NAAG Launches Cybersecurity Resource Center

Last week the National Association of Attorneys General (NAAG) announced a new initiative focused on cybersecurity. The NAAG Center on Cyber and Technology (CyTech) joins other NAAG centers focused on key public interests, and will focus on developing resources to help state attorneys general understand the technical aspects of the evolving cybersecurity landscape. The center will also develop resources that will help AGs conduct cybercrime investigations and prosecutions, and resources to aid AGs in ensuring resilient and secure infrastructure. CyTech will be led by Faisal Sheikh, and according to JD Supra, have the following objectives: “Serve as an information clearinghouse for state attorneys general on trending issues; Create a practice-based community to share information; Foster strategic partnership with other government agencies, academics, nonprofits, and the private sector; Develop a “tech boot camp” and “introductory/101” trainings on technology topics; and Create funding pathways for attorney general staff to attend key industry conferences and seek appropriate accreditations.”

FTC Cracks Down on Student Data Privacy

The Federal Trade Commission (FTC) released a policy statement last week outlining its new regulations for education technology companies. The FTC’s post on the policy statement noted that “it is against the law for companies to force parents and schools to surrender their children’s privacy rights in order to do schoolwork online or attend class remotely. Under the Children’s Online Privacy Protection Act, companies cannot deny children access to educational technologies when their parents or school refuse to sign up for commercial surveillance.” The post further notes that ed tech providers must comply fully with the COPPA Rule, which prohibits mandatory data collection from children, prohibits using children’s data for purposes other than those stated at collection, limits retention, and requires ed tech companies to have cybersecurity protections in place.

SEC Vows to Step up Cybersecurity Disclosure Enforcement

The Security and Exchange Commission laid out its regulatory agenda last week at the Securities Enforcement Forum West 2022. According to JD Supra, “Recent enforcement actions have made clear that a company may not publicly characterize cybersecurity risk in a hypothetical way when the company already has information that the risk has manifested. See, e.g., Yahoo!, Pearson.” In addition, SEC officials, citing Yahoo!, explained it is “critical” that public companies maintain adequate internal controls to bridge the gap between the information security team and those responsible for assessing the company’s disclosure obligations (e.g., attorneys and outside auditors).”

Data Summit 2022: What Organizations Need to Know About Data Privacy

Privacy Expert Jeff Jockish spoke at last week’s Data Summit 2022 in Boston. He spoke on a range of topics relevant to data privacy, including what businesses are getting wrong and right about data privacy. He advised that organizations adhere to eight key data privacy principles: Collection Limitation; Data Quality (accurate data is key); Purpose Specification (be clear upfront about what data is going to be used for); Use Limitations (only use data for necessary purposes); Security Safeguards (safety protocols are a must); Openness (privacy/consent notices must be clear and public); Individual Participation (data subjects must be allowed to see, correct, and delete data), and; Accountability (for data safety). Read more about these principles here.

BREACH REPORT

• Omnicell, Inc.
• Dis-Chem
• AvosLocker
• Brown Brothers Harriman & Co

* * * * * * *

Jeff Jockish also joins us this week on our Podcast to discuss the Data Collaboration Alliance. Our Podcasts are released every Thursday, here. They can also be enjoyed on Spotify and Apple Podcasts.

To read our coverage on Alvaro Bedoya, the new Commissioner of the Federal Trade Commission, click here.

To read our coverage on the California Age Appropriate Design Code Bill (AB 2273), which requires companies to consider the privacy and protection of children in the design of digital products and services click here.

To browse through our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.