US Chamber of Commerce lobbies for right to keep using Facial recognition.

How can insurance help mitigate your CCPA risks? Join Privageo and Oswald in our Oct. 321st webinar to learn more

California legislature has made a decisive move to rein in the “surveillance state.”

A ban on facial recognition software used by law enforcement or government agencies that started in San Francisco and Oakland has, in part, gone statewide. The Body Camera Accountability Act passed the California Legislature and was just signed into law by Gov. Newsom. The law puts in place a three-year state-wide moratorium on the use of facial recognition technology in body cams used by state and local law enforcement agencies. In this, the California legislature has made a decisive move to rein in the “surveillance state.”

Full Article Here

Adobe leak exposes user data for 7.5 million users. Have you gotten control of your customer’s personal data? If not, Privageo is here to help!

Talk about security blunders! Data of more than 7.5 million Adobe Creative users, including personal information, was exposed to anyone with a web browser.

According to the researcher behind the report, Bob Diachenko, the private information of users was estimated to be sitting in unprotected cache for about a week.


Full Article Here

Faulty multi-factor authorization causes Twitter Privacy Breach:

FBI says multifactor authentication might not be secure:

Within the cyber security community, multi-factor authentication (MFA) is generally considered to be one of the safest and most effective ways to secure user accounts and user profiles. But now a special security alert from the Federal Bureau of Investigation (FBI) is alerting private industry partners that multi-factor authentication might not be nearly as effective as once thought. Quite simply, hackers are becoming more and more sophisticated. They are finding new ways to bypass multi-factor authentication using a mix of social engineering and technical hacks, and that should be a wakeup call for IT security leaders everywhere.

Full Article Here

Privacy implications of FBI use of surveillance data … Is the government invading your privacy?

According to a new declassified ruling from the U.S. Foreign Intelligence Surveillance Court (FISC), FBI personnel systematically abused National Security Agency (NSA) mass surveillance data in both 2017 and 2018. The 138-page ruling, which dates back to October 2018, was only unsealed 12 months later in October 2019. It offers a rare look at how the Federal Bureau of Investigation (FBI) has been abusing the constitutional privacy rights of U.S. citizens with alarming regularity. The court ruling is also a stinging rebuke to the FBI’s overreach of its ability to search surveillance intelligence databases.

Full Article Here

New Report Suggests Initial Compliance Costs for CCPA Could Reach $55 Billion

For months, there has been speculation about how much the new California Consumer Privacy Act (CCPA) would wind up costing California businesses as they prepare for the sweeping new privacy legislation, which is set to go into effect on January 1, 2020. According to a new economic impact assessment prepared for the California state attorney general by independent economic research firm Berkeley Economic Advising and Research, initial CCPA compliance could cost companies as much as $55 billion. In addition, there will be compliance costs related to ongoing compliance with the privacy legislation.

Full Article Here

Georgia’s Supreme Court issues a landmark decision on vehicle data privacy

Back in 2014, a man named Victor Mobley was driving his 2014 Dodge Charger along a tree-lined road in Henry County, Georgia. Two people in a 1999 Chevrolet Corvette pulled out from a driveway and were hit by Mobley. They died, and Mobley survived.

Initially, the police determined that the Corvette driver must have pulled out without warning, and Mobley couldn’t stop in time. They saw nothing at the scene that would indicate that Mobley was driving too quickly until an officer plugged a device called a Crash Data Recorder into Mobley’s Charger and found that he had been doing nearly 100 miles per hour.

Here’s where things get sticky: that officer didn’t have a search warrant. The police got a warrant soon after, the issuance of which wasn’t dependent on the data obtained from Victor Mobley’s car, but after being convicted of a double first-degree vehicular homicide, Mobley appealed saying that the data from his vehicle was obtained illegally, in violation of the 4th Amendment. 

Full Article Here

Health Sector Does Not Completely Avoid the CCPA by HIPAA Exemption (4 Months to Go)

Don’t wait to implement your California Consumer Privacy Act (CCPA) compliance as it could require changes to your operations. CCPA can apply to businesses even if they do not have offices or employees in California. It can also reach activities conducted outside of California.

As the countdown to the January 1, 2020 effective date for the CCPA quickly approaches, healthcare entities and businesses in the health sector should exercise caution not to rely too heavily on the law’s HIPAA-related exceptions as a complete pass to avoid complying with the CCPA. The CCPA is the most comprehensive and toughest privacy law in the U.S. to date. Although a California law, the CCPA imposes stringent requirements on businesses nationwide that collect personal data from Californians (and meet certain thresholds ). Those requirements include a number of on-going obligations to consumers and are accompanied by strong enforcement powers for non-compliance as well as a private right of action for certain data breaches. HIPAA does not provide a private right of action. While the CCPA exempts certain entities and data governed by HIPAA from CCPA’s scope, healthcare entities and related service providers should evaluate their systems, processes and data repositories to determine what (if any) personal information they collect is not outside the CCPA’s reach. They could find themselves with certain data subject to the CCPA and some outside of its scope. What does this mean for the healthcare industry? Perhaps it’s time to start thinking in terms of “HIPAA Plus” in a healthcare setting. Regulators, if the CCPA heralds a trend, are imposing new obligations related to the other personal data a healthcare entity, health plan, or related business maintains about a particular patient, employee, website visitor, or other person.

Full Article Here