A ban on facial recognition software used by law enforcement or government agencies that started in San Francisco and Oakland has, in part, gone statewide. The Body Camera Accountability Act passed the California Legislature and was just signed into law by Gov. Newsom. The law puts in place a three-year state-wide moratorium on the use of facial recognition technology in body cams used by state and local law enforcement agencies. In this, the California legislature has made a decisive move to rein in the “surveillance state.”
Talk about security blunders! Data of more than 7.5 million Adobe Creative users, including personal information, was exposed to anyone with a web browser.
According to the researcher behind the report, Bob Diachenko, the private information of users was estimated to be sitting in unprotected cache for about a week.
Within the cyber security community, multi-factor authentication (MFA) is generally considered to be one of the safest and most effective ways to secure user accounts and user profiles. But now a special security alert from the Federal Bureau of Investigation (FBI) is alerting private industry partners that multi-factor authentication might not be nearly as effective as once thought. Quite simply, hackers are becoming more and more sophisticated. They are finding new ways to bypass multi-factor authentication using a mix of social engineering and technical hacks, and that should be a wakeup call for IT security leaders everywhere.
For months, there has been speculation about how much the new California Consumer Privacy Act (CCPA) would wind up costing California businesses as they prepare for the sweeping new privacy legislation, which is set to go into effect on January 1, 2020. According to a new economic impact assessment prepared for the California state attorney general by independent economic research firm Berkeley Economic Advising and Research, initial CCPA compliance could cost companies as much as $55 billion. In addition, there will be compliance costs related to ongoing compliance with the privacy legislation.
Back in 2014, a man named Victor Mobley was driving his 2014 Dodge Charger along a tree-lined road in Henry County, Georgia. Two people in a 1999 Chevrolet Corvette pulled out from a driveway and were hit by Mobley. They died, and Mobley survived.
Initially, the police determined that the Corvette driver must have pulled out without warning, and Mobley couldn’t stop in time. They saw nothing at the scene that would indicate that Mobley was driving too quickly until an officer plugged a device called a Crash Data Recorder into Mobley’s Charger and found that he had been doing nearly 100 miles per hour.
Here’s where things get sticky: that officer didn’t have a search warrant. The police got a warrant soon after, the issuance of which wasn’t dependent on the data obtained from Victor Mobley’s car, but after being convicted of a double first-degree vehicular homicide,, in violation of the 4th Amendment.
Don’t wait to implement your California Consumer Privacy Act (CCPA) compliance as it could require changes to your operations. CCPA can apply to businesses even if they do not have offices or employees in California. It can also reach activities conducted outside of California.
As the countdown to the January 1, 2020 effective date for the CCPA quickly approaches, healthcare entities and businesses in the health sector should exercise caution not to rely too heavily on the law’s HIPAA-related exceptions as a complete pass to avoid complying with the CCPA. The CCPA is the most comprehensive and toughest privacy law in the U.S. to date. Although a California law, the CCPA imposes stringent requirements on businesses nationwide that collect personal data from Californians (and meet certain thresholds ). Those requirements include a number of on-going obligations to consumers and are accompanied by strong enforcement powers for non-compliance as well as a private right of action for certain data breaches. HIPAA does not provide a private right of action. While the CCPA exempts certain entities and data governed by HIPAA from CCPA’s scope, healthcare entities and related service providers should evaluate their systems, processes and data repositories to determine what (if any) personal information they collect is not outside the CCPA’s reach. They could find themselves with certain data subject to the CCPA and some outside of its scope. What does this mean for the healthcare industry? Perhaps it’s time to start thinking in terms of “HIPAA Plus” in a healthcare setting. Regulators, if the CCPA heralds a trend, are imposing new obligations related to the other personal data a healthcare entity, health plan, or related business maintains about a particular patient, employee, website visitor, or other person.