All 50 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted data breach notification laws. The first data breach law was passed in 2002 in California, and in 2018 the final two states, South Dakota and Alabama, passed their data breach laws. Some states require reporting of breaches to the
The UK Information Commissioner’s Office has published a new code of practice for online services directed to children, Age appropriate design: A code of practice for online services. The new code sets 15 flexible standards and gives specific explanations of how the GDPR applies to childrens’ online activities and pursuits. The code is not a
In a new National Academies of Science report on the emerging bioeconomy, Safeguarding the Bioeconomy, the authors did something a bit unexpected: they called out cybersecurity and sensitive data protections and practices as significant co-factors for economic success. In the past, these same data security and privacy factors may well have been discussed as obstacles to progress.
WPF Press Release: NIST has issued extensive scientific documentation of demographic effects in face recognition systems in its new report, Face Recognition Vendor Test Part 3: Demographic Effects. The detailed findings in the NIST report are troubling. World Privacy Forum calls on the face recognition industry to accept, acknowledge, and address the new NIST findings, and calls for new multistakeholder work as well as significant safety guardrails.
WPF is urging the National Institutes of Health to do more to properly advise the research community and to protect data subjects in its draft guidance on data management and sharing. WPF is asking for changes to the NIH guidance because in the US, much health research data in the hands of researchers is not subject to the privacy or security rules in HIPAA.
