News Alerts and Breach Report for Week of August 1, 2022

Ireland Appoints New Privacy Commissioners

Last week the Irish government announced the appointment of two new data privacy commissioners to its Data Protection Commission (DPC). According to Reuters, “Minister for Justice Helen McEntee said the appointments will support existing commissioner Helen Dixon and improve the commission’s ability to handle an increased workload and increasingly complex investigative requirements.” Ireland is the European home of tech giants like Google and Facebook, and thus is responsible for regulating them. Ireland’s DPC has increased its workforce from 27 in 2014 to 195 today.

Facebook Hit With Health Privacy Lawsuit

An unnamed patient at UCSF Medical Center and Dignity Health Medical Foundation has alleged that Meta, parent company of Facebook, collected her medical data without her consent. The lawsuit claims that the patient entered her data into the medical center’s online patient portal, which contained a snippet of javascript code called Meta Pixel. Meta Pixel, created by Meta, tracks online web users as they move from site to site, logging activity, buttons clicked, and even data entered into forms. A similar lawsuit was filed against Meta last year by a patient of MedStar Health in Maryland.

Amazon Web Services Enhances Training Program

AWS has launched a redesigned security competency program for its users. According to SDXCentral, “the program now includes a new competency, the AWS Level 1 Managed Security Service Provider (MSSP) Competency, “which includes six new specialization categories to help customers discover partner solutions that have been validated for 24/7 monitoring and response services.” The program encompasses eight categories that address over 40 customer use cases, “including identity and access management, threat detection and response, infrastructure security, data protection, compliance and privacy, application security, perimeter protection, and core security.”

TSA Issues Revised Pipeline Security Directives

The Transportation and Security Administration—which oversees cybersecurity standards for critical pipelines that carry natural gas or hazardous liquid—has issued revised security directives for such pipelines. The directives build on those issued in July 2021, and according to TSA’s release, pipeline owners and operators must, “establish and execute a TSA-approved Cybersecurity Implementation Plan that describes the specific cybersecurity measures the pipeline owners and operators are utilizing to achieve the security outcomes set forth in the security directive; develop and maintain a Cybersecurity Incident Response Plan that includes measures the pipeline owners and operators will take in the event of operational disruption or significant business degradation caused by a cybersecurity incident; and, establish a Cybersecurity Assessment Program to proactively test and regularly audit the effectiveness of cybersecurity measures and identify and resolve vulnerabilities within devices, networks, and systems.”

BREACH REPORT

* * * * * * *

To read our coverage on the National Institute of Standards and Technology (NIST) updates to its cybersecurity guidance for the healthcare industry which “helps health care organizations protect patients’ personal health information, click here.

To read our coverage on the California Privacy Rights Act of 2020 (CPRA), and its several amendments to the California Consumer Privacy Act of 2018 (CCPA) which require organizations to train employees on security and data privacy, click here.

To browse through our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.

Patrick J. Kennedy, Jr. and Dub Sutherland of Kennedy Sutherland LLP join Jody Westby on our Privacy and Cybersecurity podcast this week to provide a macro level view of the business challenges associated with current privacy laws, a looming cyber threat environment, and a lack of cyber governance by many boards and C-suites. New episodes of the ADCG Podcast are released Thursdays and can be found here. They can also be enjoyed on Spotify and Apple Podcasts. Don’t forget to subscribe!

Previous
Previous

Why Vendors Shouldn’t be Shaping Your Data Modeling Approach

Next
Next

CPRA Training Requirement