On January 22, 2021, Bleeping Computer reported about yet another data dump by the hacker group Shiny Hunters, this time for a clothing retailer. Shiny Hunters is known for exfiltrating large databases of customer information, often through misconfigured or otherwise compromised database. These databases typically contain credential information for customers, as was the case
A Year Later: CCPA Compliance Reminder to Review Your Privacy Policy
Has it been a year already? Many businesses diligently made sure they did their best to hit the moving CCPA target as they welcomed 2020 and the effective date of the statute last year. A year ago, all we had were draft regulations and a statute, and businesses had to do their best to comply.
FTC Eyes Vendor Oversight in Safeguards Rule Settlement
On December 15, 2020, the FTC announced a proposed settlement with Ascension Data & Analytics, LLC, a mortgage industry analytics company, related to alleged violations of the Gramm-Leach-Bliley Act’s (GLBA) Safeguards Rule. In particular, the FTC claimed that Ascension Data & Analytics’ vendor, OpticsML, left “tens of thousands of consumers[’]” sensitive personal information exposed “to
Introducing… the Global Privacy Control
One of the most reoccurring questions we’ve gotten from companies subject to CCPA that have a “Do Not Sell” link has been “What the heck do we do about this global privacy control?” Up until now, there wasn’t a clear, or even semi-helpful, answer to that question that didn’t involve a fair amount of guesswork.
A New Privacy Headache: Virginia’s COVID-19 Workplace Safety Rule is Poised to Impact Privacy
On July 15, 2020, the state of Virginia adopted the first of its kind COVID-19 workplace safety mandate. Propelled by months of inaction from a federal agency tasked with nationwide enforcement of workplace safety relating to COVID-19, Virginia’s Safety and Health Codes Board adopted an emergency regulation designed to establish requirements for employers to control,