News and Alerts for April 19, 2022
Virginia Passes Amendments to VCDPA
Governor Glenn Young of Virginia last week approved three amendments to the Virginia Consumer Data Protection Act (VCDPA). The first amendment, H 381, creates an exemption to consumers’ right to delete, and will allow data controllers to, in certain cases, retain personal data belonging to a consumer when the controller has obtained that data from a source other than the consumer. Data controllers may be deemed in compliance under this exemption if they refrain from processing the data, or if they keep a record of the deletion request and retain the minimum data necessary to ensure the consumer’s personal data remains deleted. The other two amendments to VCDPA come from S 534. One eliminates the Consumer Privacy Fund established under VCDPA, (penalties and fines will be paid to Virginia’s treasury), while the other redefines “nonprofit” organization to mean any that is exempt from taxation under section 501(c)(3) of the Internal Revenue Code.
Apple CEO Calls for Federal Privacy Law
Tim Cook, CEO of Apple Inc., spoke at the International Association of Privacy Professionals’ (IAPP) Global Privacy Summit in Washington, DC last week. In his address, he applauded the EU’s GDPR, and called for a federal data privacy law in the U.S., arguing that safeguards are needed to keep the power of tech in place, especially when evaluating the impact of new technology. According to IAPP, he said, “Without data privacy, the world will find itself in a ‘data industrial complex’ where anyone’s data can be stolen with impunity in the name of providing a service.” Cook also took the opportunity to push back against the Open App Markets Act, a bill first introduced by Senators Amy Klobuchar (D-MN), Marsha Blackburn (R-TN) and Richard Blumenthal (D-CT) in August. The Open Markets Act would prohibit Apple and Google from banning third-party apps on their app stores. Right now, Apple only allows vetted apps on the app store, and Cook argued that opening its walled garden would open iPhone users to new risks, citing a spate of ransomware apps plaguing Android users who thought they were installing COVID-19-tracking apps.
DOJ Takes Down Major Hacker Forum
The U.S. Department of Justice announced on April 12 that it has seized the domains belonging to RaidForum, one of the largest hacker forums in the world. The domains, “Raidforums.com,” “Rf.ws,” and “Raid.lol.” facilitated the sale of stolen personal data belonging to millions of people, including credit card information, social security numbers, and login credentials. RaidForums chief administrator, Diogo Santos Coelho was arrested in the UK in January, and remains there while the U.S. works to extradite him.
SC Media Publishes Tips for Enterprise Security
On April 18, SC Media columnist Rajesh Ganesan published a guide for empowering employees to take ownership of enterprise security. Those tips include embracing a zero-trust mindset across the organization, using real-world incidents in training quizzes, issuing team-based privacy scores, focusing on privacy principles rather than specific privacy laws, utilizing “contextual hooks” like chatbots to remind employees of security principles, avoiding third-party tools like social media share buttons and cookies, and framing security and privacy awareness as an ongoing conversation.
BREACH REPORT
* * * * * * *
To read our coverage on California Attorney General Rob Bonta recent “investigative sweep” of businesses that offer loyalty programs to their consumers and what your organization needs to do to comply with this required notice under the CCPA, click here.
To read our coverage on the Federal Trade Commission’s Chair Lina Khan discussion on the Commission’s current and planned approach to mitigating and limiting the impacts of “how Americans’ data is tracked, gathered, and used,” click here.
To browse through our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.