CDP Institute

Cost can be as low as $100 a month, making it accessible for small and large businesses.

The EU Commission has named 17 companies and 2 search engines to its Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) lists for Digital Services Act (DSA) regulation. This includes Alibaba, Amazon, Facebook, and TikTok (VLOPs), and Bing and Google Search (VLOSEs), which will now have four months to comply with new obligations to be regulated by the DSA.

KrebsOnSecurity site reports that Salesforce Community public websites may be leaking data from organizations including banks, healthcare and government. This comes two years after a researcher first identified risk from misconfiguration in the Salesforce sites that allowed for exploitation. Now, according to KrebsOnSecurity, leaks are happening widely – and despite organizations being notified, most have not addressed the problem.

Indiana is the 7th US state to pass a privacy law. The Indiana Consumer Data Protection Law includes protection of the right to know, correct, and delete. It will go into effect in 2026. Montana and Tennessee's legislatures have both approved privacy bills that may come into effect sooner. Montana’s governor requested amending the Montana Consumer Data Privacy Act to ban not just TikTok but also other social media sites perceived as from foreign adversaries. With Tennessee, the Information Protection Act is business-friendly and weaker than privacy laws in the first states, California, Colorado, Connecticut, Iowa, Utah, and Virginia.

The Protecting Kids on Social Media Act is a bipartisan proposal that harkens back to earlier legislation designed to shield children from “indecent” ads or solicitation, and to keep them from hearing “obscene” language on television and radio. The proposal also comes as US states increasingly come up with their own legislation to restrict children, as in the case of Utah, which is requiring parental consent for social media account creation and Montana, which proposes to block ad targeting, selling kids’ data, and social media use without consent.

Italian users age 13+ are only allowed to use the AI chatbot with parental consent, and anyone 18+ must confirm age.

More than 60 million sites use Google’s fonts, which are free. Now, an investigation has found data from site users is being harvested and sold. Data collected via fonts includes IP addresses and browsing history, which Google then cross-references with other data it holds and sells to advertisers and marketers.

Legal and compliance teams in healthcare are advising pullbacks from mass data collection and data use pending a clearer understanding the impacts of new regulation and recent actions by government agencies, particularly the Federal Trade Commission (FTC).  This follows the FTC imposing fines of $1.5 million on online pharma company GoodRX and $1.8 million on online therapy provider BetterHelp.

Vietnam’s Personal Data Protection Degree (PDPD) will come into effect July 1.  The government has published the outline of obligations for compliance by foreign agencies, organizations and individuals, as well as for Vietnamese organizations operating abroad.  The PDPD includes stipulations on data subject rights, including the right to be informed, consent, data access, and data portability.

The digital password, first used at MIT in 1961, is 62 years old, and according to many experts no longer serves critical security needs businesses have. The 2023 State of Passwordless Security Report, based on interviews Vanson Bourne conducted with 1,000 IT security professionals from EMEA, APAC, and US companies, indicates 88% had cyberattacks in the last year. Phishing (43%) was the most prevalent form and 28% were by push notification attacks (aka multi-factor authentication fatigue attacks -- MFA bombs).

The Egyptian government, which in 2020 switched away from using the US College Board exam due to that company’s concern about security issues, established its own exam and in 2022 partnered with UK-based Academic Assessment Ltd. Human Rights Watch reports that now that vast amounts of personal data of tens of thousands of children who took that test was exposed for months. This puts the children at great risk, as anyone with an internet connection could find where they live, go to school, and if they have mental health or... Read More >

Regulators want to verify whether OpenAI, owner of ChatGPC sufficiently protects personal data compliant with EU law.