Electronic Data Security

“Web feature developers are being warned to step up attention to privacy and security as they design contributions.

Writing in a blog post about “evolving threats” to Internet users’ privacy and security, the W3C standards body’s technical architecture group (TAG) and Privacy Interest Group (PING) set out a series of revisions to the W3C’s Security

Shortly after the recent video surveillance guidance from the EDPB, the Information Commissioner of the Isle of Man published an updated CCTV data protection guidance.

Key takeaways for controllers:

General Considerations and Governance:
  • CCTV images identify living individuals and are, therefore, personal data. This means that the use of CCTV will be covered

The Federal Trade Commission has approved a final consent order settling charges that a background screening company falsely claimed to be in compliance with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks.

SecurTest, Inc. agreed in June to settle FTC charges that its website falsely claimed that it participated in the EU-U.S. and Swiss-U.S. Privacy Shield

The $5 billion fine levied against Facebook by the Federal Trade Commission is certainly headline news, but it also contains detailed requirements for privacy and information security governance and accountability that all companies can learn from and implement.

Big Picture Takeaways:

  • Facebook faces many detailed requirements for internal and external governance and oversight with

In most of the world, anonymous data are not considered personal data — the information can be shared and sold without violating privacy laws. Market researchers are willing to pay brokers for a huge array of data, from dating preferences to political leanings, household purchases to streaming favorites.

But this anonymous information may not be

A proposed New York City bill would make it illegal for cellphone companies and mobile app developers to share location data gathered while a customer’s mobile device is within the five boroughs.

The bill would restrict cellphone companies and mobile apps from sharing location data to situations where they were “providing a service explicitly requested”

The U.S. Federal Trade Commission (FTC) has entered into a settlement agreement with a company that claims on its website that it is EU U.S. Privacy Shield certified, when in fact, it had only started the process and stopped midway.

The FTC also sent warning letters to:

  • 13 companies that falsely claimed they participate in

The Federal Trade Commission (FTC) has entered into a settlement with a provider of management software for car dealerships that held personal information, including SSN’s and payroll information, in cleartext, holding its practices to be in violation of the FTC Act’s prohibition against unfair practices and GLBA’s Safeguards Rule, which requires financial institutions to develop,

The Lithuanian data protection inspectorate issued a 61,500 EUR fine against a payment services provider for violations of the data minimization, adequate security measures and data breach reporting requirements of GDPR.

Key takeaways:

  • Data minimization:
    • Collect only the information you need. If you only need name, identification code, bank account number, currency, balance, purpose of