.K. Information Commissioner’s Office published draft guidance for anonymization, pseudonymization and privacy-enhancing technologies. The guidance is intended to serve data protection officers working in large organizations. According to the draft guidance, PETs “help you demonstrate a ‘data protection by design and by default’ approach” to data processing. PETs also assist organizations in complying with data minimization principles.
Lobbyists who filed a federal lawsuit on behalf of broadband internet providers withdrew their complaint against the state of Maine over its opt-in privacy law, MediaPost reports. Maine’s law requires internet service providers to obtain their customers’ consent before companies can sell their data for targeted advertising purposes.
Since becoming Michigan attorney general in 2019, Dana Nessel has fought for a number of consumer protections, including the right to privacy. Nessel spoke to Reed Smith's Divonne Smoyer, CIPP/US, and Hubert Zanczak, CIPP/US, for the Privacy Advisor, discussing the privacy implications of overturning Roe v. Wade and the draft Michigan Consumer Privacy Act. Nessel also spelled out what types of provisions she would like to see in a state consumer privacy bill.
Researchers at Massachusetts Institute of Technology and its in-house startup DynamoFL are building a faster and more accurate federated learning system, MIT News reports. The machine-learning system is designed to overcome the major hitches of federated learning, which are the high communication costs from transferring large amounts of data between users and the central server, users not using the same statistical pattern, and the combined server averaging each user’s data.
The California Legislature's 2022 session adjourned without extensions to exemptions for human resources and business-to-business data under the California Consumer Privacy Act. Coverage for both categories of data is set to begin when the California Privacy Rights Act takes effect Jan. 1, 2023.
In an interview with the Economic Times, Microsoft President and Vice Chairman Brad Smith said Indian Parliament’s decision to recraft the Personal Data Protection Bill was “an act of wisdom." Smith said it was the right move because it allowed the government to build the legislation in concert with other sectors of the economy.