News Alerts and Breach Report for Week of October 9, 2023
Blackbaud Settles With U.S. Attorneys General
Fifty state attorneys general have settled with software company Blackbaud over the company’s inadequate data security practices and slow response to a 2020 ransomware incident that exposed the personal information of millions of consumers, including contact information, Social Security numbers, and financial records. The settlement requires Blackbaud pay a $49.5 million fine, to be distributed across 50 states—and commit to improving its data security and breach notification procedures, undergo third-party compliance assessments over a seven-year period, and enhance employee training, encryption, and dark web monitoring.
ICO: Snapchat AI Poses Risk to Children
The U.K.’s Information Commissioner's Office (ICO) has warned Snapchat that it may force the tech company to cease operation of its AI features, following an investigation where ICO found Snapchat’s generative AI features could create privacy concerns for minors. According to the BBC, ICO’s “code contains 15 standards that online services need to follow. This ensures they are complying with their obligations under data protection law to protect children's data online. The data watchdog stressed its findings are not final and it has not concluded that the company breached any data protection laws. The ICO said that if a final enforcement notice was to be adopted, Snap might not be able to offer the My AI function to UK users until the company carries out "an adequate risk assessment.”
Zendesk Expands Privacy Features
Customer experience solutions provider Zendesk last week unveiled improvements to its generative AI features, including an Advanced Data Privacy and Protection solution, which according to Diginomica, allows businesses to have greater control and flexibility over how they manage their customer data. Capabilities include enhanced encryption, which includes private keys and administrative control over key rotation and revocation. It also allows CX teams to redact email and shipping addresses, set retention duration and deletion timelines, and transparency into search longs to create more visibility into who interacts with data.
The Chinese Government Loosens Data Transfer Restrictions
The Cyberspace Administration of China (CAC) has issued draft regulations regarding cross-border data transfers, notably naming exemptions which can be read here.
BREACH REPORT:
* * * * * *
Jody Westby hosts our podcast, ADCG on Privacy & Cybersecurity, bringing together leaders in the privacy and cybersecurity arenas to discuss a wide range of issues ranging from the proposed federal and state regulations to best practices and standards for compliance. Episodes can be enjoyed on many platforms including Spotify and Apple Podcasts. Don’t forget to subscribe!
Our most recently released episodes:
100 | Looking at Cyber Risk Management: the Perspective Across the Pond
Guest: Dr. Peter Trim, Reader of Marketing and Security Management at the University of London’s Birkbeck Business School.
99 | The Power of Choice for Authentication
Guest: Sabrina Gross, regional director of strategic partners at Veridas.
98 | The Importance of Digital Asset Inventories in Incident Response
Guest: Ken Westin, Field CISO for Panther Labs.
97 | The Race Between AI and Laws
Guest: Scott Giordano, former vice president and general counsel for Spirion
To browse our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.
