CDP Institute

For just $160, Vice’s Motherboard team bought a SafeGraph list of a weeks’ worth of data on location and length of stay for groups of people who visited Planned Parenthood and other abortion clinics (and where they went afterward). To say this is sensitive information, given what looks like pending reversal of Roe v. Wade, is an understatement. What is safe to say is the people whose data was collected never consented to have information accrued by SafeGraph via software development kit code (SDK) data of ordinary-use apps (for weather... Read More >

The privacy implications and risks to individuals, should the US Supreme Court overturn Roe v. Wade abortion rights protection (as a document leaked this week indicates), could be huge according to legal experts – particularly since there’s no national privacy law. Not only would it put women looking to get abortions and clinicians performing abortions on the wrong side of the law, but it opens up a rat’s nest of opportunity for legal as well as backdoor data sharing and tracking of information on people and services. It would also... Read More >

While one would hope apps you share your most intimate thoughts with would respect user privacy, Mozilla’s survey of 32 popular mental health and prayer apps found exactly the opposite. In fact, 28 earned a spot Mozilla’s “Privacy Not Included” guide. These apps track, share and capitalize on users’ most intimate thoughts, harvest vast amounts of data, have dismal security, and then sell mass quantities of data to Facebook and other 3rd-party platforms. In fact, according to one of the study’s co-authors, companies are investing hundreds of millions of dollars... Read More >

The California Consumer Privacy Act (CCPA), which went into effect in 2020, is proving popular with consumers from in- and out-of-state who are exercising rights granted by the law for private right of action. In 2021, there were 145 CCPA cases, a 60% jump from the 91 filed the first year, according to a second year report by the Akin Gump Group. The new report also calls out information on how CCPA harmonizes with pre-existing US health laws, including the Health Insurance Portability and Accountability Act (HIPAA) and Health Information... Read More >

The National Institute for Access to Information and Protection of Personal Data (INAI) issued guidelines for protecting children’s personal data, including: checking how Internet connections are made, how data will be used, and means to rectify or revoke right of access.

Good privacy news out of Google this week. First, a policy expansion that allows removal of select personal data used in Search, including log-in credentials, that could risk identity theft. Second, for YouTube and Display users, a new option to limit ad types, including for parenting, dating and weight loss. And, third, beginning in July, developers will be responsible to show Android users what their apps are collecting.

None of my business, really, unless you decide to tell me. But Meta feels it’s crucial for them to know -- and they don’t mind not asking! In fact, in a joint study, non-profit newsroom The Markup and Mozilla privacy platform Rally found Meta snapping up a mass of sensitive data with its Pixel tool. Pixel helps itself to snippets of HTML code, then tracks you around the Web. This crafty tool did so with a mass of FAFSA college student aid data – regardless of whether the users had logged in.  Meanwhile, a Facebook document leak revealed that because it builds systems with open borders, it doesn't know what data it has, and can't find out!

India’s Computer Emergency Response Team (CERT-In) just set a strict new directive applicable to data centers, Virtual Private Servers (VPS), Virtual Private Networks (VPN), Cloud Service providers, crypto exchanges and others that serve as intermediaries. Effective from late June, organizations will be required to maintain logs containing specified customer data for minimum 5 years, report cyber incidents of concern to CERT within 6 hours, and to respond requests for data CERT-In may impose for “protective and preventive” reasons.

Surfshark’s research of the most popular keywords in nine categories shows just how vulnerable we are. Most dangerous popular search term for malware – “Robert De Niro” at 54.1% results of potential malware). “Kate Winslet” came in at 52.6%, and the game, Mortal Combat, at 46.5%. Scarier still for some will be to learn that sweet film “Finding Dory” cruised in at 46.7%, and even Tom Hanks came in high at 51.6%. The report shows which terms are key targets – and how to stay safer.

Privacy management company, CYTRIO research alarmingly found only a small fraction of B2B and B2C companies in full compliance with CCPA and GDPR. This despite mounting fines against those who don’t comply with the regulations – and, in California, the additional requirements that will come in 2023 when CPRA comes into effect along with a 12-month lookback.

Teens fall outside the protective bounds of COPPA, the privacy legislation that protects children up to age 13 in the U.S. Yet, the 13-17 age group is a major consumer group that’s particularly vulnerable to risks and harms – and they’re a complex group to engage with. That’s why BBB National Programs’ Center for Industry Self-Regulation has stepped up with the TeenAge Privacy Program (TAPP), designed to help businesses manage teen data responsibly.