Cybersecurity

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Data Protection Impact Assessments: Are You Ready? | Privacy World

Introducing Our AI Webinar Series | Privacy World

Scott Warren

On May 8, 2023, the Online Criminal Harms Bill[1] (Bill) was introduced for its first reading in Singapore’s Parliament.

The Bill empowers a competent public authority[2] to issue any of five distinct types of directions:

  1. A Stop Communication Direction, which requires a person or entity to remove, stop posting or transmitting, and/or disable access to online criminal content so it is not accessible by any persons in Singapore.
  2. A Disabling Direction, which requires an online service provider (such as a social media platform or instant messaging provider) to disable access to specified content, such as material that had been posted or transmitted on or through an online service. This extends to disabling access to any identical copies of the relevant material, as well as to any location on the online service from where the content could be retrieved.
  3. An Access Blocking Direction, which requires an internet service provider to block access by persons in Singapore to any material or location such as a website.
  4. An Account Restriction Direction, which requires an online service provider to stop or restrict interaction between an account on its online service from communicating and interacting with any persons in Singapore.
  5. An App Removal Direction, which requires an app store to stop distributing an app to, and to stop enabling the download of this app by, any persons in Singapore.


Continue Reading Singapore Introduces New Law to Order Removal, Blocking of Harmful Online Content

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

NIST Not Voluntary in the Volunteer State: Tennessee Privacy Law Requires Comprehensive Written Privacy Program that Conforms to a Voluntary

2023 has swiftly become the year of the U.S. National Cybersecurity Strategy.  On March 2, 2023, the Biden Administration issued its National Cybersecurity Strategy brief, outlining its vision to: (1) defend critical infrastructure; (2) disrupt and dismantle threat actors; (3) shape market forces to drive security and resilience; (4) invest in a resilient future; and (5) forge international partnerships to pursue shared goals. In furtherance of the goal to defend critical infrastructure, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default” (the “Report”), on April 13.

Calling the current state of technology “vulnerable by design,” the Report aims to encourage technology manufacturers to integrate security into their products from the ground up, factoring security into product development beginning at the design phase.  In addition to the CISA, several American security agencies (the National Security Agency and Federal Bureau of Investigation) and international cybersecurity agencies (from Australia, Canada, the United Kingdom, Germany, the Netherlands, and New Zealand) collaborated to provide a unified recommended approach to the development of both software and hardware.  Below, we break down what the Report means for the tech sector.

Continue Reading New CISA Guidelines Lay Out Unified International Principles on Security-by-Design and Security-by-Default

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Law360 Publishes “CFPB’s Hazy ‘Abuse’ Definition Creates Compliance Questions” Article by Keith Bradley and David Coats | Privacy World

Governor

This week a federal court in the Southern District of New York dismissed a privacy litigation brought against a website operator for claims under the federal Video Privacy Protection Act (“VPPA”), holding the allegation that plaintiffs had electronically subscribed to defendant’s newsletter was not sufficient for them to qualify as “subscribers” under the VPPA.  Carter v. Scripps Network LLC, Case No. 1:22-cv-02031 (S.D.N.Y.)

As Privacy World has previously covered, dozens of website operators have been named as defendants recently in putative class actions, with claims also being filed in arbitration, for alleged violation of the VPPA.  In many circumstances, plaintiff in such cases allege that the defendant improperly disclosed their video viewing history to social media companies for advertising purposes.  Because this ruling limits the scope of claims that can be brought under the VPPA and is persuasive authority in other pending cases, it will likely be relied upon by defendants going forward.

Continue Reading Federal Court Dismisses Privacy Claims Brought Against Website Operator, Finding Online Subscriptions for Electronic Newsletter Insufficient To Impose Liability Under Federal Video Privacy Protection Act

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

New York Releases Data Security Guide to Help Businesses Protect Personal Information | Privacy World

Selfie ID Biometric Verification Vendor’s

One of the most notable trends in Illinois Biometric Information Privacy Act (“BIPA”) class action litigation is the marked increase in the number of class actions targeting third-party biometric technology vendors, such as identity authentication systems and employee timekeeping devices. Importantly, because these vendors do not maintain any direct relationship with the end users of

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Divided SEC Proposes Slew of Cybersecurity Regulations for Securities Market Entities | Privacy World

Utah’s Social Media Regulation Act Signed

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

2023 State Privacy Laws and Regulations Bring Extensive Data Protection Assessment Requirements | Privacy World

Priority Topics for French CNIL