CDP Institute

Australia’s Attorney-General has said the government will make “urgent reforms” to the country’s Privacy Act following the Optus breach, where the company was blamed for lax security, resulting in the theft of nearly 10 million customer records. Resulting fines for that could reach as high as 2 million Australian dollars ($1.3 million). Certainly, it has put increased pressure on the government, which has been in process reviewing its privacy laws for several years, and now stated it may move on this within the next month.

The Office of the Privacy Commissioner for Personal Data in Hong Kong plans to launch a compliance review following a data breach that may have impacted 290,000 Shangri-La hotel group customers. Concern is that customers were not notified until more than two months that a breach potentially affecting their data had occurred.

There are two important new laws in California. The first, related to AB-1242, is designed to protect companies from having to respond to out-of-state search warrants that look to obtain abortion data. This will be relevant to the many internet and telecommunications based in the state and is part of a move to establish California as a sanctuary for abortion seekers. The second, AB 2089, is meant to protect patient mental health data not covered by the Health Insurance Portability and Accountability Act (HIPAA), particularly via the 20,000 or more online apps offering services based on probable diagnoses. Many harvest and then sell sensitive data that patients provide, but this would no longer be allowed.

IAB’s Global Privacy Platform (GPP), which enables user consent signals to be communicated through the digital supply chain, is finalized and ready for industry adoption. This is a major development for ad tech companies and was developed with input from companies throughout the ad ecosystem. Specifically, the GPP provides details on privacy signals – including standard data types used for encoding privacy strings and standard mechanisms for senders and receivers of those strings. Right now, this includes information for US Privacy and IAB Europe TCF consent strings, but IAB has... Read More >

The U.K.’s Information Commissioner’s Office (ICO) have issued a Notice of Intent, covering a period between 2018-2020, to Chinese-owned TikTok, which means a likely significant fine. In this case that could be as high as £27 million ($29 million), depending on determinations about violation of privacy regulation. TikTok may have committed multiple infractions, including processing data of underage children without parental consent, accessing specially protected information on race or ethnicity, and collecting biometric data without legitimate cause to do so. Depending on the regulator’s determination, cost could be quite high.

This second, “Results About You” option has begun appearing in the Google app for Android.

This draft is expected to include expanded protections for European and American citizens, including on how US security agencies can access and use their data.

Then, operators judge their work. Sorry, not liking the sound of this…