Electronic Data Security

The U.S. Federal Trade Commission (FTC) has entered into a settlement agreement with a company that claims on its website that it is EU U.S. Privacy Shield certified, when in fact, it had only started the process and stopped midway.

The FTC also sent warning letters to:

  • 13 companies that falsely claimed they participate in

The Federal Trade Commission (FTC) has entered into a settlement with a provider of management software for car dealerships that held personal information, including SSN’s and payroll information, in cleartext, holding its practices to be in violation of the FTC Act’s prohibition against unfair practices and GLBA’s Safeguards Rule, which requires financial institutions to develop,

The Lithuanian data protection inspectorate issued a 61,500 EUR fine against a payment services provider for violations of the data minimization, adequate security measures and data breach reporting requirements of GDPR.

Key takeaways:

  • Data minimization:
    • Collect only the information you need. If you only need name, identification code, bank account number, currency, balance, purpose of

The Canadian Office of the Privacy Commissioner has issued a “consultation on cross border transfers,” detailing its policy and seeking comments from stakeholders.

Key points on which consultation is sought:

  • Individuals would reasonably expect to be notified if their information was to be disclosed outside of Canada and be subject to the legal regime of

Despite their distrust in tech giants and lack of confidence in their privacy practices, people aren’t likely to go out of their way to safeguard their information, shows a survey of nearly 4,000 people across generations.

Per the survey:

  • 33 percent of respondents claim to read end user license agreements
  • 66 percent either skim through

Changes to the Safeguards Rule and the Privacy Rule applicable to financial institutions under the Gramm Leach Bliley Act are in the works.

The FTC is proposing changes to the Safeguards Rule to add more detailed requirements for what should be included in the comprehensive information security program mandated by the Rule. This will include:

Under a proposed amendment to the California Consumer Privacy Act (CCPA) filed Feb. 22, companies that amass user data could be the target of class-action litigation from state consumers if they’re accused of violating the CCPA.

This expands the existing private right of action under CCPA which currently applies only to data breaches. Other proposals

Several initiatives signal big changes for the regulation of privacy in China in 2019 reports the International Association of Privacy Professionals (IAPP).

  • End of bundled consent: Controllers are required to provide a privacy notice in intelligible, clear and concise wording and to obtain freely given consent from data subjects. The bundled consent, or “take-it-or-leave-it”

Sorta, kinda, immutable.

Turns out the blockchain CAN get hacked, and changed.

In the blockchain, a miner who somehow gains control of a majority of the network’s mining power (a so-called “51% attack”) can defraud other users by sending them payments and then creating an alternative version of the blockchain in which the payments never