“I strongly support legislation that would provide Connecticut residents with express and — frankly, overdue — privacy rights. My office has always maintained that consumers should have as much notice and control over the collection and use of their personal information as possible. Connecticut residents should be afforded the right to know, the right to correct, the right to delete and the right not to be treated differently if they exercise those rights. They should…

“Perfect is the enemy of the good where it comes to regulation of data privacy rights,”  agree both Washington State Sen. Reuven Carlyle and California Supervising Deputy Attorney General Stacey Schesser in the International Association of Privacy Professionals panel, “State of the States.” Per Carlyle The Washington Privacy Act (WPA) is coming back next year and in the meantime will hopefully continue to inspire other states. You need to figure out your focus: enforcement of…

“Contrary to popular belief, data security begins with the Board of Directors, not the IT Department. A corporate board that prioritizes data security can set the tone throughout an organization by instilling a culture of security, establishing strong security expectations, and breaking down internal silos to facilitate technical and strategic collaboration.” – says the  Federal Trade Commission. in a new blog post. Build a team of stakeholders from across your organization Establish board-level oversight…

“When it comes to data — if you can’t protect it, don’t collect it,” says Maarten Bron of Riscure. The National Institute of Standards and Technology (NIST) has issued a report on its workshop on home IoT devices. Key takeaways which apply to other IoT devices like connected vehicles: Creating a more secure IoT ecosystem for consumer devices can benefit all manufacturers and the “common good.” Manufacturers are challenged by balancing the design and functionality…

Better (cyber)safe than sorry. “Cybersecurity is going to be the new safety, says Ikjot Saini, PhD Saini of University of Windsor. “Unlike other technologies with links to electronic networks such as smartphones and smart appliances, physical accidents can happen if smart automobile systems are compromised through hacking or computer viruses, and these can cause real market damage.” Cybersecurity “has many faces in today’s automotive industry and poses significant risks if left unchecked,” says Flavio Volpe, Automotive Parts Manufacturers’​ Association (APMA) president.…

Hey voice assistant: you’ve got some complying to do. The European Data Protection Board has issued draft guidelines on the data protection aspects of using the increasingly prevalent virtual voice assistants. Some key points: Transparency is key but is also not easy to do well: 30 pages of single-spaced privacy notice won’t cut it. Think more like dashboards and voice commands. Mind your legal basis. “Necessary for contract” might work for certain things but “consent”…

“Consumer data should be owned by the consumer. If we want to collect and use it for any marketing purpose, we must explain how we will do so – and obtain consent and permissions. (GDPR explains this quite nicely.) But to get that agreement, the consumer must understand the trade-off. They need to understand what’s in it for them and see real value in the arrangement. On the whole, I’d argue we’re not yet holding…