Update and note: After this post appeared and was posted on Mastodon, some people complained about the original headline, characterizing it as “clickbait.” That was not my intention. I was just trying to accurately describe what I saw as the most noteworthy part of the situation without mentioning either CSAM or CP in the headline…
Category: Federal
Breach Victims Have Standing When Data Misused, 1st Circuit Says
Christopher Brown reports: A data-breach victim whose personal information was subject to actual misuse has standing to sue the entity that suffered the breach, a federal appeals court said. Plaintiff Alexsis Webb plausibly alleged an injury-in-fact sufficient to confer standing to sue Injured Workers Pharmacy Inc. based on her allegation that information stolen from the…
FTC Says Genetic Testing Company 1Health Failed to Protect Privacy and Security of DNA Data and Unfairly Changed its Privacy Policy
The Federal Trade Commission charged that the genetic testing firm 1Health.io left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted, and changed its privacy policy retroactively without adequately notifying and obtaining consent from consumers whose data the company had already collected. As part of a proposed settlement with the…
Banks, Institutions Pay Over N200m Fines for Exposing Privacy Rights of Nigerians
Victor Enengedi reports: A total sum exceeding N200 million has been collected by the Federal Government from at least seven banks and various other institutions. The Federal Government collected these payments from these financial institutions as a consequence of their infringement upon the data privacy rights of Nigerian citizens. Read more at Legit. (If I’m…
Rural hospital cybersecurity protection bill moves forward
Noah Schwartz reports: The Rural Hospital Cybersecurity Enhancement Act made it out of committee and will now head to the Senate floor. The bipartisan legislation sponsored by Republican Sen. Josh Hawley and Democratic Sens. Josh Ossof and Gary Peters would require the Cybersecurity and Infrastructure Agency to develop workforce recruitment and cybersecurity training materials for rural hospitals….
SEC Delays Cybersecurity Rules
Micaela McMurrough, Ashden Fein, Caleb Skeath, and Shayan Karbassi of Covington & Burling write: Earlier this week, the Securities and Exchange Commission (“SEC”) published an update to its rulemaking agenda indicating that it does not plan to approve two proposed cyber rules until at least October 2023 (the agenda’s timeframe is an estimate). The proposed…