The Data Drop News for Friday, August 6, 2021
Identity thieves targeting Surfside condo collapse victims. Data breach costs hit record high of $4.24M. Amazon Gets Record $888 Million EU Fine Over Data Violations. CCPA enforcement update. Ohio privacy bill introduced. 97.7% of Twitter users don't use two-factor authentication. New York law fighting facial recognition and biometrics. Audacity fixes their privacy policy. Plus, this week's latest privacy-enhancing technology!
Pro tip: get The Data Drop on your phone by subscribing to our podcast.
Identity Thieves Targeting Surfside Condo Collapse Victims
We all know identity thieves are bad people, but it was still surprising to find out that they were stealing the identities of Surfside condo collapse victims within days of the tragedy.
Data breach costs hit record high of $4.24M
A new study by IBM and the Ponemon Institute places the cost of data breaches at a record high of $4.24 million per incident.
This is a 10% increase from last year and the largest single-year cost increase in the last seven years.
The rise is attributed to accelerated digital transformation and the shift to remote work during the global COVID-19 pandemic, among other factors.
Visit this link for more eye-raising stats from this study.
Amazon Gets Record $888 Million EU Fine Over Data Violations
Amazon faces the single largest GDPR fine to date.
The $888 million penalty comes for violating data protection rules, concluding a probe started by a 2018 complaint from a French privacy rights group.
GDPR watchdogs are allowed to levy fines of as much as 4% of a company’s annual global sales, meaning this massive fine is still a far cry from the maximum penalty.
CCPA enforcement update
California’s Consumer Privacy Act recently celebrated its first birthday, and it’s off to a good start! Here are the numbers:
75% of the companies flagged for CCPA violations responded by amending their practices within the 30-day grace period provided under the law. The remaining 25% of alleged violators were either in the midst of their 30-day cure period or under ongoing investigation.
Ohio privacy bill introduced
Ohio is the latest state to introduce a bill for protecting consumer data privacy.
The bill is presented as a “middle ground” amid the field of existing state privacy laws, balancing consumer protections with corporate interests.
97.7% of Twitter users don't use two-factor authentication
Only 2.3% of Twitter users have enabled two-factor authentication, according to the social media company’s own data.
We at the Data Collaboration Alliance STRONGLY recommend the remaining 97% of Twitter users follow suit, as two-factor authentication is one of the easiest and most secure ways to protect your personal data.
New York law fighting facial recognition and biometrics
New York City has instituted one of the nation’s first data privacy laws prioritizing biometric data.
The new law will protect New York City’s approximately 8 million residents and 65 million yearly visitors from the collection, storing, sharing, or use of biometric identifiers by commercial establishments without first notifying individuals.
The law also includes a private right of action, meaning individuals can bring actions against commercial establishments that violate the law.
Audacity fixes their privacy policy
Popular open-source audio editor Audacity recently made headlines for its new and potentially invasive privacy policy.
Now the company has issued an update that should alleviate user fears. The new policy clearly states that Audacity won’t collect user data, and what little personally identifiable information they get (namely, the client’s IP address) will not be stored.
Unknown number of British Columbians' personal information for sale online after health company hacked
The personal information of an unknown number of British Columbians has been leaked online after a data breach at mental health services provider Homewood Health.
Agencies whose information may be compromised include BC Housing, TransLink, and the Provincial Health Services Authority.
The data appeared for sale on self-proclaimed “leaked data marketplace” Marketo, not to be confused with the CRM software of the same name.
School posts on Facebook could threaten student privacy
Photos of schools and classrooms posted to Facebook - including images of teachers and students – can often be viewed by anyone. Even those not logged into Facebook accounts.
This ability to easily access pages and pictures means they can be systematically accessed using data mining methods, raising serious privacy concerns.
It gets worse. Since practically all U.S. schools report their websites to the National Center for Education Statistics, and many schools link to their Facebook pages from their websites, these posts could be accessed in a comprehensive manner, according to experts.
EU/US data privacy talks enter second year
Negotiations over the safe transfer of data between the United States and the European Union have entered their second year, with no timeline for an agreement.
The problems stem from the lack of a US equivalent to the GDPR, after the EU's top court said their citizens' personal information was not protected from U.S. surveillance.
The Biden administration is reportedly considering an executive action to address the issue and improve international trade relations.
PET News
The latest in privacy-enhancing technology
Only 4% of iOS users in U.S. let apps track them
Apple released iOS 14.5 at the end of April, introducing the concept of App Tracking Transparency and the ability to stop apps from tracking your activity for ad purposes.
New data shows just how popular the feature is, with only around 4% of users saying “yes” to tracking, according to Verizon Media-owned Flurry Analytics.
SoftBank backs facial-recognition startup
SoftBank has announced a $235 million investment in the Israeli firm AnyVision with the goal of expanding their facial recognition technology into the US.
We mentioned New York’s biometric data protections earlier. This is just one example of what they’re up against.
Bank of America taps Epsilon for ad targeting in post-cookie world
Bank of America has tapped software developer Epsilon to help develop their strategy for targeting advertisements in a post-cookie world.
The plan is to create targetable profiles locally within the bank's data center, thus avoiding restrictions on web tracking cookies.
The Data Drop is a production of the Data Collaboration Alliance, a nonprofit advancing meaningful data ownership and inclusive innovation through open research and free skills training. To learn more about our partnerships, the Information Ownership Network, or the Data Collaboration University, please visit datacollaboration.org.