Privacy & Compliance | SC Media

Privacy & Compliance

antivirus

Czech authorities investigating Avast over recent data collection practices

The Czech Republic’s Office for Personal Data Protection (DPA) said in a brief statement today that it has launched a preliminary investigation into Avast Software s.r.o., following reports that the Prague-based antivirus company collected data from users of its free AV product and sold it via a separate business division. “At the moment we are…

Ringing in a new National Privacy Law?

Privacy advocates have long called for a federal privacy law and it’s coming…in the mean time, experts say complying with the CCPA will lay the groundwork for future compliance with a federal law. Like revelers packing Times Square on New Year’s Eve waiting for the ball to drop, a close teeming crowd of organizations spent the…

IllenaArmstrong

How a bill becomes a compliance ask

It takes a minute for a regulatory mandate to hit the masses. Typically, after months or even longer, of “sitting in committee,” political punting, pontificating, organizational lobbying, debating, usually lots more pontificating and punting, that a bill that may have been “sitting on Capitol Hill” (thank you, Schoolhouse Rock, you classic, you) might be signed…

Lawyers: Facebook is prepared to pay $550M to settle facial recognition lawsuit

Facebook has agreed to set aside $550 million to settle a class-action lawsuit brought by users who allege the social media company violated the Illinois Biometric Information Privacy Act (BIPA), attorneys for the plaintiffs announced on Wednesday. San Francisco Federal District Court Judge James Donato must still approve the settlement, which the lawyers claim is…

Privacy takes a hit, as storage bucket leaks cannabis dispensary POS data

A misconfigured Amazon Web Services S3 storage bucket was discovered leaking data that had been collected by a point-of-sale system used by multiple cannabis dispensaries, researchers from vpnMentor reported on Wednesday. The exposed bucket, which was found on Christmas eve and closed by Jan. 14, was found to contain more than 85,000 files. These included…

Analysis of popular apps finds rampant sharing of personal data

An analysis of 10 highly popular Android apps found what researchers are calling the “out of control” sharing of potentially sensitive information with third parties, in some cases in likely violation of Europe’s GDPR privacy regulations. The findings, which were published in a report issued by the Norwegian Consumer Council (NCC), prompted a coalition of…

California Consumer Privacy Act: Challenge and Opportunity

By David Gorbet Next year will bring a new data privacy regulation in California, and it’ll pose a big challenge — and a big opportunity — for companies in and outside of the state.  The California Consumer Privacy Act goes into effect Jan. 1. The act, considered the most comprehensive of any state privacy law, provides consumers…

Leaky Gekko Group database exposes info on hotel brands, travelers

European hotel booking platform provider Gekko Group mistakenly stored over 1 terabyte of information on a publicly configured server, exposing troves of data related to its hotel B2B clients, as well as travel agents and their customers. The majority of the exposed data was collected by Gekko brands Teldar Travel, which provides a booking system…

It’s privacy vs. innovation as Google collects data on 50 million medical patients

Google and health care provider organization Ascension have publicly confirmed a recent report that the two companies have embarked on a massive initiative to aggregate the data of roughly 50 million patients and store it on the cloud. The companies say it will improve patient care and administration, but the strategy has also sparked concern…

With election on horizon, U.K.’s Labour Party contends with DDoS attacks

The U.K. Labour Party’s digital platforms have been the target of distributed denial of service attack activity since yesterday, impeding access to the political body’s main website. The initial wave of DDoS attacks took place on Nov. 11. Multiple news reports today quoted a Labour Party spokesperson as saying that the barrage of fake traffic…

Next post in Website/Web Server Security