Consumer software providers will soon have the option to label their software as compliant with National Institute of Standards and Technology (NIST) standards for software security. On November 1, 2021, NIST published its initial draft of this standard in a white paper titled “DRAFT Baseline Criteria for Consumer Software Cybersecurity Labeling” (the White Paper). The…
Privacy Experts Voice Concern Over FTC’s Data Privacy Agenda
The Federal Trade Commission (FTC) last week announced its intent to create and enforce new rules governing commercial surveillance—a term the FTC is using to describe the far-reaching ways that businesses collect and use consumer data. But privacy advocates are concerned with this approach. Tech Target cites experts like Ashely Johnson, senior policy analyst at the Information Technology and Innovation Foundation. Johnson says the FTC isn’t the right entity to make these rules because the agency’s rules are more changeable than laws passed by congress. “Every time the rules change, businesses would potentially have to completely overhaul their compliance efforts, and that would be very expensive and very complicated,” she said. Meanwhile Jessica Rich, former director of the FTC’s Bureau of Consumer Protection, says the FTC’s rules proposal “doesn’t look serious,” and called the lack of focus “striking,” at an International Association of Privacy Professionals event last week.
States Continue to Push Back on Federal Data Privacy Bill
Ten state attorneys general have signed a letter petitioning for amendments to the American Data Privacy and Protection Act (ADPPA). The letter, which was sent last month, specifically asks that the ADPPA not preempt state data privacy laws. California Governor Gavin Newsom also sent a letter at the same time requesting California’s data privacy laws take precedence over the ADPPA in California. And last week, the California Privacy Protection Agency (CPPA) sent a letter to House Speaker Nancy Pelosi and Minority Leader Kevin McCarthy opposing the preemption clause in the ADPPA. The opposition to ADPPA could stop its passage. Politico reports that even if the bill does leave the House, “it could face tough opposition in the Senate. Sen. Maria Cantwell (D-Wash.), who chairs the Senate Commerce Committee, is not backing the bill. Without her support, it’s unlikely to pass.”
Study Estimates Improving Privacy Practices Can Drive up Revenue
A new survey from privacy technology company TripleBlind found 94 percent of chief data officers (CDOs)—working in healthcare and financial services—estimated that deploying data privacy technology to comply with data privacy regulations would increase revenue for their organizations. That doesn’t mean data protection technology is a hole-in-one solution however. Betanews notes that according to the survey, “64 percent of respondents are concerned that employees at organizations with which they are collaborating will use data in a way not authorized in signed legal agreements.” And nearly as many respondents are concerned that these third-parties will manipulate or use sensitive data in a way that violates HIPAA and other data privacy regulations.
- Novant Health
- Florida EMS
- Practice Resources LLC
- DESFA (Greek natural gas operator)
- Brasseler USA
- NAF, Inc.
- Texas Meter & Device Company
* * * * * * *
To read our coverage on United Kingdom’s discussions around the newly-introduced Data Protection and Digital Information Bill (DPDIB), and its potential for reforming the UK’s data protection regime, click here.
To browse through our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.
David Navetta, vice chair of Cooley LLP’s cyber/data/privacy practice and a prominent leader in privacy, information security and technology law also joins Jody Westby on our Privacy and Cybersecurity podcast released today to discuss the differences between cybersecurity governance and privacy governance, what are the critical activities in privacy governance, what actions are the hardest for organizations to implement, and how privacy governance will evolve in the future. Our Podcasts are released weekly (usually Thursdays and schedule permitting), here. They can also be enjoyed on Spotify and Apple Podcasts. Don’t forget to subscribe!