News Alerts and Breach Report for Week of December 5, 2022
New Privacy Laws Taking Effect Next Year
Five new privacy laws will come into effect in 2023. State laws from California and Virginia will take effect January 1, 2023, while laws from Colorado, and Connecticut laws will take effect in July 2023, and Utah’s will be enforceable starting in December 2023. What does this mean for businesses and consumers? SD Times asked Himanshu Shukla, co-founder and CEO at privacy automation company LightBeam, to weigh in on the commonalities in the law, and he suggests data controllers ask themselves the following questions to begin assessing compliance: “Are you providing notice to the user? Do you have consent on how to use the data? Are you providing access to the end user? How are you securing the data? Do you have the necessary workflows in place to implement the first four tenets?” For ADCG’s explainers on each of the state privacy laws, click on the state names above.
TikTok Takes Steps to Keep Data Private
As a Beijing-based entity, TikTok’s parent company, ByteDance, has faced scrutiny from U.S. lawmakers over how it protects user data, and whether it shares the data of U.S. users with the Chinese government. Last week at the New York Times’s Dealbook Summit in New York, TikTok Chief Executive Shou Chew said his company is taking steps to make sure data from its U.S. users can only be accessed by U.S. residents. “In the future, we’re going to organize by moving the data to the Oracle data cloud infrastructure and only U.S. residents can access it,” he said, further adding that TikTok selected Oracle as a cloud provider because of its strong security protocols, and that all TikTok’s data is stored in Singapore and Virginia, presumably out of reach of the Chinese government, which the Biden administration considers to be an adversary. The Wall Street Journal notes that, “earlier at the Times event, Treasury Secretary Janet Yellen said ‘there are legitimate national security concerns’ about TikTok, without citing specifics.”
Australia Signs Privacy Bill into Law
Last week, The Parliament of Australia approved the Privacy Legislation Amendment Bill 2022. The bill amends the Privacy Act of 1988 with dramatically higher fines for violations and brings Australian privacy law in closer alignment with the European Union’s GDPR. Read ADCG’s explainer here.
Federated Learning Study Released
Intel Labs and the Perelman School of Medicine at the University of Pennsylvania (Penn Medicine) announced the largest study using federated learning that’s been conducted to date. Federated learning is a technique that builds anonymized data models and machine learning to glean insight from sensitive data sets. In this case, researchers were able to glean insights about brain tumor patients and avoid violating HIPPA standards by keeping sensitive personal data separate from analytical processes. This, according to Yahoo, “addresses numerous data privacy concerns by keeping raw data inside the data holders’ compute infrastructure and only allowing model updates computed from that data to be sent to a central server or aggregator, not the data itself.”
Breach Report:
* * * * * * *
To read ADCG’s Explainer on an organization’s used of data clean rooms and if they can truly keep data private, click here.
To browse through our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.
Jody Westby hosts our podcast, ADCG on Privacy & Cybersecurity, bringing together leaders in the privacy and cybersecurity arenas to discuss a wide range of issues ranging from the proposed federal and state regulations to best practices and standards for compliance. Episodes can be enjoyed on many platforms including Spotify and Apple Podcasts. Don’t forget to subscribe!
New release tomorrow: Episode 83 will feature Matthew Esworthy, partner at Bowie-Jensen LLP, discussing geofence warrants and their use by law enforcement in investigating the January 6 insurrection.
New podcast episode release tomorrow: Episode 83 will feature Matthew Esworthy, partner at Bowie-Jensen LLP, discussing geofence warrants and their use by law enforcement in investigating the January 6 insurrection.
Our most recently released episodes: