Privacy & Compliance | SC Media

Privacy & Compliance

UK businesses far more confident re GDPR than their European counterparts

Researcher: GDPR’s Right of Access policy can be abused to steal others’ personal info

An Oxford University scholar says he was able to trick dozens of European companies into sending him sensitive data about his fiancée, simply by impersonating her while invoking GDPR’s “Right of Access” policy. Doctor of philosophy student James Pavur, who presented his research findings Thursday at the Black Hat conference in Las Vegas, exploited the policy…

FTC levies historic fine on Facebook for privacy violations

The U.S. Federal Trade Commission today announced that it has penalized Facebook $5 billion as punishment for what it described as deceptive privacy practices, and imposed new restrictions on the social media giant. Facebook likewise announced that it has agreed to the terms of the deal. In conjunction, the Department of Justice officially filed a…

Computer password inventor Fernando Corbató dies at 93

Pioneering computer scientist Fernando “Corby” Corbató, regarded as the inventor of the computer password and a key contributor in the development of time-sharing computer systems, died last Friday, July 12, in Newburyport, Massachusetts at the age of 93. Corbató’s Compatible Time-Sharing System (CTSS) allowed multiple users to work on a computer simultaneously, according to an…

leakplumbing_863980

Gay dating app fined $240,000 for leaking nudes and other personal data

The makers of the gay dating app Jack’d was fined $240,000 by the New York Attorney General’s Office for leaking private data and nude photos.  Online Buddies, Inc. was charged with failure to protect private photos of users of its ‘Jack’d’ dating application, and the nude images of approximately 1,900 users in the gay, bisexual,…

leakplumbing_863980

Venmo transaction scraped in privacy warning to consumers

A year after being called out for a feature that exposed customers’ transactions, Venmo continues to leak hundreds of millions of transactions. Independent researcher Dan Salmon was able to scrape together millions of Venmo transactions over the course of six months and warned users to set their payments to private after privacy researchers warned the…

7.7 million LabCorp patients affected by same breach that impacted Quest Diagnostics

One day after Quest Diagnostics reported that nearly 12 million of its patients were potentially affected by a malicious breach of third-party bill collection vendor American Medical Collection Agency (AMCA), fellow clinical testing firm LabCorp acknowledged that roughly 7.7 million of its customers may be affected by the same incident. Burlington, North Carolina-based LabCorp publicly…

Calif. Assembly passes CCPA amendment that would exclude employee data from protections

The California Assembly on May 29 passed AB 25, an amendment to the California Consumer Privacy Act of 2018 that would exclude employees and job applicants from the legislation’s definition of “consumer.” The proposed law, which passed unanimously 77-0-3, is now in the hands of the California Senate. Under the terms of the amendment, an…

Introducing state privacy legislation amidst national privacy law discussions

Several states recently presented and passed data privacy legislation introducing individual consumer rights as well as data breach notification rules which in some ways reflect the protections afforded by Europe’s General Data Protection Regulation (GDPR). Like their European counterparts, U.S states such as California, Hawaii, and Washington have passed or proposed laws that are designed…

Google unveils new controls for automatically deleting data after 3 or 18 months

Google on Wednesday announced an upcoming, privacy-friendly feature that will automatically delete user location history and web and app activity data after a specified period of time. The new controls will be rolled out in the coming weeks, Google revealed in a blog post authored by David Monsees, “Search” product manager, and Marlo McGriff, “Maps”…

Washington state legislature passes data breach law, but punts on privacy law

The Washington state legislature went one-for-two this month in its attempt to pass major data breach and privacy regulations. Yesterday, lawmakers unanimously passed HB 1071, which firms up and expands requirements for public breach notifications, but the state apparently has failed to approve a sweeping new state privacy law, SB 5367, after the House declined…

Next post in Government