Showing 5 posts in Privacy.
2021 may be the year that privacy legislation explodes across the US. Already, several states including New York, Virginia, and Washington have introduced some form of privacy legislation (many are re-introducing bills that did not pass in 2020).
Many businesses devoted substantial resources to privacy compliance in 2020, thanks to the California Consumer Privacy Act (CCPA). They will be rewarded for that effort: during the fall election, Californians approved a ballot initiative that will strengthen the CCPA, dedicate billions of state dollars to privacy enforcement, and create a new enforcement agency for personal privacy rights.
The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have published a warning regarding attacks to certain VPN products by a known threat actor based in Iran. The CISA warning is here for reference. Once it has attacked the specified vulnerabilities, the threat actor is able “to gain initial access to targeted networks and then maintained access within the successfully exploited networks for several months using multiple means of persistence,” according to CISA.
California’s new privacy rules, the California Consumer Privacy Act (CCPA), took effect early this year. The CCPA is the state’s effort to protect the privacy of California residents by setting ground rules for collection and use of their “personal information.” These rules have caused quite a lot of confusion, however. High on the “confusing” list: information covered by other privacy-related laws such as HIPAA and Gramm-Leach-Bliley Act (GLBA).
With the EU’s new privacy rules (GDPR) that took effect earlier this year, the California Consumer Privacy Act that takes effect January 1st, 2020, and the clamor for a federal data privacy law in the United States, it is increasingly clear that privacy will not, in the future, be an optional part of business operations.