Nicole Lindsey

Technological advances in healthcare and medicine combined with AI is to create a brave new world that some have called the “Internet of Bodies.” What are the legal, privacy, security and ethical issues?

Consumer groups in 7 countries are asking European privacy regulators to take action against Google for GDPR violations, specifically, its “deceptive practices” related to location tracking.

Some ad tech vendors appear to be engaging in a form GDPR consent string fraud by knowingly tampering with the consent information found in a publisher’s consent string, in order to give them the ability to deliver personalized ads.

According to Giovanni Buttarelli, the Privacy Paradox has already shaped the way we think about privacy in the digital age and could help to determine the next evolution of privacy regulation.

New report from Datto shows that ransomware attacks continue to be the leading form of cyber attack experienced by small- and medium-sized businesses, with 4 of 5 MSPs having clients hit over the last 2 years.

The pace of cross-industry fraud is accelerating and becoming more costly and this is exacerbating the identity theft problem. New fraud study from LexisNexis reports that 84% of organizations had been the victim of cross-industry fraud.

The prospects for a federal privacy bill actually being signed into law in the United States in 2019 just took another big step forward with a proposal from Intel.

A new report offers a never-before-seen look at Google data collection practices, raising new questions about the extent to which the top tech companies in the world collect and collate user data without their permission or knowledge.

Since June 1, eight U.S. states have either amended or enacted tougher new data breach notification laws requiring notification anywhere between 30 to 60 days. While still a far cry from the 72 hours required under the European GDPR, tougher notification laws will no doubt be adopted around the world.

The days of federal privacy laws coming to Silicon Valley may happen sooner than you think. In a much-publicized keynote speech given at the 40th ICDPPC in Brussels, Apple CEO Tim Cook gave his full-throated support for laws that would be at least as stringent as the EU GDPR.

GAO audits carried out between fiscal years 2012-2017 have discovered significant cyber vulnerabilities in the U.S. Department of Defense’s top weapons systems, reflecting a misguided approach that does not take into consideration basic cyber security.

Apparent trend toward heavy government regulation of personal data collection has tech industry titans discussing support for a federal privacy law so that the industry-supported legislation contains terms that are as friendly to them as possible.

California is now leading the charge to beef up the cyber security features of connected devices by banning weak passwords, forcing device manufacturers to supply a unique password or force a password change on startup.

Google admitted that back in March 2018, it became aware of a data breach that may have impacted up to 500,000 users, but failed to disclose it to users or regulators. Are big Silicon Valley tech giants are “too big to trust”?

The Uber breach settlement of $148 million, which involves the governments of all 50 states, is one of the largest in history for a data privacy case. What are the lessons for other tech companies?

Bloomberg reported that Chinese spies planted a grain-sized microchip in motherboards supplied to server manufacturers in an alleged supply chain attack. What are the lessons for enterprises?

The Five Eyes has put the tech industry on notice. They want access to data from tech companies and while there is no formal demand for encryption backdoors, the Five Eyes believe government agencies should have access to encrypted information.

Recent Imperva survey found that nearly half of security professionals said they could implement an insider attack if they wished to. Insider threats remains one of the top cybersecurity threats to businesses.

Financial market regulators from outside the EU are now seeking GDPR exemptions for the purpose of "public interest", for example cracking down on securities fraud, including the SEC in the U.S. as well as regulators in Japan and Hong Kong.

According to U.S. Director of National Intelligence Dan Coats, the U.S. is at “a critical point.” With Russian hackers breaking into the U.S. power grid and gaining access to utility control rooms, they have the opportunity to “throw the switch”, plunging the nation into darkness and chaos.

Facebook responds to 1,200 questions posed by U.S. lawmakers on its data privacy practices. It seems that as long as the questions keep coming, Facebook can safely delay and mitigate the risk of regulatory or legal action.

Growing number of Americans now feel that state and local governments should increase their cybersecurity spending and do more to protect data from cyberattacks, similar to that which crippled the city of Atlanta in March 2018.

Given the dearth of cybersecurity pros in the marketplace today, a new Juniper Networks report suggests that security automation is potentially the solution.

As might be expected, the scale and scope of the latest Coinrail cyber heist has increased the call for new cryptocurrency regulations for both exchanges and trading, and could go a long way in maintaining investor faith in the modern financial system.

In a 229-page document, Facebook attempted to provide some clarity for questions from the congressional testimony to the U.S. House and Senate in April. Here are 10 things you might have missed.

Platforms are increasingly being held responsible by regulators for content governance of user-generated content, raising concerns for Facebook investors.

New report shows nearly 75 percent of U.S. federal agencies are still woefully unprepared and deemed to be “at risk” or “at high risk” of a cyber attack.

Despite Facebook pledging that it has figured out its problems, new revelations of data sharing with 60 different device makers has now come to light.

While the Facebook Cambridge Analytica scandal has created its share of problems for Facebook, it’s clear that the scale and scope of the scandal extends to every corner of Silicon Valley. After all, most tech giants are collecting staggering amounts of user data and comprehensive new privacy regulations seem imminent.

In the aftermath of the Cambridge Analytica scandal, many have suggested that Facebook be regulated, fined and perhaps even broken up. After all, if the FTC were to invoke its full power, it could theoretically levy hundreds of millions of dollars of fines, crippling Facebook. But is a big tech company too big to fail?

The congressional testimony was supposed to establish a national debate about data privacy and the right of users to protect their data from being sold, used, or analyzed in ways that were never intended. Instead, it has become very clear that regulating privacy is harder than anyone originally expected.

In an effort to get out in front of the data privacy scandal threatening to engulf the company, Facebook recently announced a new data abuse bounty program, which promises to pay people who report data abuses. But is this new data abuse bounty program going to result in any real changes to data privacy on Facebook?

After nearly two months of non-stop controversy and scandal over its improper use of Facebook data, Cambridge Analytica finally announced that it was ceasing operations, effective immediately. In doing so, Cambridge Analytica has become the new poster child to highlight the perils of data security breaches.

Companies, and even entire industries, are more afraid of Wall Street than they are of Washington. Instead of Facebook’s stock falling on privacy concerns, it is actually rising. Facebook has sensed that Wall Street doesn’t really care about privacy, and as long as Wall Street doesn’t care about privacy, why should it?

As much as Facebook would like to sweep the Cambridge Analytica data scandal under the rug, signs continue to mount that the company is still playing fast and loose with user data. All this raises the question of whether the 2011 FTC settlement that resulted in an 8-count consent decree actually went far enough.

Of all the legislation currently on the horizon, the Honest Ads Act seems to have the best chance of passage. The legislation is easy to understand and has bilateral support as well as the tacit support of Facebook, which is under pressure to show that it is changing and has the best interests of users at heart.

Mozilla's first-ever Internet Health Report highlights the key challenges affecting the creation of an open, safe and accessible Internet – Big Tech’s growing power, the collapse of privacy especially with IoT security, and the spread of fake news. All of these challenges point to deeper problems with the Internet.

Predictive policing models have shown remarkable ability to help clamp down on illegal activity and reduce crime. But do these methods lead to systematic bias against certain minority communities or ethnic groups? IUPUI study based on real-world data shows there is no statistically significant evidence of racial bias.

Given a shortage of skilled cyber security manpower, one of the most attractive alternatives may be cyber security automation. In a new report from McAfee, 81% of those surveyed said they would be more successful in their jobs and have more time to focus on higher value-added tasks if they had greater automation.

As prices of cryptocurrencies continue to skyrocket, fraudulent cryptocurrency scams are on the rise. Twitter cryptocurrency scams impersonating celebrities or influencers are so popular with cryptocurrency thieves and hackers simply because they are so easy to pull off on a daily basis.

Google has tried to clean up its Gmail privacy practices, saying that it will no longer use or scan Gmail content for any advertising purposes. Now, Gallo is representing consumers who never signed up for a Google account or Gmail account, but who still had their email messages read. This could be a real game-changer.

Law enforcement agencies around the world are embracing new predictive policing technology that will help them spot criminals before a crime ever takes place. However, communities often have little or no idea of why or how this technology is being used, and that raises some important privacy and human rights concerns.

The bubble in cyber security jobs is encouraging people to look for better opportunities at exactly the wrong time, and that may lead to the detriment of the fight against cyber crime. A new report by (ISC)2 found that a staggering 84% of cyber workers are open to new opportunities or plan to change employers in 2018.

Crypto mining malware is now the weapon of choice for hackers worldwide. The skyrocketing prices of cryptocurrencies is driving the scale of cryptojacking attacks, and can mean very lucrative profits ranging from hundreds of dollars to twenty thousand dollars per month. Victims now include Tesla and the UK government.

While we often think about malicious users when we speak of insider threats, the "real" problem lies with users that may unintentionally be putting their organizations at risk. This includes users that get phished, bypass controls for convenience or efficiency, and connect their own devices to the corporate networks.

For years, IoT developers have focused too much on availability, and not enough on privacy and confidentiality. This mindset appears to be shifting and the NIST report is proof of a growing recognition that there needs to be universal standards in place to improve the privacy and security of any IoT system.

Just as big data made every single company a data company, the new era of AI to make sense of this data might transform every company into an AI company. But the legal and privacy implications are far wider, potentially impacting every single industry, from consumer goods to healthcare to financial services.

There is reason to be optimistic about the future of cyber security. In today’s world, there is always a “weak link” in the chain that hackers can exploit. In a blockchain world, there are no longer any weak links and every action taken on the blockchain is part of a completely verifiable and trackable digital ledger.

Social fitness apps such as Strava need to be doing more to enhance user privacy and safety. The recent snafu involving the disclosure of U.S. military personnel location data has increased awareness of the perils created by tracking apps. Learn more about how these apps are collecting data, and how they are using it.

ATM machines have always represented a “soft target” in the minds of criminals. What’s now clear is that the ATM card skimmer scams of years past pale in comparison with what’s possible now with jackpotting scams with cyber criminals turning every ATM they visit into casino slot machines with huge jackpots.

The 10th anniversary of national Data Privacy Day celebrated on January 28 couldn't have come at a better time for Internet users with the past 12 months filled with stories about cyber security attacks, election meddling, state surveillance, and massive corporate data breaches.

There is a tremendous amount of potential for machine learning and cyber security within the enterprise. In order for machine learning to live up to the hype, it will need to offer a fully robust security solution and plenty of organizations are now betting that machines will be up to the task.

Chinese Internet users have become much more vocal about what they perceive to be potential breach of privacy by China Internet Giants - Alibaba, Baidu and Tencent.

Are you a victim of cryptojacking? Both individuals and organizations are now at risk of this new hacking approach to tap into your computer’s processing power. Most famously, Coinhive has been promoting this controversial new practice to tap for mining the cryptocurrency Monero.

For years, China has used the World Internet Conference to advance its vision for cyber sovereignty. Now it looks like the various ideas and concepts, including the new Cybersecurity Law, undergirding this vision are starting to be put into effect for China’s Internet, with unknown implications.

The FCC’s historic overturning of the Obama-era Net Neutrality rules could have profound implications for the Open Internet. While there are potential censorship and service pricing implications of this move, what are the long-term impact on data privacy and cyber security?

Companies must show that they are constantly innovating but they must also show that they are taking into account customer privacy and security to protect personal information. Those that can manage this delicate balancing act between customer privacy and digital trust will be the winners in the modern digital economy.

The new “Tracking the Trackers” report showed that 79% of all websites globally are secretly tracking your online behavior. Moreover, many are, in turn, forwarding your personal information to other companies. For many, the message is clear: it’s time to take back the web and end this widespread invasion of privacy.

According to a new survey conducted by the IAPP and EY, Global 500 companies will spend a combined $7.8 billion over the next year on GDPR compliance. Those escalating compliance costs will mostly result from new hiring, as corporations race to catch up with changes to privacy laws.

The Uber breach that affected 57 million people shows the near complete lack of care at the company with regard to customer data – as well as the company’s inability to learn from previous security mishaps. Are customers already desensitized after hearing data breach after data breach or will this be a wake-up call?

If a massive data breach has been in the news recently – such as the Equifax data breach that impacted more than 143 million Americans – there’s a good chance that other hackers will capitalize on this public data breach to cause greater harm to victims, and open up those already victimized to even more risk.

U.S. doing an “adequate” job for Privacy Shield but could be doing more to protect the data transfer of EU users, including reform of the FISA regulations.

Researchers recently uncovered an IoT botnet that has infected more than 1M organizations. Can we survive the next DDoS attack and avoid a botnet apocalypse?

Recently released IAPP-EY Annual Privacy Governance Report 2017 shows that privacy governance is outpacing data breach reporting as a board-level concern.

The best path forward of a cashless society is one that recognizes the privacy and surveillance risks where money has become information and data.

SMBs paid ransomware hackers more than US$301 million last year. Hackers are finding it more lucrative to prey on SMBs without ransomware protection.

New Verizon rewards program will give you coffee, music and rides in exchange for your behavioral data for targeted ads. What's the price for your privacy?

Behavioral targeting relies on a host of third parties in a highly complex, dynamic environment. Is your digital marketing ready for compliance with GDPR?

Equifax breach demonstrates how data breaches are getting bigger and more frequent. Is identity theft protection no longer optional in the digital age?

Adjusting to life under the GDPR in 2018 will be difficult. But tech implications of the GDPR will drive greater growth of the digital economy, not less.

Organizations have more options for privacy tools as the privacy technology market shows strong signs of growth, primarily driven by compliance imperatives.

Emphasis of GDPR on a technology-based data governance approach will drive innovation and have a positive effect on the future trajectory of EU GDP.

With rising risks of Internet of Things, the draft of the NIST 800-53 revision 5 addresses IoT security and privacy challenges head on.

Virtual version of ‘The Happiest Place on Earth’ may not reflect that childlike innocence and joy. In fact, a lawsuit claims that Disney is ruthlessly gathering information through mobile apps for kids to target advertising and ‘other commercial purposes’.

With every new opportunity comes new challenges. How can innovative enterprises capture the vast potential and rise up to the challenge of big data privacy?

Congress has brought the controversial bill on internet surveillance back to the discussion room, and this time, Silicon Valley remains largely silent.

Big data in politics has become big news in the United Kingdom as the Guardian newspaper reports that the vote for the UK to leave the European Union saw two international companies manipulating public opinion through the use of big data mining techniques.

So how does the United States Air Force with over 5,000 aircraft in its inventory make sure that it’s online security is top notch? It’s simple – it invites people to hack its systems.

A customer filed a privacy infringement claim on Bose, claiming that the Bose Connect app is quietly gathering data on his listening habits and onselling that information a data mining company.

The rolling back of the broadband privacy rules set in place by the Obama administration only a short time ago should concern everyone with a stake in privacy. The Trump government has bowed to pressure from ISPs to allow them to in effect gather browsing data from customers – and then monetise that data through on…

New smart home devices like the Amazon Echo and Google Home are raising numerous legal and privacy issues, primarily because they are recording conversations that you have in your daily life. If you wouldn’t want your friend recording one of your conversations, would you want a digital device doing the same? In this…

Recently, we examined some of the challenges that companies face in terms of the evolving privacy and data protection landscape - and how these challenges may require a whole new breed of information security professional. In this second part of the series we unpack the argument for a new role combining Chief Security…

Are individuals more likely to allow use of their data when it’s ‘for the greater good’ – even if permission is not sought? It may be that they don’t have a choice. Even as data protection measures increase and regulatory bodies increase their ability to punish bad behaviour by data custodians, there are still some…

In this article, we examine how regulators in Asia are mandating the appointment of Data Protection Officers and how these appointees form only one part of a team that must be tasked with not only ensuring the integrity of data, but also in responding to breaches of security. We also touch on the consequences of team…