Privacy & Compliance news & analysis | SC Media

Privacy & Compliance News and Analysis

New Jersey bill would broaden PII requiring breach notification


If signed into law, a bipartisan bill sent by New Jersey legislators to Gov. Phil Murphy would expand data breach notification in the state, requiring companies to alert citizens to breaches of a wider range of personal identifiable information (PII), including user names, passwords, email addresses and security questions. “When a data breach occurs and…

Kushner used WhatsApp, personal email for gov’t biz; McFarland used AOL to discuss Saudi Arabia nuclear transfer


First son-in-law Jared Kushner, whose security clearance is currently under probe by lawmakers, “continues to use” WhatsApp and his personal email to conduct government business, and former Deputy National Security Adviser K.T. McFarland used her AOL account to do the same, even discussing the transfer of “sensitive U.S. nuclear technology to Saudi Arabia,” according to…

The DOJ to investigate Uber breach

Report: Uber employee used data-scraping tool to gather info on Australian competitor


An Uber employee used a data-scraping tool to round up online data concerning an Australian competitor in order to poach drivers from its business, according to a report this week from ABC News in Australia. Reportedly created in 2015, the tool, called Surfcam, was previously reported to have been used against a rival ride-service company…

Facebook stored hundreds of millions of user passwords in plain text


Facebook is once again making headlines after the company discovered it had been storing hundreds of millions of users passwords in plain text for years. The company says its currently investigating the situation, but said in January it discovered some users passwords had been stored in a readable format  within its internal data storage systems,…

Researcher finds malware in USG Sony Chip HD 6 Camera surveillance kit.

Peeping Toms secretly livestream hundred of South Korean hotel guests


Two men were arrested in South Korea in a scandal involving hidden cameras that secretly filmed 1,6000 people in their hotel rooms. The men allegedly recorded women and live streamed them to paying customers to watch in the scandal which involved 42 rooms in 30 accommodations in 10 cities around the country. Cameras were hidden…

Plans include an open standard that would shrink users' dependency on passwords.

Authorities had OK to use Broidy’s hands, face to unlock phones confiscated in raid


Federal agents raiding the offices of former Republican National Committee (RNC) Deputy Finance Chair Elliot Broidy last year looking for details on his dealings with a number of people, including “Trump administration associates,” were authorized to use the fundraiser’s hands and face to unlock phones whose contents were protected by fingerprints or facial scans, a…

FDA presents guidelines for medical device security

Meditab affiliate exposes medical records, PII on unprotected server


Once again, information was left exposed on an unprotected server – this time by an affiliate of Meditab, a California maker of medical records software sold to doctors, pharmacies and hospitals. Researchers at SpiderSilk found that anyone could read in realtime unencrypted medical records, personal information, drug prescriptions, doctors’ notes and the like from faxes…

GCA, Mastercard partner on free cybersecurity toolkit for small business (Video)


Small businesses, which make up 99 percent of businesses globally and, on average, 70 percent, grapple with some of the same major cybersecurity challenges as large enterprises, only without the same resources. The Global Cyber Alliance (GCA) and Mastercard have teamed on a free Cybersecurity Toolkit aimed at helping smaller and medium-sized businesses. GCA President…

EU GDPR gavel thinkstock

Companies unable to meet stringent GDPR data breach reporting requirements


The first anniversary of GDPR going into effect is on the horizon, but one study has found that companies are rarely able to meet the reporting demands set by the legislation. A report by the cybersecurity firm Redscan, based on data received through a Freedom of Information request in the UK, found neither breach detection…

Next post in Privacy & Compliance News and Analysis