Privacy & Compliance | SC Media

Privacy & Compliance

leakplumbing_863980

Venmo transaction scraped in privacy warning to consumers

A year after being called out for a feature that exposed customers’ transactions, Venmo continues to leak hundreds of millions of transactions. Independent researcher Dan Salmon was able to scrape together millions of Venmo transactions over the course of six months and warned users to set their payments to private after privacy researchers warned the…

7.7 million LabCorp patients affected by same breach that impacted Quest Diagnostics

One day after Quest Diagnostics reported that nearly 12 million of its patients were potentially affected by a malicious breach of third-party bill collection vendor American Medical Collection Agency (AMCA), fellow clinical testing firm LabCorp acknowledged that roughly 7.7 million of its customers may be affected by the same incident. Burlington, North Carolina-based LabCorp publicly…

Calif. Assembly passes CCPA amendment that would exclude employee data from protections

The California Assembly on May 29 passed AB 25, an amendment to the California Consumer Privacy Act of 2018 that would exclude employees and job applicants from the legislation’s definition of “consumer.” The proposed law, which passed unanimously 77-0-3, is now in the hands of the California Senate. Under the terms of the amendment, an…

Introducing state privacy legislation amidst national privacy law discussions

Several states recently presented and passed data privacy legislation introducing individual consumer rights as well as data breach notification rules which in some ways reflect the protections afforded by Europe’s General Data Protection Regulation (GDPR). Like their European counterparts, U.S states such as California, Hawaii, and Washington have passed or proposed laws that are designed…

Google unveils new controls for automatically deleting data after 3 or 18 months

Google on Wednesday announced an upcoming, privacy-friendly feature that will automatically delete user location history and web and app activity data after a specified period of time. The new controls will be rolled out in the coming weeks, Google revealed in a blog post authored by David Monsees, “Search” product manager, and Marlo McGriff, “Maps”…

Washington state legislature passes data breach law, but punts on privacy law

The Washington state legislature went one-for-two this month in its attempt to pass major data breach and privacy regulations. Yesterday, lawmakers unanimously passed HB 1071, which firms up and expands requirements for public breach notifications, but the state apparently has failed to approve a sweeping new state privacy law, SB 5367, after the House declined…

Facebook says it ‘unintentionally’ harvested 1.5M users’ email contacts via verification feature

Facebook has once again stoked controversy after the social media giant reportedly owned up to “unintentionally” collecting the email contacts of 1.5 million users without their consent. Business Insider revealed the company’s latest data mismanagement gaffe in an April 17 news report, after its staff members created a fake account and entered an email password…

hotel

Study: 67 percent of hotel websites grant third parties access to personal booking data, reservations

A study of more than 1,500 hotels in 54 countries found that 67 percent of their websites leak booking reference codes to third-party partners, allowing them to potentially access guests’ booking details and personal information. Such access could even enable the third parties to cancel individuals’ reservations if they so desired, according to Symantec Principal…

Facebook stored hundreds of millions of user passwords in plain text

Facebook is once again making headlines after the company discovered it had been storing hundreds of millions of users passwords in plain text for years. The company says its currently investigating the situation, but said in January it discovered some users passwords had been stored in a readable format  within its internal data storage systems,…

FDA presents guidelines for medical device security

Meditab affiliate exposes medical records, PII on unprotected server

Once again, information was left exposed on an unprotected server – this time by an affiliate of Meditab, a California maker of medical records software sold to doctors, pharmacies and hospitals. Researchers at SpiderSilk found that anyone could read in realtime unencrypted medical records, personal information, drug prescriptions, doctors’ notes and the like from faxes…

Next post in Data Breach