News Alerts and Breach Report for Week of March 6, 2023
Congress Holds Data Privacy Hearing
The Congressional Subcommittee on Innovation, Data, and Commerce held a hearing last week to discuss the American Data Privacy and Protection Act (ADPPA). Titled, “Promoting US Innovation and Individual Liberty through a National Standard for Data Privacy,” the hearing—according to Cobun Zweifel-Keegan, managing director in Washington, D.C. for the International Association of Privacy Professionals (IAPP)—was a fresh start, and a way to set the table for passage of national privacy legislation. “There are a lot of voices on the hill and in the community that really want to carry that momentum forward,” Keegan said. “I think it’s just going to be a question of whether all of the right stakeholders can get involved.” Some of those key stakeholders can include working groups like the Computer & Communications Industry Association, which filed comments—about the intersection of data privacy, equity, and civil rights—with the Commerce Department’s National Telecommunications and Information Administration (NTIA) last week.
Hong Kong Eyes Data Privacy This Year
This could be the year that Hong Kong finishes revising its Personal Data (Privacy) Ordinance (Cap.486) (the PDPO). Efforts have been underway since 2020, when the Constitutional and Mainland Affairs Bureau published a discussion paper seeking opinions on revisions from the Legislative Council’s Panel on Constitutional Affairs. Now, per Data Protection Report, the Privacy Commissioner for Personal Data (the PCPD), is working with the government to review the PDPO and draft concrete amendments. PRoposed amendments at this stage would include: “establishing a mandatory data breach notification mechanism, requiring formulation of a data retention policy, empowering the Privacy Commissioner to impose administrative fines, and introducing direct regulation of data processors.”
FTC Proposes Settlement With BetterHelp Over Data Privacy
According to a Federal Trade Commission(FTC) press release, telehealth company BetterHelp repeatedly pushed people to reveal sensitive health information, which it promised to keep private via statements like: “Rest assured – any information provided in this questionnaire will stay private between you and your counselor.” But the FTC says in its opinion that BetterHelp did anything but keep its promises to consumers, and in fact shared consumers information with major advertising platforms including Facebook, Snapchat, Criteo, and Pinterest. At one point, the complaint says, BetterHelp went so far as to hand over the IP addresses and email addresses of 5.6 million former users in order to target them with BetterHelp ads. The eight-count complaint details BetterHelp’s allegedly deceptive and unfair practices and the way that the FTC says they harmed consumers. A proposed fine of $7.8 million will be used to provide partial refunds to people who signed up for and paid for BetterHelp’s services between August 1, 2017, and December 31, 2020. This incident should serve as yet another reminder that the FTC is taking data privacy very seriously.
Breach Report:
* * * * * * *
To read our latest article, Practical Guidance: The Technical Side of Compliance, click here.
Jody Westby hosts our podcast, ADCG on Privacy & Cybersecurity, bringing together leaders in the privacy and cybersecurity arenas to discuss a wide range of issues ranging from the proposed federal and state regulations to best practices and standards for compliance. Episodes can be enjoyed on many platforms including Spotify and Apple Podcasts. Don’t forget to subscribe!
Our most recently released episodes:
87 | Artificial Intelligence & Chatbots…Helpful or Harmful? (With guest Heather West)
86 | Using Tools to Help Manage Incident Response (With guest Lauren Wallace)
85 | How Incident Response Has Changed (With guest Violet Sullivan)
To browse our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.