Password Protected

Data Privacy & Security News and Trends

In August, the Federal Trade Commission (FTC) approved changes to a video game industry program in an effort to ensure compliance with the Children’s Online Privacy Protection Act (COPPA). This comes after a 2017 study finding that YouTube, the video platform owned by Google, is the most popular online media platform among children, with as many as 80% of children ages 6-12 using it daily. Yet YouTube claims in its Terms of Service that the platform…
Beginning in 2020, California residents will have the right to opt out of the sale of their personal information under the California Consumer Privacy Act of 2018 (CaCPA or also called CCPA). It is time to revisit your third-party service provider agreements.  Companies now have two reasons to ensure that service provider agreements restrict the use or sale of personal information: to comply with CaCPA and to reduce risk of an FTC enforcement action.…
As a part of National Cybersecurity Month, last week the Federal Trade Commission (FTC) launched a campaign to help educate and assist small businesses with cybersecurity.  In conjunction with the Department of Homeland Security (DHS), the National Institute of Standards and Technology (NIST), and the Small Business Administration (SBA), the FTC has published a collection of materials for small businesses about cybersecurity. These materials include information about the following: Cybersecurity Basics; Understanding the NIST Cybersecurity Framework;…
On October 16, 2018, the Securities and Exchange Commission (SEC) issued a report on the results of investigations made by the SEC’s Division of Enforcement into nine public companies that were victims of cyber-related frauds.  In each case, the SEC investigation focused on whether the target companies had complied with the applicable requirements of the Securities Exchange Act of 1934, as amended (Act). The Act requires public companies to devise and maintain a system of…
Effective October 1, 2018, Connecticut has the most stringent requirement—24 months—for free mitigation services that must be provided to those affected by a data breach of personally identifiable information (in the case of Connecticut: (A) Social Security number; (B) driver’s license number or state identification card number; (C) credit or debit card number; or (D) financial account number in combination with any required security code, access code or password that would permit access to such…
CA IoT Cybersecurity Bill Heads To Governor’s Desk The bill (SB-327), if signed by Gov. Brown, will take effect on January 1, 2020. It is aimed at securing connected devices. The bill states that, “a manufacturer of a connected device shall equip the device with a reasonable security feature or features.” House Approves Financial Sector Data Breach Bill On Sept. 13 the House Financial Services Committee approved bill (H.R. 6743) to…
NIST has published Special Publication (SP) 1800-5, “IT Asset Management” to help financial service companies monitor and manage IT assets.  According to the release: “The example solution…gives companies the ability to track, manage, and report on information assets throughout their entire life cycle. This can ultimately increase cybersecurity resilience by enhancing the visibility of assets, identifying vulnerable assets, enabling faster response to security alerts, revealing which applications are actually being used, and reducing help desk…
The convergence of the General Data Protection Regulation and the investigation into Russian interference in the 2016 election has created a perfect privacy storm. Social media platforms’ complacency on this front, and the resulting public backlash, have further amplified the pressure on legislatures to react.  Although state legislatures have been quick to do so (most notably California, which passed a sweeping new privacy law in June), Congress has not. Recently, Senator Mark Warner (D-VA) issued…
CTIA, a trade association representing the wireless communications industry, recently announced a new cybersecurity certification program for IoT cellular-connected devices. The announcement comes shortly after NIST hosted a workshop in July regarding Considerations for Managing IoT Cybersecurity and Privacy Risks. CTIA states, “[t]he program will protect consumers and wireless infrastructure, while creating a more secure foundation for smart cities, connected cars, mHealth and other IoT applications.” Tom Sawanobori, SVP and Chief Technology Officer at CTIA…
On August 14, 2018, President Trump signed into law S. 770, the “NIST Small Business Cybersecurity Act.”  This Act requires the National Institute of Standards and Technology (NIST) to develop and disseminate resources for small businesses to help reduce their cybersecurity risks. The Act states that the resources should be: “Generally applicable and usable by a wide range of small business concerns; Vary with the nature and size of the implementing small business concern, and…