By: Jessica Cooper
May 17, 2019

Weekly Top 5: Here Come More Privacy Laws

The month of May brings us the anniversary of GDPR and there is no shortage of more privacy laws that are in the works. The California Consumer Privacy Act takes effect on January 1, 2020, and has the potential to make big changes to internet privacy and how data is used. Among the law’s provisions is one that requires companies to stop selling people’s data upon request at any time. This is timely as more research reports and data, one from IDology, for example, shows that more than three-quarters of US consumers strongly agree that companies need to protect their information.

Here is the latest rundown on privacy and security this week:

Global Privacy Push Drives Need for Security, Privacy Alignment

For several years, the healthcare sector has been the largest target for hackers given its trove of personal information and the need for providers to have access to that data at any given time. But in recent months, the conversation around security has shifted into a privacy focus.

Earlier this year, several Congressional members began weighing a national data privacy law that would replace the patchwork of state laws. Much of the conversation has focused around consent and transparency, given the scandals around Facebook.

Many are looking to the EU’s General Data Protection Regulation, which is more stringent than HIPAA and empowers consumers to have more control over their data. While a finalized rule around federal privacy and security legislation is a long way off in the US, the discussion has reignited conversations around just how to align privacy practices with cybersecurity regulations.

California’s New Data Privacy Law Could Change the Internet in the US

California is embarking on a new era of privacy on the internet, and Xavier Becerra can’t stop thinking about the failed debut of Obamacare. Back in 2013, Becerra, then a Democratic congressman from Los Angeles watched as technical problems with the website marred the rollout of President Barack Obama’s signature law, delaying sign-ups for health insurance and denting the public’s faith in the new offering. Now, as California’s attorney general, Becerra is worried that a similarly halting start awaits the California Consumer Privacy Act, a far-reaching law that would put some of the world’s strictest rules on how tech companies — many of which call the state home — handle and collect user data.

By Cyrus Farivar and David Ingram, Published on CNBC

78% of Consumers Say Online Companies Must Protect Their Info

More than three-quarters of US consumers strongly agree that companies need to protect their information, a 16% increase over last year, according to a comprehensive study of online consumer behavior. The research, conducted by IDology, also shows 71% of Americans say their decision to choose a financial institution would be positively affected if it uses better, more advanced identity verification methods. That’s a dramatic 27% increase over last year when only 56% of Americans reported the same.

By Steve Zurier, Published on Dark Reading

Equifax’s Data Breach Costs Hit $1.4 Billion

Credit reporting giant Equifax has spent nearly $1.4 billion on cleanup costs as well as overhauling its information security program following its massive 2017 data breach.

Two years after the data breach, which began on May 13, 2017, and the company discovered and began remediating on July 29, 2017, resulting in legal costs and investigations haven’t stopped taking a big bite out of the company’s bottom line.

On Friday, Atlanta-based Equifax announced its financial results for the first quarter of 2019, ending March 31, reporting a loss of $555.9 million, compared to net income of $90.9 million in the first quarter of 2018. Equifax’s quarterly revenue was $846.1 million, down 2 percent compared to the first quarter of 2018 although up 1 percent on a local currency basis.

Panama Citizens Massive Data Breach

On May 10th, Bob Diachenko, a researcher with Security Discovery, identified a massive bulk of data sitting in an unprotected and publicly available Elasticsearch cluster (hence visible in any browser). This database contained 3,427,396 records with detailed information on Panamanian citizens (labeled as “patients”), plus 468,086 records with records labeled as “test-patient” (although, this data also appeared to be valid and not purely test data). Each record contained the following info: full name, DOB, national ID number, medical insurance numbers, phone, email, address.

By Bob Diachenko, Published on Security Discovery

By, Jessica Cooper