Title search:

pnewsletter header.png

Privacy legislation is in the news 

Hold onto your seats, there's a lot to report! New U.S. and EU legislation, multiple large scale breaches, and reports on key growth areas to watch. Also, I've been listening to the audiobook, The Twenty-Six Words That Created the Internet, and that legislation's in this week's news too. 

--Susan Raab, Editor

Send us your news & comments

Cyberattacks and tracing app concerns are key drivers for new health policy

Emergency U.S. legislation proposed for healthcare privacy protection

Looking to safeguard data not protected by the Health Insurance Portability and Accountability Act (HIPAA), Democrats in the U.S. House and Senate reintroduced the Public Health Emergency Privacy Act that was first proposed last spring. It is meant to address security issues related to COVID-19 response. 

Read More 

Data of more than 30M Americans was sold to fraudsters

Epsilon to pay $150M in settlement with U.S. Department of Justice

As part of a remediation agreement, Epsilon will pay a total of $150M including $127.5M in compensation victims of fraud schemes resulting from sale of Epsilon data. The company had used data modeling to build and sell lists of customers, many elderly, deemed most likely to respond to marketing solicitation.  

Read More 

21 Virginia flag.jpeg


Virginia is now the second U.S. state to pass a comprehensive data privacy law. The Virginia Consumer Data Protection Act (VCDPA) provides consumers the right to know what data is being collected, to opt-out of collection and to refuse use of their information for targeting, profiling, or for sale. However, it does not give consumers private right of action, a choice that eased passage and may make it a model for other legislation.

Read More

Cisco reports privacy a top global priority; average annual budgets doubled

Cisco's survey of more than 4,700 security professionals from 25 countries found the average privacy budget doubled from $1.2M last year to $2.4M this year. This was true for organizations of different sizes. Additionally, 93% said privacy teams played a significant role in helping to manage corporate changes caused by the pandemic. Seventy-nine percent viewed the world's developing privacy laws as having a positive impact. 

Read More

21 Cisco privacy spend survey.jpg

Council of Europe issues guidelines on biometric facial recognition for business and governments

Warning that use of facial recognition technology poses a risk to individual privacy and can negatively affect human dignity and rights, the Council specified that it should only be employed on an appropriate legal basis. They said it should not be used in uncontrolled environments; in ways that may promote racial, sexual or religious discrimination; or to determine personality traits, sentiments, or personal mental health. 

Read More 

Consumer Reports Study uses authorized agents, but still finds big opt-out challenges

In a clear demonstration of how difficult it can be for consumers to exercise their privacy rights, Consumer Reports found that even trained agents could not get many requests done successfully. Utilizing California's "authorized agent" provision, 124 Consumer Reports agents reached out to 21 companies, including Airbnb, Amazon, Comcast, Home Depot and Starbucks to use Data Subject Access Requests (DSAR) and other company privacy preference mechanisms to make account changes. 

What they found were: 1) some companies claimed the opt-out didn't apply to them, 2) some added steps to the opt-out process or only partially complied, 3) and while 57% ultimately confirmed they stopped selling all or some data in response, 24% claimed not to sell data and 14% never confirmed that opt-outs had been processed.

Read More

U.S. SAFE TECH Act would be a game changer for internet accountability and advertising

A new bill introduced by Senate Democrats proposes to change Section 230, core U.S. legislation that shields social media and Internet providers from liability for publishing false or misleading information and from responsibility for the user content they publish. Section 230, which the New York Times quoted President Biden as saying should be "immediately revoked," gives the Internet companies unique immunity not granted to publishers or other media. The SAFE TECH Act would make an exception "when the provider or user has accepted payment to make the speech available," which would impact not only advertising but other kinds of paid services, including for premium web hosting. On the upside, the change would require more accountability from companies and would provide recourse to victims of cyberstalking and Internet harassment. 

Read More

Note: I'm currently reading Jeff Kossoff's excellent book, The Twenty-Six Words That Created the Internet, about Section 230 and its history.

In Brief: 

Triple Blind has new HIPAA-compliant clean room solution for healthcare market: Company offers a full suite of privacy tools and is also working with the Mayo Clinic to train algorithms on encrypted data to effect compliance and legal processing around shared data. Read More

Washington State unemployment records compromised in a breach: Records of 1.6M exposed, including Social Security numbers and banking data. Read More

Entrust privacy survey finds people think they are proactive, but often they're not: Of 1,000 people in the US and UK, 82% reported they maintain moderate data privacy.  But in practice 83% are somewhat comfortable sharing biometric data and 64% say they would consider trading data for more personalization and convenience.  Read More

Clearview AI back in the news, accused of violating Canadian privacy laws: The company disputes the charges but Canada's privacy watchdog plans to proceed with actions if Clearview doesn't cease collecting biometric data on citizens and delete all previously collected. Read More

CDP Institute News:

CDPI Slack channel --Join us to talk about privacy and martech.

CDPI Privacy Glossary - HIPAA, VCDPA

Share: https://www.cdpinstitute.org/newsletter/Blog1416/02-09-21-Privacy-Newsletter

The CDP Institute educates marketers about the issues, methods, and technology used to manage customer data, with a special focus on Customer Data Platforms. Join the CDP Institute for free access to valuable information and insights.


Join Now

© 2021 CDP Institute. Privacy Policy | Terms of Use