The UK Information Commissioner’s Office (ICO) recently finalized its Age-appropriate design: a code of practice for online services (the code). The code applies to any “relevant information society services which are likely to be accessed by children” (by which the ICO means minors under age 18), whether designed for kids or general audiences. The new
On January 7, 2020, the National Institute of Standards and Technology (NIST) released a draft of revised cybersecurity recommendations for IoT devices at both the pre-market and post-market stages. NISTIR 8259, Recommendations for IoT Device Manufacturers: Foundational Activities and Core Device Cybersecurity Capability Baseline, identifies six voluntary steps manufacturers should take to account
Businesses that rely on standard contractual clauses (SSCs) to transfer personal data outside the European Economic Area (EEA) just got good news. The long-awaited decision from the EU Advocate General (AG) is here: SCCs are valid. The AG’s opinion, although non-binding, is significant for the case brought by Austrian privacy activist Max Schrems against Facebook,
You know that movie where a person thinks they’ve barricaded themselves in their house against a stalker, only to grasp the awful realization that the threat is “coming from inside the house”? Unbeknownst to you, that threat may, in fact, be coming from your smartphone, according to a complaint by the Federal Trade Commission (FTC).
In the two decades following the enactment of the Children’s Online Privacy Protection (COPPA) Rule, technological developments have changed the online landscape considerably. Recognizing this, the Federal Trade Commission (FTC) held a public workshop on October 7, 2019, to discuss whether, given the proliferation of smart devices, video games, online channels, and EdTech, the Rule,
After protracted litigation, the Federal Trade Commission (FTC) entered into a proposed settlement with computer software manufacturer D-Link over charges that the company misrepresented the security of its wireless routers and Internet-connected cameras and failed to take reasonable software testing and remediation measures to protect the devices.
As we previously reported, part of the
Earlier this week, the UK Information Commissioner’s Office (ICO) announced its intent to fine British Airways £183,390 million ($230 million) and its intent to fine Marriott International more than £99 million ($123 million) for violations of the General Data Protection Regulation (GDPR) arising out of data breaches. The ICO investigated the breaches as the lead
The Federal Trade Commission (FTC) entered into a proposed settlement with LightYear Dealer Technologies, LLC (aka DealerBuilt) on June 12, 2019, over allegations of lax consumer privacy protections. While no fines were levied, the order is remarkable for its detailed and extensive requirements governing the company’s future data privacy practices and the FTC’s role in
After hacks of two websites, i-Dressup.com and ClixSense.com, resulted in the compromise of personal information for millions of users – including, in the case of i-Dressup, hundreds of thousands of children under 13 – the Federal Trade Commission (FTC) issued complaints against the websites and their operators for lax security and other privacy violations. Notably,
New research from security company Kaspersky Labs suggests that the use of ransomware is now so widespread that nearly every moment, a ransomware attack is being launched somewhere in the world on businesses and consumers.
Ransomware, or malicious software that infiltrates computer systems and uses tools like encryption to deny access or hold data “hostage”