This week: Amazon settled privacy and cybersecurity investigations with the U.S. FTC, SAS received a $3 million extortion demand and apparently Ukrainian hacktivists penetrated Russia's Skolkovo Foundation. Plus, breaches at Onix Group and Toyota and a warning about Salesforce "ghost sites."
Amazon agreed to pay $5.8 million to settle a Federal Trade Commission investigation into allegedly poor cybersecurity practices by its Ring home surveillance device subsidiary. The company is also poised to come under two decades' worth of outside reviews of a mandated data and security program.
Federal regulators are aiming to protect patient information shared on websites. It's increasingly important for healthcare sector entities to take a careful and proactive approach in how they are using website tracking and analytics technologies, said Lokker CEO and privacy expert Ian Cohen.
In the latest weekly update, ISMG editors discuss top takeaways from Ukraine's cyber defense success, how a European regulator suspended Facebook data transfers to the United States, and the state of the EU General Data Protection Regulation on its five-year anniversary.
German prosecutors on Monday indicted four executives of insolvent commercial spyware firm FinFisher for illegally exporting their hacking tool to Turkey. The indictment comes as a European Parliament committee concluded an investigation of bloc members' use of commercial spyware.
The American Hospital Association is urging federal regulators to back off from recent guidance that treats patient IP addresses as protected health information, saying that the new rules would "reduce public access to credible health information" and create hardships for doctors and hospitals.
Five years after the effective date of the General Data Protection Regulation, the European Union privacy law - hailed as a way to protect the privacy of citizens in an increasingly digital world - continues to be marred by criticism over its lack of effectiveness and uneven implementation.
European Union lawmakers have criticized the British government's updated privacy bill over concerns that it fails to adequately protect European citizens' fundamental rights. Lawmakers also heard from the Irish data authority on the status of its pending TikTok inquiry.
The Federal Trade Commission's proposed changes to its 14-year-old Health Breach Notification Rule come at a time when some advocates say stronger consumer data privacy protections are needed. But will the FTC potentially face legal challenges to its authority to make these sweeping changes?
The Federal Trade Commission on Thursday made a few bold moves to ramp up its oversight of data privacy. They include issuing a notice of proposed amendments to its Health Breach Notification Rule and releasing a policy statement warning of heightened scrutiny over the use of biometric information.
The French data protection authority on Tuesday signaled increased concerns over the privacy impacts of generative artificial intelligence and said issues such as data scraping raise data protection questions. Data scraping by AI companies is a flashpoint in the technology's rollout.
The Federal Trade Commission has barred the developer of fertility tracking app Premom from sharing users' personal health data with third parties for advertising purposes and has fined the vendor $100,000 for alleged violations of the agency's Health Data Breach Notification Rule.
Organizations of all types have important work ahead to comply with Washington state's new My Health My Data Act, which pertains to any entity - inside or outside the state - that handles health data of consumers in the state, said Cat Kozlowski, attorney at law firm Polsinelli.
In the latest weekly update, ISMG editors discuss how the Feds have dismembered Russia's 'Snake' cyberespionage operation; the ongoing debate over privacy laws and regulations in the APAC region; and why more companies are banning the use of generative AI tool ChatGPT.
A recently proposed federal rule would prohibit healthcare organizations from disclosing to law enforcement patient information related to obtaining or providing an abortion. If enacted, it will address longstanding loopholes in healthcare privacy, said attorney Kathleen McGee.