News Alerts and Breach Report for Week of March 20, 2023

Iowa Legislature Passes Data Privacy Bill

Iowa is a signature away from passing a data privacy bill. Last week, the Iowa House passed Senate Bill 262, which had already been approved by the Iowa Senate on March 6, was passed by the Iowa House on March 15, and if signed into law by Governor Kim Reynolds, will take effect January 1, 2025. The bill closely mirrors state privacy laws in California, Virginia, Colorado, and generally, the six states that have already passed comprehensive consumer data protections. Key provisions would grant consumers the right to know when and how their data is being processed, the right to opt-out of having certain kinds of personal data processed and sold, and the right to receive a copy of their data from controllers. As with other laws, consumers must have clear insight into all uses of their data. When controllers use third-party processors, a contract must include a clause that holds all people involved in processing to a duty of confidentiality, and to obey data retention laws. ADCG will publish a full report on the bill law when it is signed into law. Notably absent from Senate Bill 262 is a private right of action, a point of contention that’s stopped similar state bills from passing. The bill would also not require businesses to recognize “do not track” requests or allow consumers to correct inaccuracies in their data.

Argentina Releases ISP Privacy Report

Internet Service Providers (ISPs) in Argentina have improved their data privacy practices, but haven’t quite figured out how to handle government requests for user data. That’s according to a new report by digital rights group ADC. The report checks, according to EFF, “whether ISPs commit to only collect data for specific, explicit, and lawful purposes and stick to those purposes when processing user data; ensure the data they process is true, adequate, relevant, and not excessive in regard to the purposes of collection; and adopt security measures to protect user data.”

French Data Protection Authority Releases 2023 Priorities

According to a recent post released by France’s data protection authority, CNIL, 2023 enforcement will focus on “the use of “smart” cameras by public entities, how banks use personal credit repayment incident history to judge creditworthiness, and how medical records are kept private. Other priorities include privacy in mobile apps, and one from the European Data Protection Board (EDPB): “a coordinated enforcement to assess whether the Data Protection Officers (DPO) have the position required by the GDPR in their organization.”

Breach Report

* * * * * * *

To read our latest article on the recent updates to Pennsylvania’s Data Privacy Law, click here.

Jody Westby hosts our podcast, ADCG on Privacy & Cybersecurity, bringing together leaders in the privacy and cybersecurity arenas to discuss a wide range of issues ranging from the proposed federal and state regulations to best practices and standards for compliance. Episodes can be enjoyed on many platforms including Spotify and Apple Podcasts. Don’t forget to subscribe!

Our most recently released episodes:

88 | TikTok: A Path for Election Interference and Open Source Intelligence? (with guests Berit Anderson, and Evan Anderson)

87 | Artificial Intelligence & Chatbots…Helpful or Harmful? (with guest Heather West)

86 | Using Tools to Help Manage Incident Response (with guest Lauren Wallace)

To browse our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.

Previous
Previous

ADCG Explainer: Synthetic Data Privacy

Next
Next

Updates to the Pennsylvania Data Breach Notification Law