How to Convince Wary Customers to Share Personal Information

Customers are becoming increasingly wary of sharing any information about themselves, including their shopping habits and preferences. And who can blame them? Many enterprises have failed to adequately protect consumer data from thieves, while others have misused the information in various ways, such as by tracking shopper movements or selling identifiable data without the individual’s permission.

Since the Facebook data privacy scandal, more people than ever have recognized the potential pitfalls of sharing too much with too many organizations. “These consumers are worried that providing their data to one company means that several other organizations will eventually obtain their data through data selling,” explained Todd Wright, head of customer experience and data privacy solutions at analytics software developer SAS. “Organizations need to be more forthcoming and transparent with the people they hold data on for this trend to reverse,” he suggested.

Full Article Here

ISO publishes first International Standards for privacy information management

The International Organization for Standardization has published the first International Standards for privacy information management. ISO/IEC 27701 specifies requirements “for establishing, implementing, maintaining and continually improving a privacy-specific information security management system,” ISO said in the announcement. “In other words, a management system for protecting personal data (PIMS).” CNIL Head of the Technology Experts Department Matthieu Grall and Microsoft Corporate Vice President and Deputy General Counsel of Privacy and Regulatory Affairs Julie Brill were among those who participated in the development of the standards. “We applaud the ISO/IEC technical committee for developing this groundbreaking standard for privacy so that organizations of all sizes, jurisdictions, and industries can effectively protect and control the personal data they handle,” Brill said.
Full Story

NIST Privacy Framework nearing completion

A new U.S. privacy framework is quickly approaching completion. The National Institute of Standards and Technology, which holds the drafting pen, is encouraging stakeholders to share their feedback soon.

Since last October, NIST has been working to develop its Privacy Framework to help organizations identify, internalize and address privacy risk. The framework presents the building blocks of a comprehensive data management program that can be implemented across an organization. NIST aims to bridge the legal/IT divide.


Full Article Here

US senators voice concerns over Facebook’s handling of children’s privacy

The Hill reports U.S. Sens. Ed Markey, D-Mass., and Richard Blumenthal, D-Conn., have reached out to Facebook CEO Mark Zuckerberg with questions regarding the social network’s privacy policies and standards for children. Markey and Blumenthal wrote a letter to Zuckerberg seeking details on a vulnerability discovered in Facebook’s Messenger Kids app that allowed users to communicate with people without parental consent. “Children’s privacy and safety online should be Messenger Kids’ top priority,” Markey and Blumenthal wrote. “Your company has a responsibility to meet its promise to parents that children are not exposed to unapproved contacts, a promise that it appears that Facebook has not fulfilled.”
Full Story

Personal Data of “The Whole Adult Population” of Entire Country Stolen

The personal details of almost every adult in Bulgaria have been leaked as part of a huge cyber attack.

Millions of taxpayers’ private and financial data was part of the hack, officials said.

The data was stolen from Bulgaria’s NRA tax agency, which could now face a subsantial fine over the data breach. It is the biggest ever to hit the Balkan country, affecting almost every single adult among the 7 million poeple who live in the country.

Full Article Here

New Cyber Attack Trends Report Reveals That Digital Criminals Made Off With $45 Billion in 2018

A new report on cyber attack trends that combines information from a number of high-level sources has just been released, and it reveals a startling amount of cyber crime growth. The report revealed that cyber crime became a $45 billion industry in 2018, up tens of billions of dollars from the previous year.

The report from the Internet Society’s Online Trust Alliance (OTA) identifies trends by using data from sources including the Federal Bureau of Investigation, Symantec, prominent cybercrime journal Cybersecurity Ventures, security consultant Risk Based Security, the Identity Theft Resource Center and the Internet Society’s own internal data to create as comprehensive a picture as possible of the annual cyber crime market.

Full Article Here

New York Privacy Act Would Be Considerably Tougher Than California’s Bill

Just as legal experts have been predicting for nearly a year, individual U.S. states are starting to develop their own privacy legislation similar in form and content to the California Consumer Privacy Act (CCPA). The first state to follow the lead of California is New York State, which has proposed new privacy legislation (NY Senate Bill 224) that would be considerably tougher than California’s bill. The New York Privacy Act is still looking for a sponsor in the state assembly, but New York legislators are confident that the new legislation will be passed by the end of the summer.

Until lawmakers in Washington, D.C. act to introduce sweeping federal legislation on privacy, the United States could be headed for a “50-state solution” to privacy that would be complex, onerous and confusing for any company trying to remain in compliance on a nationwide basis. A patchwork system of state-by-state privacy legislation would require companies to be much more careful and cautious in order to avoid running afoul of any state laws. Law experts are now calling New York State “the next battleground in the fight for state privacy laws.”

Full Article Here

Cloud Solution Provider PCM Discloses Client Information Breach Just Days After Insight Acquisition Announcement; What Happens Next?

The PCM breach

The hack is somewhat similar to the one that hit cloud solution provider Wipro in April, in that gift card fraud appeared to be the ultimate aim. It is still unclear exactly how the breach happened or who was responsible, but Office 365 administrative credentials (which provide access to email and file sharing systems of the company’s clients) were the target.

According to the cloud solution provider’s official statement on the matter, “minimal” customer information from the cloud solution provider was exposed and affected customers were contacted directly by the company. The company maintains that their internal investigation has revealed minimal impact to PCM customers. Robert Prigge, President of Jumio, explained why “minimal to no impact” could very well be underselling the extent of the hack:

Full Article Here

CCPA Update – Maybe Employees Are “Consumers” After All – Employee PI is Still In Play

If you have been tracking the proposed amendments to the California Consumer Privacy Act (CCPA), you know that businesses and stakeholders have been clamoring to shape the new sweeping law in a number of ways. We reported earlier this year on some of the potential changes approved by the California Assembly Privacy and Consumer Protection Committee, which moved on for further consideration. Upon arrival at the Senate Judiciary Committee, several of these business-friendly changes met some resistance, including AB 25 which generally would have excluded employee personal information from being covered under the CCPA.

While employers had hoped AB 25 would amend the CCPA to exclude information gathered in the employment context outright, on July 9, 2019, the California Senate Judiciary Committee clarified that will not be the case.

As we previously noted, the Privacy and Consumer Protection Committee in April unanimously approved AB 25 which sought to modify the definition of “consumer” under the CCPA to exclude “a natural person whose personal information has been collected by a business in the course of a person acting as a job applicant to, an employee of, a contractor of, or an agent on behalf of, the business, to the extent the person’s personal information is collected and used solely within the context of the person’s role as a job applicant to, an employee of, a contractor of, or an agent on behalf of, the business.”

Full Article Here

“Who cares if Alexa records and stores your conversations”…

The Democrat from Delaware asked Amazon to provide answers on how long it stores transcripts, whether users can delete them, why it collects them and how they are used, and whether the company anonymizes customer identity.

“While I am encouraged that Amazon allows users to delete audio recordings linked to their accounts,” Coons, a member of the judiciary committee, wrote in his letter, “I am very concerned by reports that suggest that text transcriptions of these audio records are preserved indefinitely on Amazon’s servers, and users are not given the option to delete these text transcripts.”

In response, Amazon Vice President of Public Policy Brian Huseman revealed that the tech titan keeps transcripts and voice recordings indefinitely, removing them only when “the customer chooses to delete them.”

Full Article Here