General Privacy & Data Security News & Developments

The Federal Trade Commission has approved a final consent order settling charges that a background screening company falsely claimed to be in compliance with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks.

SecurTest, Inc. agreed in June to settle FTC charges that its website falsely claimed that it participated in the EU-U.S. and Swiss-U.S. Privacy Shield

Rep. Katie Porter (D-Calif.) is preparing to take on the largest credit reporting bureaus with a data security proposal that would give consumers the right to sue after data breaches.

Porter’s bill would amend the Fair Credit Reporting Act (FCRA) to include a reasonable data security standard for credit reporting agencies… as well as other

“U.S. Senators Dick Durbin (D-IL), Ed Markey (D-MA), and Richard Blumenthal (D-CT) today sent letters to numerous education technology (EdTech) companies inquiring about data collection practices on American students.

The Senators raised concerns that the learning tools used by these companies could pose a serious risk to students, parents, and educational institutions as a result

Meant for small and medium enterprises, a draft GDPR code of conduct for Data Processors has been submitted for approval in the Netherlands.

It contains detailed requirements for data processor compliance including:

  • Documented data protection plan
  • Information security management system based on a recognized standard
  • At least annual evaluation of your privacy and information security

Tell me don’t sell me.

In a new settlement order with the Federal Trade Commission, Unrollme was ordered to notify all its active users of the fact that it accesses or collects email purchase receipts for use in market research products that are sold to third parties and to delete the information of anyone that

CISO members of the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) published a white paper to help cybersecurity leaders in retail and hospitality prepare for compliance with the California Consumer Privacy Act (CCPA).

Key recommendations from the white paper:

  • Consider contract language that prevents third-parties from selling personal information sold to them unless

The UK’s Information Commissioner’s Office (ICO) has announced a completion deadline for their code that will translate General Data Protection Regulation (GDPR) requirements into design standards that protect children who access online services.

The code is being refined following a consultation period and will be made final on November 23, 2019.

The ICO stated that

The International Organization for Standardization (ISO) published a standard for company’s to implement personal information management systems (PIMS). The ISO’s guidance aims to assist businesses with compliance goals and further the emphasis on personal data protection.

In the wake of the detailed privacy framework requirements of the recent FTC Facebook settlement and the California Consumer

A web developer study shows that when a cookie banner allows users to refuse cookies, 50 percent of users choose this option and subsequently refuse all third-party services.

However, when this choice is not available, we end up with a cookie acceptance rate between 90 and 98 percent via site users clicking the “I accept”

Sen. Diane Feinstein (D-Calif.) introduced a bill on Wednesday that would limit the use of voter data by political campaigns.

The legislation is being touted as the first bill “directly responding to Cambridge Analytica.”

Feinstein’s Voter Privacy Act seeks to give voters more control over the data collected on them by political campaigns and organizations.