CDP Institute

Uncovered a breach? The US Security and Exchange Commission is expecting your call. Their new 96-hour-reporting-window regulation has gone into effect, and companies must take care to comply. This is designed to protect investor interests and in response to increased consumer expectations for quick action, accountability and transparency when breaches take place.

Italy’s Data Protection Authority (DPA) announced it found evidence of data privacy violations by OpenAI, maker of ChatGPT due to mass collection of data used to train the algorithm. OpenAI has 30 days to respond in its defense. The stakes are high, since fines for companies that break GDPR rules can be up to 4% of the company’s global turnover. This follows an earlier ban of ChatGPT in Italy last spring, which was subsequently lifted.

The New Hampshire Privacy Act (NHPA) has been approved and sent to the governor for signature. The NHPA applies to any business or person that produces products or services for residents of the state, or controls data on New Hampshire consumers. As with other states, minimums apply and there are some exemptions. Consumer rights provided include confirmation of processing, correction, deletion, opt-out rights, and the right to reject  behavioral ad-targeting.

Cisco’s Privacy Research’s seventh annual survey of 2,600 professionals found 94% of organizations say their customers would not buy from them if they didn’t provide adequate privacy protection. Respondents also said customers like hard evidence organizations can be trusted – such as in the form of external certifications, so 98% consider those important in their buying process. Organizations also support global privacy laws, with 80% indicating legislation has had a positive impact.

This 2024 State Children’s Privacy Law Tracker map from Husch Blackwell is a useful tool to identify US children’s-related privacy legislation. JD Supra's article provides an overview of current legislation, and looks ahead to what more states are proposing.

Google is issuing warnings to website and app owners that their account could be suspended in the EU if their GDPR banners aren’t compliant within Google-assigned deadlines.

In a win for privacy advocates, now authorities will have to submit formal legal requests to the company, rather than going direct to users.

What do Argentina, Canada, Israel, New Zealand and Switzerland have in common? The European Commission has determined that they, along with Andorra, the Faroe Islands, Guernsey, the Isle of Man, Jersey and Uruguay have met EU data safeguard requirements for cross-border transfers, according to the Commission’s newly released report.  The United States didn’t make the cut.

Good if you said yes above, since Consumer Reports found as many as 7,000 companies, including LiveRamp, Acxiom, Epsilon, Home Depot and Amazon, are monitoring activities of individual Facebook users.  This to help Meta understand what you do when you’re not on the their platform – and to enable them to target you with ads. Out of more than 700 participants who volunteered to have their data looked at, on average each had their data sent to Facebook by more than 2,200 companies.

Oregon’s data broker law has gone into effect, making it the fourth state after Vermont, California and Texas, to have special requirements for the data broker industry. This and the recently passed Texas law require data brokers to register with the state – and businesses that process data they’ve not collected directly from individual subjects should check the laws to see if they’re covered.

ISACA, a global association focused on security, governance, risk and privacy education surveyed more than 1,300 data privacy professionals on how their company was handling staffing and support for privacy. Key findings were that demand for technical roles is likely to increase, board prioritization of privacy is expected to hold steady, though more than half surveyed expected privacy budgets to decrease this year. Also consistent with last year is expert-level privacy professionals are the most difficult to hire.

Meta’s big. Kids are small, powerless, and okay to take advantage of, seems to be a foundational way of thinking at Meta from CEO Mark Zuckerberg at the top down through the ranks if new reports are to be believed. Redacted historical documents just unsealed in a New Mexico lawsuit showed that young users were being marketed to intentionally and inappropriately – and, much worse, that people at Meta knew there was a massive volume of sexually explicit content being shared between adults and young people, but repeated warnings and... Read More >