CDP Institute

Slovenia, the last EU country to formally adopt GDPR, has put its Personal Data Privacy Protection Act (ZVOP-2) into effect. The law includes rules for transmission of personal data, video surveillance, regulation of biometrics and personal data collection, and legal basis for imposing sanctions under GDPR.

In the latest Whack-a-Mole privacy exposure reveal at Twitter, a former-employee whistleblower has told the US Justice Department, the Federal Trade Commission and members of Congress that as many as 4,000 Twitter engineers could have accessed user data, including after Musk’s takeover via a function nicknamed “GodMode.” Twitter, again having recently gutted its compliance and communications teams, had no comment.

Heads up! California’s Attorney General just issued warning of an investigative sweep targeting mobile apps, particularly in retail, travel and food service industries that fail to comply with the California Consumer Privacy Act (CCPA). Letters were sent to businesses that may fail to provide consumers opt-out mechanisms or fail to honor consumer opt-out and deletion requests.

The Optimove 2023 Consumer Trust of Retailers Survey of US consumers found more than half don’t trust brand handling of personal information, and 77% unsubscribe from brands when they feel information is misused. Interestingly, 64% of the 406 surveyed said they are loyal to and shop at brands they don’t trust – and indicated the most important action a brand can take to change that is, according to 56%, to have a policy that it won’t share personal information.

Digital Infrastructure for Knowledge (Diksha), a key public education tool operated by India’s Ministry of Education and used by millions of Indian students particularly during the pandemic, had its data left unprotected on a Microsoft Azure cloud server for more than a year. Wired, which has verified the story, reported this left the data searchable via a simple Google search.

Expectations are more vendors may follow.

The company has claimed data was “limited,” since it didn’t include payment card data.

T-Mobile informed US regulators that a bad actor gained access to data on roughly a third of the company’s 110 million customers. The breach, which was active for approximately six weeks before being discovered and then shut down within 24 hours, reportedly did not access the most sensitive data, such as financial data. Customers were informed that hackers did not gain access to full data sets, though information compromised can still be useful for hackers for phishing and identity theft.

ProPublica found that nine of eleven online pharmacies selling abortion pills used web trackers that share sensitive data with Google. This can put customers at risk since data could be shared with law enforcement. The 9: Abortion Ease, BestAbortionPill.com, PrivacyPillRX, PillsOnlineRX, Secure Abortion Pills, AbortionRx, Generic Abortion Pills, Abortion Privacy and Online Abortion Pill Rx; collect web addresses visited; click, location and search data; and information on devices being used.

Meet DORA, the EU’s newly enacted Digital Operational Resilience Act, which is designed to strengthen IT security in the financial sector. It will be de rigueur for financial institutions; including banks, credit providers, securities and trading companies, and information and communication technology (ICT) organizations. DORA comes into full force in 2025, by which time companies and organizations should be compliant.

A new Surfshark study shows a big year-over-year decrease in data breaches in 2022 as compared with 2021. According to the report, 310,855,487 accounts were leaked worldwide last year, which is down from 959,327,963 in 2021. Russia had the highest breach density at 104.8 million Russian accounts leaked, 3x the number they had in 2021.

Firefox’s survey of parents in the US, Canada, UK, France, and Germany found that while parents are largely comfortable with the amount of time their children spend on the internet, more than half are concerned about data tracking and the role of big tech. US parents expressed the greatest concern about data tracking (69%) and came in highest, at 51%, in using parental controls, as compared with France, which came in at 39%. When asked if they “somewhat to strongly agree tech companies have their children’s best Interests in mind,”... Read More >