You are here
Home > News > Cyberlaw

Stop saying, “We take your privacy and security seriously”

One of my pet hates is the insincere filler found in company statements, often inserted by lawyers to give some modicum of protection against imagined lawsuits. If anyone writing such statements is reading this, I'd rather you saved money on lawyers and put it into mitigating risks to my data...: [...] About one-third of all 285 data breach notifications had some variation of the line. It doesn’t show that companies care about your data. It shows that they don’t know what

Germany: Analyzing Websites, Bavarian State Office For Data Protection Supervision Identifies …

The report card for websites in Bavaria reads "Must do better..." especially when it comes to cookie consent. I expect other European regulators to carry out similar audits of data protection...: [...] Thomas Kranig, President of the Bavarian State Office for Data Protection Supervision, commented on the sobering findings as follows: "The result of this data protection check was significantly worse than that of the cyber security check: all of the examined websites commit

Facebook, FTC reportedly negotiating massive fine to settle privacy issues

This would make the ICO fine look like very small change...: Facebook and the Federal Trade Commission are negotiating a multibillion-dollar fine to settle an investigation into the social network's privacy practices, The Washington Post reported Thursday. It'd be the largest fine ever imposed by the agency, according to the Post, though the exact amount hasn't yet been determined. Facebook was initially concerned with the FTC's demands, a person familiar with the matter

Roller Coaster Start to the New Year for Biometrics: Rosenbach v. Six Flags and Emerging Biometric Laws

If you fancy bringing yourself up to date with biometrics and the law (at least in the U.S.), especially in light of the drive to implement in the workplace, read on...: A recent decision from the Supreme Court of Illinois heightens the risks faced by companies collecting biometric information by holding that an individual who is the subject of a violation of Illinois’ Biometric Information Privacy Act—but who suffered no separate harm from the violation—is an “aggrieved par

Australian Senate votes to replace systemic weakness and vulnerability definitions in encryption laws

In Australia, an attempt to retro-fit bad legislation with slightly less-bad definitions. Other governments please take note...: [...] "We seek only to address some of the more important deficiencies in that legislation, including the definition of systemic weakness; the role of the AFP Commissioner in ensuring a national approach is taken to the exercise of some of the powers in the legislation; the oversight role of the Ombudsman; and limiting the scope of technical ass

Cottage Health Settles with OCR for $3M

Security incidents have a long afterglow. Do you remember anything from 2013?... We previously reported that Cottage Health, a health care entity operating several hospitals in California, settled with the State of California for $2 million for a security incident that occurred in 2013. On February 7, 2019, the Office for Civil Rights (OCR) issued a press release that it settled HIPAA violations in December, 2018 with Cottage Health, including two security incidents—one in 2

Cyber sex crimes against children have trebled in three years, NSPCC warns

There have bee a number of articles recently in the UK press about how easy it is for teenagers (and younger) to gain access to Tinder, Grindr etc. The flipside is how easy it is for paedophiles to contact them...: Cases of paedophiles using the internet to commit sex crimes against children have trebled in three years, figures show, prompting renewed demands for tougher regulation of social media companies. The number of cyber sex offences against children increased to 9

Why data governance is not an option

When the regulator tell you to take data governance seriously, take notice...: [...] Ng Hoo Ming, deputy chief executive of operations at Singapore's Cyber Security Agency (CSA), could not have been any more adamant during his keynote at the RSA Conference Asia-Pacific Japan this year. Stressing the importance of data governance in steering an organisation's data management practices, he urged decision-makers not to dismiss its role during new implementations. “Doing so woul

ICO issues the first fines to organisations that have not paid the data protection fee.

Most small business I talk to are completely unaware of the need to register. The process is explained here [ https://ico.org.uk/for-organisations/data-protection-fee/ ] Raid the piggy bank and do it today (like me)...: Organisations across the business services, construction and finance sectors are among the first to be fined by the ICO for not paying the data protection fee.

Top