CDP Institute

Implode. Collapse. Scrap. Near-fatal blow. Hate when this happens for privacy…. In an 11th-hour about-face, the US House Energy and Commerce Committee triggered by GOP House leadership resistance, cancelled major markups for the American Privacy Rights Act and the Kids Online Safety Act – prompted use of these sad words and more. The bills had been moving ahead with bipartisan support. Now, it’s virtually ensured neither bill can be agreed on this year. Way to go, privacy adversaries!

If you’re a U.S. business, it’s virtually certain, according to the ISMS.Online State of Information Security report which found 100% of their survey respondents in the US reporting they’d been fined for data breaches or violation of data protection rules. The survey, which polled 1,500 security professionals from the US, as well as the UK and Australia found 38% of respondents said managing third-party and vendor risk was their biggest challenge. Managing compliance come in a close second at 33%.

When sea sponges are violating privacy, it’s bad! California’s Attorney General has agreed to a settlement with Tilting Point Media LLC following an investigation into their mobile game, “SpongeBob: Krusty Cook-Off” that found it violated the California Consumer Privacy Act (CCPA) and the Children’s Online Privacy Protection Act (COPPA). This because the company used an age screen that didn’t ask for age in a “neutral manner,” so encouraged children to enter an older age. The company will pay $500,000 in civil penalties and will be prohibited from selling and sharing... Read More >

Possible you can opt out depending on where you live, but not much protection for US users (who don’t have federal privacy protection – see above).

The attack impacted about 200 federal and regional government agencies.

Apple, which only three months ago received a 1.8 billion euro (US$1.9 billion) fine from the EU related to music streaming access, has been told its App Store is breaching digital competition rules and the fine could be up to 10% of its $383 billion annual global revenue if it repeats the offense. This is the first time a company has been accused of breaching the Digital Markets Act, which is aimed at curbing the power of Big Tech.

The suit, which combined complaints from across the US was brought against Clearview for mass collection of facial images to create a database that other companies used for marketing. The case is unique in giving plaintiffs a share of the company’s potential value, which could amount to more than $50 million. Concern is that this does not stop Clearview from harvesting and selling images or using it to train AI.

The US Office for Civil Rights (OCR) issued a Final Rule amending the Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA) and that goes into effect this month. This was instituted by the Federal government in response to the Supreme Court’s Dobbs v. Jackson ruling to not protect abortion rights and is designed to protect individual privacy and the integrity of the provider-patient relationship.

A US Department of Justice (DOJ) plan to address allegations that claimed TikTok misled US consumers about data security, has changed to instead pursue a lawsuit charging the company with children’s privacy violations.

Reason is the leads provided did not grant permission to have the data collected, stored or used.

The organization, which provides underserved young Africans with digital opportunities, released the information with pre-action notice to government organizations.

Bowing to business-interest pressure, Vermont Governor Phil Scott ensured his state wouldn’t be the 18th in the US to pass a privacy bill that was within inches of becoming an admirable, groundbreaking piece of legislation. Apparently, the prospect of Vermonters being able to sue large tech companies for misuse of private information was unacceptable to Scott, and the fact the bill passed in the state’s House and Senate was immaterial.