Electronic Data Security

“Cookie replacement solutions connecting first-party data to individual ads through universal IDs are coming, but rather than chasing a retooled version of a historically clunky solution, marketers should build new data frameworks that employ statistical modeling and AI to illustrate a probabilistic media journey,” says Mark Sturino, VP of data and analytics at Good Apple.

The Australian Cyber Security Center has published a guide on identifying cyber supply chain risks in suppliers, manufacturers, distributors and retailers.

A key area flagged is foreign control, influence and interference and suggests a questionnaire for the suppliers which includes the following questions:

  • What access might a foreign government gain in controlling or interfering with

The National Security Administration issued a white paper on location data:

  • Using a mobile device — even powering it on — exposes location data.
  • Cellular providers and commercially available rogue base stations receive real-time location information.
  • Location data is stored on the mobile device.
  • Websites use browser fingerprinting to harvest location information, and WiFi access

On May 7, 2020, the New York Attorney General announced she will not sue Zoom after it agreed to adopt enhanced data security and privacy measures to protect the data of its 300 million plus users. As COVID-19 social distancing policies radically change the way individuals and industries communicate, Zoom saw a reported 3,000 percent

The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) issued an advisory to hospitals and other healthcare organizations that cybercriminals are targeting them with phishing campaigns, ransomware, and other malicious acts referencing COVID-19.  Cybercriminals are exploiting the fact that the healthcare sector is consumed with COVID-19 management and response to ramp up attacks, including ransomware

Citing a “significant increase in cybercrime” during the COVID-19 pandemic, the New York Department of Financial Services (DFS) issued guidance to all New York State regulated entities identifying areas of heightened cybersecurity risks. DFS advised regulated entities they should assess and address these areas as per cybersecurity regulation 23 NYCRR Part 500.

Heightened Risk #1:

The New York Attorney General issued a warning to health care providers, hospitals, and other organizations within the health supply chain that cyber criminals are using targeted COVID-19 phishing emails and texts to gain access to sensitive information.  Multiple reports indicate that scammers are sending emails and texts to get a recipient to click on

“Web feature developers are being warned to step up attention to privacy and security as they design contributions.

Writing in a blog post about “evolving threats” to Internet users’ privacy and security, the W3C standards body’s technical architecture group (TAG) and Privacy Interest Group (PING) set out a series of revisions to the W3C’s Security

Shortly after the recent video surveillance guidance from the EDPB, the Information Commissioner of the Isle of Man published an updated CCTV data protection guidance.

Key takeaways for controllers:

General Considerations and Governance:
  • CCTV images identify living individuals and are, therefore, personal data. This means that the use of CCTV will be covered

The Federal Trade Commission has approved a final consent order settling charges that a background screening company falsely claimed to be in compliance with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks.

SecurTest, Inc. agreed in June to settle FTC charges that its website falsely claimed that it participated in the EU-U.S. and Swiss-U.S. Privacy Shield