Any nonbank institution looking to protect against, mitigate and respond to cybersecurity threats should take advantage of the Conference of State Bank Supervisors’ (CSBS) new cybersecurity examination tool. Unveiled during the Nationwide Multistate Licensing System Annual Conference in February, the resource is designed for state regulators to use during examinations, and for organizations to self-evaluate…
Speaker Pelosi Makes Statement on Federal Data Privacy
House Speaker Nancy Pelosi issued a statement last week on the American Data Privacy and Protection Act, which has advanced out of the Energy and Commerce Committee. Pelosi commended the work of the committee, but sided with California Governor Gavin Newsom in the ongoing debate over whether the ADPPA should be allowed to preempt existing state laws, like California’s, which offer more protection. She noted: “Governor Newsom, the California Privacy Protection Agency and top state leaders have pointed out the American Data Privacy and Protection Act does not guarantee the same essential consumer protections as California’s existing privacy laws. Proudly, California leads the nation not only in innovation, but also in consumer protection. With so much innovation happening in our state, it is imperative that California continues offering and enforcing the nation’s strongest privacy rights. California’s landmark privacy laws and the new kids age-appropriate design bill, both of which received unanimous and bipartisan support in both chambers, must continue to protect Californians — and states must be allowed to address rapid changes in technology.”
Ireland’s DPC Fines Instagram
Irish regulators fined Instagram 405 million euros last week over the company’s mishandling of teenagers’ data. The complaint stems from teenage users switching their personal accounts to business accounts, which allowed them to display their contact information on their profiles and see how many likes their posts got. Allowing teenagers to be publicly associated with their contact information violates the EU’s GDPR. Meta, which owns Instagram, has vowed to fight the fine.
FTC Sues Data Broker
The Federal Trade Commission filed a lawsuit against data broker Kochava last week, alleging that the Idaho-based broker knowingly sold geolocation data, “that could be used to trace individuals to sensitive locations, such as reproductive health clinics, domestic violence shelters, and places of worship,” Health IT Security writes. The FTC stated in a press release that, “The FTC alleges that by selling data tracking people, Kochava is enabling others to identify individuals and exposing them to threats of stigma, stalking, discrimination, job loss, and even physical violence. The FTC’s lawsuit seeks to halt Kochava’s sale of sensitive geolocation data and require the company to delete the sensitive geolocation information it has collected.”
Michigan Governor Calls on Big Tech to Protect Privacy
Governor Gretchen Whitmer sent a letter last week to five of the world’s biggest tech companies—Apple, Alphabet, Amazon, Meta, and Microsoft—calling on them to take additional steps to protect sensitive personal data from being weaponized by extremists. The letter follows reports of law enforcement using Facebook to target women seeking abortions in other states: “We know the risks of someone getting access to our data. If it fell into the wrong hands, our digital footprint could tell someone where we are, who we were with, what we bought—even intimate details about our health. Without adequate protections, that data could be used to go after women seeking reproductive health care or to prosecute nurses and doctors for doing their jobs,” Whitmer said.
* * * * * * *
To read our explainer on zero party data and what you need to know as a business or consumer, click here.
To browse through our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.