News Alerts and Breach Report for Week of August 15, 2022
FTC Announces New Data Privacy Rules
In a statement released August 11, FTC Chair Lina Khan announced an Advance Notice of Proposed Rule making for new rules on commercial surveillance. Khan said, “The growing digitization of our economy—coupled with business models that can incentivize endless hoovering up of sensitive user data and a vast expansion of how this
data is used—means that potentially unlawful practices may be prevalent.” The FTC’s announcement notes public health concerns around commercial surveillance, especially when it is used to create services that may be addictive to children and harmful to mental health. Further, the FTC notes concern that the algorithms tech companies use to gather and analyze data are prone to bias and inaccuracies, which could lead to discrimination based on race, gender, and age. The announcement notes that the FTC Act—which has been used by the FTC thus far to protect sensitive consumer data—lacks teeth due to its lack of ability to leverage financial penalties. The FTC is seeking public comment on rules that would enhance its enforcement powers. Commentary is due by early October, 60 days after the Notice of Proposed Rule making was announced.
Security Researcher Releases Email Spamming Tool
Troy Hunt, the security researcher responsible for the Have I Been Pwned website, which allows internet users to check if their credentials have been compromised in a breach, has released a new tool to dupe scammers. Password Purgatory is an API that invites email spammers to make an account to “truly empower real-time experiences,” then leads them through an endless gauntlet of password creation. The catch is that there’s no possible way to meet all of the password requirements, meaning would-be scammers eventually give up after
wasting some time trying. It’s probably not an effective solution for combating the insidious and far-reaching effects of email phishing, but it is funny.
Data Privacy Advancing in Africa
According to Mondaq, companies across industries have identified a swatch of African countries as growth markets: “Tech companies, consumer packaged goods manufacturers, and retailers have focused on Africa as a growth market for their products and services as user adoption in the United States and European Union has flattened. As a result, and in the wake of the European Union’s General Data Protection Regulation (“GDPR”),
many African countries have heeded the call for data protection laws.” At least 33 African countries have some sort of data privacy law right currently, and many of those laws share some similarities with the EU’s GDPR and California’s CPRA. Organizations doing business with African countries or looking to expand to this growth market should review individual laws here, and stay tuned for ADCG’s comprehensive privacy guide for African countries.
BREACH REPORT:
* * * * * * *
To read our coverage on New York State Department of Financial Services (NYFDS) request for public comment on their proposed amendments to their cybersecurity requirements for financial services companies, the Cybersecurity Requirements for Financial Services Companies (Part 500), click here.
To read our coverage on the New York State Supreme Court’s Appellate Division issuing a joint order requiring attorneys that are newly admitted to the New York State Bar to complete cybersecurity continuing legal education, click here.
To browse through our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.
New podcast episodes are released on Thursdays, here. They can also be enjoyed on Spotify and Apple Podcasts. Don’t forget to subscribe!