Opioid Crisis Raises Tough Privacy Issues

Data Breach Today

Privacy for Tigers

Schneier on Security

Privacy matters for tigers, for snow leopards, for elephants and rhinos ­ and even for tortoises and sharks. datacollection naturalsecurity privacyRoss Anderson has some new work : As mobile phone masts went up across the world's jungles, savannas and mountains, so did poaching.

Facebook Breach: Attackers Exploited Privacy Feature

Data Breach Today

Attackers Hacked Three Separate Bugs to Breach 50 Million Accounts Facebook says that whoever hacked 50 million user accounts, putting the privacy of those users' personal data at risk, did so by abusing its "View As" privacy feature. Facebook says the attack successfully targeted three separate bugs in its video-uploading functionality

Update: NIST Preparing Privacy Framework

Data Breach Today

Building on the success of the NIST Cybersecurity Framework, the National Institute of Standards and Technology is in the early stages of developing a privacy framework. The effort will kick off with a workshop Tuesday in Austin, Texas, explains Naomi Lefkovitz, who is leading the project

GDPR: The Global Impact on Privacy

Data Breach Today

Richard Henderson of Infosec Global Sizes Up the EU Law's Influence So Far Richard Henderson of Infosec Global discusses the impact of the European Union's General Data Protection Regulation and how the law is influencing privacy frameworks globally

How DNA Databases Violate Everyone's Privacy

Schneier on Security

academicpapers databases dna privacyIf you're an American of European descent, there's a 60% you can be uniquely identified by public information in DNA databases. This is not information that you have made public; this is information your relatives have made public.



“Alphabet, Apple Prodded On Privacy,” The Wall Street Journal , July 10, 2018 A3. Security Privacy Information Ownership Governance Policy Definition Duty of Care Controls Third parties Internal controls Access Duty Corporation TechnologyCongress asks how Google and Apple use “your” information, such as what you say and write and where you are. Which is more interesting, the questions or the answers?

Equifax Hit With Maximum UK Privacy Fine After Mega-Breach

Data Breach Today

Multiple Failures' Cited as Watchdog Levies Maximum Possible Pre-GDPR Fine Credit bureau Equifax has been hit with the maximum possible fine under U.K.

Automotive Privacy

Adam Shostack

[Update: clarified a sentence about whose privacy is touched, and where.]. When we did a privacy threat model at the Seattle Privacy Coalition, we found these issues. personal security privacy surveillance

California's New Privacy Law: It's Almost GDPR in the US

Data Breach Today

But Tech Giants are Taking Aim at the Law, Which Can Be Amended Until 2020 California's legislature has quickly introduced and passed new privacy legislation, making the state's laws the strongest in the U.S.

Puzzling Health Dept. Privacy Incident Exposes HIV Data

Data Breach Today

Thousands of Individuals' Data Was Allegedly Accessible to All Agency Workers An incident involving an unsecured database containing information about thousands of HIV/AIDS patients in Tennessee is shining a spotlight on privacy risks involving sensitive health data

New Privacy Issues for Amazon

Data Breach Today

An analysis of the privacy issues Amazon will face as it dives deeper into the healthcare business leads the latest edition of the ISMG Security Report. Also featured: A preview of ISMG's Security Summit in New York Aug. 14-15

Analysis: Opioid Legislation Stripped of Privacy Provision

Data Breach Today

Although the passage by Congress of the Support for Patients and Communities Act this week is an important step in the nation's battle against the opioid drug addiction crisis, it lacks a critical privacy provision, says Geisinger Health CIO John Kravitz, who analyzes the implications

California Enters the Privacy Regulation Arena

IG Guru

California Enters the Privacy Regulation Arena California is the first state in what undoubtedly will be a wave of United States privacy laws on the European model. The post California Enters the Privacy Regulation Arena appeared first on IG GURU.

Helen Nissenbaum on Data Privacy and Consent

Schneier on Security

This is a fantastic Q&A with NYU Law Professor Helen Nissenbaum on data privacy and why it's wrong to focus on consent. datacollection dataprotection interviews privacy

Why California's New Privacy Law is a 'Whole New Ballgame'

Data Breach Today

While California already had some of the strictest and most varied privacy laws in the country, the new California Consumer Privacy Act of 2018 "is a whole new ballgame," says privacy attorney Kirk Nahra, who explains why

Yet Another Twist in Messy Aetna Privacy Breach Case

Data Breach Today

Health Insurer Sues Organizations That Represented HIV Patients in Earlier Privacy Dispute A messy legal case involving a 2017 privacy breach that has already cost Aetna about $20 million in settlements has taken yet another twist.

OCR Considering HIPAA Privacy Rule, Enforcement Changes

Data Breach Today

But Agency Will Seek Public Input First Federal regulators are considering potential changes to HIPAA privacy rule and enforcement regulations, but aim to first engage the healthcare sector and public for input, says the nation's top HIPAA enforcer.

Facebook's Security and Privacy Overhaul Comes at a Price

Data Breach Today

CEO Mark Zuckerberg Reports Decreased Profitability, GDPR Impact Facebook is making substantial investments to improve its data security and privacy practices.

Analysis: California's Groundbreaking Privacy Law

Data Breach Today

The latest edition of the ISMG Security Report features a discussion of California's groundbreaking new privacy law as well as an update on the potential impact of the hacker group responsible for the Ticketmaster breach

NIST Launches Privacy Framework Effort

Hunton Privacy

On September 4, 2018, the Department of Commerce’s National Institute of Standards and Technology (“NIST”) announced a collaborative project to develop a voluntary privacy framework to help organizations manage privacy risk. We’ve had great success with broad adoption of the NIST Cybersecurity Framework, and we see this as providing complementary guidance for managing privacy risk,” said Under Secretary of Commerce for Standards and Technology and NIST Director Walter G.

California Passes New Privacy Law

Schneier on Security

The California legislature unanimously passed the strongest data privacy law in the nation. A ballot initiative was already going to be voted on in November, one with even stronger data privacy protections. datacollection dataprotection laws privacy

GDPR and the Next Generation of Privacy Legislation

Data Breach Today

Cisco's Michelle Dennedy on theSignificance of New Privacy Laws Barely one month after the enforcement date of the EU's General Data Protection Regulation, California passed its own landmark new data privacy legislation.

Europe's Strong GDPR Privacy Rules Go Into Full Effect

Data Breach Today

After a two-year grace period following the passage of the legislation, member states' data privacy watchdogs are now enforcing the strong privacy rules, which offer worldwide protection for Europeans It's May 25: Do You Know What Your Data Protection Polices Are?

Microsoft chief backs federal data privacy law over state efforts

Information Management Resources

s Chief Executive Officer Satya Nadella called for national privacy legislation, days after Google became the latest tech giant to reveal a security flaw, potentially exposing personal data. Data privacy Data security MicrosoftMicrosoft Corp.’s

Google Vows Privacy Changes in Chrome Browser After User Backlash


The tech giant promised that it will be more transparent about users' data in Chrome 70 after coming under fire for its privacy policies earlier this week. Privacy Web Security chrome chrome 69 chrome 70 Data Privacy google Google Privacy

Privacy Regulation Could Be a Test for States’ Rights


As more states take cybersecurity and privacy issues into their own hands, experts worry that big tech will push for preemption. Breach Facebook Featured Government Hacks Privacy California Consumer Privacy Act data breach data breach laws federal privacy law google Google Plus pre-emption privacy laws state laws supremacy clause US elections

HHS Weighs Changes to Health Data Privacy Regulations

Data Breach Today

Privacy and Security Experts Offer Insights on What Changes Make Sense HHS is considering making changes to federal privacy regulations governing health data - including HIPAA and the 42 CFR Part 2 law.

Fintech Apps: Consumer Privacy Concerns Remain High

Data Breach Today

But those users are concerned about data privacy and want more control over the financial data their apps can access, says David Fortney of The Clearing House, who reviews the results of a survey Nearly one-third of U.S. banking consumers use online and mobile fintech apps to help manage their money.

Major Tech Companies Finally Endorse Federal Privacy Regulation

Schneier on Security

The major tech companies, scared that states like California might impose actual privacy regulations , have now decided that they can better lobby the federal government for much weaker national legislation that will preempt any stricter state measures. laws nationalsecuritypolicy privacy

Amazon's Healthcare Expansion: Analyzing Privacy Concerns

Data Breach Today

As Amazon expands its activities in healthcare, include a high-profile venture into the pharmacy business, the online retail giant will face a wide variety of important privacy issues, attorneys Jeffrey Short and Todd Nova explain

Retail 100

EU Mass Surveillance Alive and Well, Privacy Groups Warn

Data Breach Today

Groups 154

Privacy Extension to Elevation of Privilege game

Adam Shostack

The fine folks at Logmein have released a version of Elevation of Privilege that adds privacy! Check out the fine work by Mark Vinkovits at their blog, by Mark Vinkovits. games serious games threat modeling

Toymaker VTech Settles FTC Privacy Lawsuit For $650,000

Data Breach Today

Message From FTC to Toymakers: Don't Mess With Kids' Privacy One of the most alarming breaches of 2015, involving Hong Kong toymaker VTech, has resulted in a $650,000 settlement with the U.S.

FTC’s Privacy Shield Enforcement Actions Show Broader Enforcement Lens

HL Chronicle of Data Protection

Privacy Shield. This latest set of enforcement actions brings the FTC’s Privacy Shield related enforcement to settlements with eight defendants since the framework was adopted in July 2016. Privacy Shield framework principles” to be false. Consumer Privacy enforcement EU-U.S.

'Virtual Assistant' EHR Tools: Privacy, Security Issues

Data Breach Today

Data integrity and privacy issues are among potential concerns related to voice-activated "virtual assistant" tools that some vendors are beginning to offer for their electronic health record systems, says privacy and security expert Kate Borten

Tools 100

Regulations Create Pressure to Take Privacy More Seriously

Data Breach Today

Companies that want to continue doing business globally will need to take privacy much more seriously, especially in light of increasingly strict new laws, ranging from the California Consumer Privacy Act to the EU's GDPR, says privacy and security expert Michelle Robles

GDPR 100

Would More Telehealth Bring New Privacy, Security Concerns?

Data Breach Today

But what are the potential privacy and security concerns that healthcare providers need to address if they offer more telehealth services for patients

GDPR: UK Privacy Regulator Open to Self-Certification

Data Breach Today

s data privacy regulator. Focus on Continuous Compliance and Breach Response, Experts Say One day, organizations may be able to self-certify their GDPR compliance, says an official at the U.K.'s

Spurred by GDPR, Australian Businesses Catch Up on Privacy

Data Breach Today

New Data Privacy Regulations

Schneier on Security

Right now, the only way we can force these companies to take our privacy more seriously is through the market. We will also benefit from another, much more comprehensive, data privacy and security law from the European Union.

NTIA Seeks Comment on New, Outcome-Based Privacy Approach

HL Chronicle of Data Protection

Department of Commerce’s National Telecommunications and Information Administration (NTIA) issued a Request for Comments (RFC) on a new consumer privacy approach that is designed to focus on outcomes instead of prescriptive mandates. Incentivize privacy research. Yesterday, the U.S.

GDPR a Litmus Test for Cross-Border Privacy Attitudes

Data Breach Today

Rather Than Honor Europeans' Data Privacy Rights, Some Organizations Exit EU To judge by the flood of GDPR-themed email hitting inboxes, Europe's privacy law has been designed to ensure that you say "yes" to companies that monetize the buying and selling of your personal details, regardless of whether you remember ever having done business with them before