IT Security & Privacy

The Federal Trade Commission (FTC) has unveiled its Privacy and Data Security Update for 2023, showcasing the agency's relentless efforts in safeguarding consumer privacy amidst evolving data usage by companies. Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, emphasized the FTC's proactive stance against indiscriminate data collection and exploitation, underscoring the agency's commitment to securing meaningful remedies to protect consumer information.

In a bid to reinforce the security measures surrounding personal data processing, the French data protection authority, CNIL, has unveiled the latest edition of its Practice Guide for the Security of Personal Data. This 2024 edition represents a comprehensive overhaul of its predecessor, incorporating vital updates and introducing new insights into emerging technologies.

The European Data Protection Board (EDPB) has initiated its Coordinated Enforcement Framework (CEF) action for the year 2024, focusing on the implementation of the right of access across the European Economic Area (EEA). This concerted effort involves 31 Data Protection Authorities (DPAs), including 7 German State-level DPAs, aimed at ensuring compliance with Article 15 of the General Data Protection Regulation (GDPR).

The Federal Bureau of Investigation (FBI) has unveiled its annual summary of cybercrime activity for the year 2023, painting a stark picture of escalating threats and substantial financial losses. The report, released recently, sheds light on a surge in cyber incidents across various categories, with ransomware attacks making a notable resurgence and cryptocurrency fraud emerging as a significant concern.

The Information Commissioner's Office (ICO), the UK's independent regulator for data protection and privacy matters, has unveiled updated guidance concerning the issuance of penalty notices for infringements of data protection laws. This announcement comes as part of the ICO's ongoing efforts to enforce the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

In response to the recent cyberattack affecting Change Healthcare, a unit of UnitedHealth Group (UHG), the U.S. Department of Health and Human Services' Office for Civil Rights (OCR) has taken decisive action to address the significant disruption caused to the nation's healthcare and billing systems. The cyberattack, which occurred in late February, has raised concerns regarding patient care and the integrity of essential healthcare operations nationwide.

FORIOU, a company specializing in marketing loyalty programs and cards, has been slapped with a substantial fine of €310,000 by the French data protection authority, CNIL (Commission Nationale de l'Informatique et des Libertés). The penalty comes as a result of FORIOU's use of prospect data obtained from data brokers for commercial prospecting purposes without ensuring valid consent from the individuals involved.