News Alerts and Breach Report for Week of September 19, 2022
Phishing Attacks on the Rise, and Other Data Privacy Trends in Asia
A recent Kaspersky report noted that more than 11 million phishing links were blocked by its Anti-Phishing system a year in Southeast Asia, primarily in Vietnam, Indonesia and Malaysia. That rise in attacks, driven in part by the decreased security associated with more remote work, is one of four trends that JD Supra has identified as being most prominent in Asia right now. Even as phishing attacks rise, breaches are being detected more quickly. M-Trends noted the median time taken to detect a cyberattack in the Asia Pacific region dropped from 76 days to 21 days. Meanwhile on the legislative front, 70 percent of countries in the region now restrict cross-border transfer of personal data, and 10 countries now have breach notification laws in place. The region lags in enforcement action, with only two countries enforcing security requirements “visibly” and “aggressively.”
California Governor Signs New Law Protecting Children’s Privacy
Governor Gavin Newsom last week signed into law the California Age-Appropriate Design Code Act. According to the announcement, the act “requires online platforms to consider the best interest of child users and to default to privacy and safety settings that protect children’s mental and physical health and wellbeing.” Specifically, AB 2273 prohibits companies that sell online services, products or features from collecting, selling, or retaining a child’s geolocation, profiling a child user by default, or encouraging child users to provide personal information. The bill is aimed at reducing the effects of technology addiction on children. Read more here.
IAPP Reviews Proposed Changes to Federal Data Privacy Act
As Congress makes changes to the American Data Privacy and Protection Act (ADPPA), the International Association of Privacy Professionals (IAPP) has broken down key amendments. The biggest change comes in the definition of “covered entity,” which has been updated to include entities that collect, process or transfer covered data acting on behalf of government entities–only to the extent that the data processing activities directly relate to services those entities provide to the government. Previously, an unintended exemption applied to these types of processors. Other entities that are covered in new amendments include high impact social media companies, which are defined as “a covered entity that generates $3 billion or more in annual revenue, has 300 million or more monthly active users on its platform, and ‘constitutes an online product or service that is primarily used by users to access or share user-generated content.”’ Other updates to the bill include increased frequency of consumer access reporting (providing data on how many consumers request data deletion, for example) and updated considerations for consumers with disabilities. IAPP’s report can be read here.
BREACH REPORT
* * * * * * *
To read our article on South Korea’s Personal Information and Protection Commission announcement that it will levy more than $70 million in fines against Google and Meta Platforms Inc. (Facebook) over alleged privacy violations, click here.
To browse through our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.
This week our guest, Cory Simpson, Founder & CEO of Gray Space Strategies LLC, will join our host Jody Westby to discuss the relationship between privacy, cybersecurity, and national security. New episodes are generally released each week, here. They can be enjoyed on Spotify and Apple Podcasts. Don’t forget to subscribe!
Our most recently released episodes:
77 | Privacy & Cybersecurity Whistleblowers: A New Trend?
76 | Privacy Governance v. Cybersecurity Governance
75 | Cybersecurity and Cyber Insurance: Claims, Costs, and Chaos
Next week’s guest, Carlos Solari, VP of Product for SecureG, Inc., will discuss 5G availability, how an orchestrated 5G attack could occur, how to rethink the security problem with 5G, and how 5G is connected to national security.