CDP Institute

The Video Privacy Protection Act (VPPA), passed in 1988 to protect personal data of Blockbuster and VHS rental customers, has recently been used in suits against streaming services including Hulu, AMC and ESPN. Now, a federal class action suit out of New York accuses HBO of violating the VPPA because it shares customer lists with Facebook, which can subsequently use the HBO data and Facebook’s profile data to ascertain customer viewing habits.

Wyoming’s Genetic Data Privacy Act has been signed into law and will go into effect July 1st. Businesses in the state that collect genetic data must be transparent with individuals about collection, use and disclosure; and must obtain express consent before collecting the data. The state’s Attorney General can levy penalties of up to $2,500 for violation.

The rapidly evolving war between Russia and Ukraine has moved us into uncharted digital waters with complicated alliances and offensive and defensive actions being taken on both sides. Risks are exacerbated by many factors, including that governments, businesses, cybergroups and individuals are quickly taking sides, bring their own agenda and tactics, and most critically, that there’s no clear oversight or way to assess what the consequences may be.

A new trends report from privacy company DataGrail shows how much impact the California Consumer Privacy Act (CCPA) has had in just one year, including in other states. Consumers are exercising their CCPA Data Subject Rights (DSR) to access their data, delete their data, and stop the sale of their information to third-parties. As a result, costs are rising for business in staffing and processing to keep up.

IDology’s 4th annual digital identity study found 61% of were “very” to “extremely” worried personal information is vulnerable to criminals, and 70% think companies capture their data without their knowledge. So, most would support passage of legislation similar to CCPA.

The acceleration of digital due to COVID-19 has taken many forms, and a major area of cyber concern is the intricate interconnection of traditional Internet Cloud data with many new “Smart” devices, grids, operations and overall systems. This includes input from many sectors – healthcare, industry, food & other supply chains, and many forms of infrastructure. Holistically, they are referred to as the Extended IoT (XIoT). A report from industrial cybersecurity firm, Claroty, looks at the rapidly evolving situation, key vulnerabilities, and why hackers’ ability to bypass the need for user action has opened the door for unauthenticated attackers to gain a network foothold and then move laterally—and quietly through a network to launch ransomware or perform other harms.

The Children’s Advertising Review Unit (CARU – a children’s safety program of the US Better Business Bureau) reports that TickTalk Tech failed to meet COPPA requirements, as it didn’t provide clear, non-confusing notice of information it collects on children and it doesn’t notify parents of practices as required by COPPA.

The suit filed late 2020 on behalf of a 12-year-old, accuses TikTok of processing children’s data unlawfully. It seeks damages on behalf of millions of children and the claimant is being sponsored by the former Children’s Commissioner for England, Anne Longfield.