CDP Institute

Daniel’s Law is a New Jersey regulation designed to protect law enforcement officials, including judges and police officers, by keeping personal information such as home address and phone numbers private. One of the strictest US laws, it gives officials the right to sue companies that don’t comply. Now, an overheard call between leaders, including from the Association of National Advertisers (ANA), the Consumer Data Industry Association, and the data broker Acxiom, raised alarms they might work to weaken the law.

The UK Information Commissioner’s Office (ICO) has entered into a multilateral agreement with the Global Corporation Arrangement for Privacy Enforcement (CAPE), a group of countries including the US, Australia, Canada, Mexico, Japan, Singapore, and the Republic of Korea to cooperate on governing cross-border data transfers.

Colorado’s “Act Concerning Protection of the Privacy of Individuals’ Biological Data”, is a law pending the governor’s signature. Once passed, it will mark the first law in the US specifically designed to protect collection, use and disclosure of biological (including genetic, biochemical, and physiological) data and neural (relating to central or peripheral nervous system) data. This is seen as an important area of privacy law other states are expected to put increased emphasis on.

Internet Safety Labs issued its third report on student privacy and found 78% of required or recommended school apps at high risk for privacy with 79% of the apps collecting location data and that in socioeconomically challenged areas, those schools frequently had the highest rate of unsafe apps in terms of ads.

The system automates consent management and provides a central system for managing preferences across touchpoints, enabling companies to process requests in less time and automate their workflows and data discovery.

Charmingly named Project Ghostbusters, Facebook (Meta) apparently went to great trouble to spy on competitors, including Snapchat, Amazon and YouTube for user data. This revealed in unsealed documents in California federal court, was done to gain competitive advantage and understand how users behaved on other sites – and was supported by Meta executives including CEO Mark Zuckerberg. It was done by intercepting and decrypting network traffic between user devices and company servers.

In 2021, a threat actor claimed to be selling data of 73 million AT&T customers, but the telecom demurred saying there hadn’t been a breach. Well, apparently, that was incorrect as AT&T now confirms, and highly sensitive information dating back to 2019 has been leaked on the dark web. This includes Social Security numbers, passcodes, email addresses and birth dates, and has raised concerns over risks for identity theft.

The Cybersecurity Administration of China (CAC), has published the Provisions on Promoting and Regulating the Cross-border Flow of Data (New Provisions), which eases up on select requirements for data controllers. This follows concerns that had been raised about viability of data controllers adhering to the CAC’s previous outline of obligations, so companies doing cross-border business should review changes for applicability.

When considering data care, it’s wise to check what those in the know do. Ghostery’s survey of 2,000 American consumers indicates many are lagging behind those with advertising, programming and cybersecurity expertise. So, while 52% surveyed used an adblocker, numbers for those with experience in the field went up to more than 75%. This carried over to concerns about health data and data being gathered for political reasons.

The US Federal Trade Commission (FTC) denied an application that proposed using facial recognition to ensure a person granting approval for children to use websites covered by the Children’s Online Privacy Protection Act (COPPA) is an adult. The agency will continue to consider age verification technology options to address this issue.