When you work in privacy, it seems like you’re seeing privacy incidents and data breaches everywhere. Turning to the headlines of today’s popular media outlets, you then realize it’s not just your imagination. Organizations are reporting major data breaches regularly, regulators are issuing newsworthy and costly fines, and as a result privacy concerns are very much in the public eye.
This is a moment when you can spot the privacy professional veterans. They’re the people who “keep calm and carry on,” who aren’t breathing heavily into a paper bag every time a new report indicates the rising tide of risk to our organizations. Because, while privacy is enjoying more of the limelight these days, the central concern to privacy professionals has not changed: privacy professionals protect data and ensure that organizations are good stewards of the information entrusted to them.
In that spirit, here are some of the attention-grabbing news items concerning privacy in the last week or so. Read on, and don’t forget to keep calm and carry on:
- A new headline for Facebook: the Privacy Commissioner of Canada and the Information and Privacy Commissioner for British Columbia have reported their findings of their joint investigation of the company, including that the company failed to obtain consent, and had inadequate safeguards. Facebook also announced shares are up 26 percent in the first quarter, and that they have set aside $3B related to the inquiry by the FTC.
- In discussions with privacy executives, Gartner reveals that just four in 10 privacy executives are confident in keeping up with complexity and cost of meeting regulatory requirements under regulations such as the GDPR and California Consumer Privacy Act (CCPA), citing the lack of an information governance framework that can adapt to new regulations.
- Speaking of the CCPA, a new California Assembly bill (AB 1760) has been introduced that would substantially rewrite the CCPA. Here’s a link to read that proposal in full.
- California isn’t the only state making moves to amend their data breach regulations. Pennsylvania has a proposed senate bill that adds some unusual elements to their definition of personal information, including information regarding food purchases. And Mississippi has just passed its Insurance Data Security Law, effective July 01, 2019. This cybersecurity insurance law borrows heavily from the NAIC model law, indicating a trend as South Carolina, Ohio, and Michigan have each enacted a similar law for insurers in the last year.
If you’d like to share what privacy and data breach news is currently on your radar, we would love to hear from you at [email protected].