Tag:Privacy & Security
The Downfall of Twitter: Layoffs Rocking Big Tech
Over the last several weeks we have seen mass layoffs across big tech, including Salesforce, Twitter, and Meta. This comes after big tech peaked during the COVID-19 pandemic when it was essential to the nation in keeping us virtually connected. During the lock down tech giants’ profits soared as consumers upgraded devices, maximized increased storage, and were forced to get creative in communicating in the workspace. However, inflation, rising interest rates, and digital spending are driving big tech companies to implement large-scale layoffs as the economy prepares to take a downturn. While Meta CEO, Mark Zuckerberg, described the announcement as one of his hardest decisions, Twitter CEO, Elon Musk, has taken a different approach, causing continuous chaos that has led to compliance risks.
Federal Trade Commission Accuses Chegg of “Careless” Data Security
On Monday, October 31, the U.S. Federal Trade Commission (FTC) called on education technology provider Chegg, Inc. (Chegg) to bolster its data security, citing lax security practices that regulators said exposed the personal data of more than 40 million Chegg users. The exposed personal information included names, email addresses, passwords, and for certain users, sensitive scholarship data such as dates of birth, parents’ income range, sexual orientation, and disabilities.
The Need for Federal Regulation of Tracking Pixels to Protect Patient Data
In June 2022, a nonprofit news site called The Markup released a report stating that hospitals using Meta Pixel may be releasing patient data to Meta Platforms, Inc. (previously Facebook, Inc.). Since this report was released, many of the hospitals identified in the report removed pixel technology from their websites. In addition, some hospitals have released public breach notices and reported potential data privacy breaches to the US Department of Health and Human Services (HHS) Office of Civil Rights (OCR). Most recently, on October 20, 2022, Advocate Aurora Health, a large health system located in the Midwest, released a notice publicly announcing its potential pixel breach, which may affect as many as three million patients.
Twitter Whistleblower Exposes FTC’s Ineffective Efforts to Protect User Data
Danielle McNamara Senior Editor Loyola University Chicago School of Law, JD 2023 In July 2022, former Twitter board member Peiter Zatko filed a complaint against Twitter, alleging that the social media platform failed to develop a security system consistent with the Federal Trade Commission’s (FTC) requirement to implement a comprehensive information-security program, established in 2011. …
Read more
A Collaborative Effort in Defeating Healthcare Cyber Attacks
In an effort to improve cybersecurity in the healthcare sector, a bipartisan bill was introduced in Congress on September 13, 2022, by Republican Brian Fitzpatrick of Pennsylvania and Democrat Jason Crow of Colorado. The Healthcare Cybersecurity Act relies on a partnership between the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to work together in improving cybersecurity in the healthcare sector. The Act has been introduced as a result of record high increases in health data breaches across the country over the last several years. The goal is to provide resources for training and heighten efforts taken across the nation to mitigate cybersecurity risk. The Act would not only improve patient care but save healthcare cost by taking a proactive approach.
SEC Proposes Rules to Combat Cyber-Attacks
On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies. In an attempt to further protect against cybersecurity attacks and increase cyber transparency among issuers and investors President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Before CIRCIA goes into effect, it requires the Cybersecurity and Infrastructure Security Agency (CISA) to complete mandatory rulemaking activities, to develop/publish a Notice of Proposed Rulemaking (NPRM), and a final rule. The SEC proposal and CIRCIA both have different implications, but both will increase cybersecurity regulations and procedures, even making employees more conscious of potential attacks.
Artificial Intelligence: The Next Regulatory Frontier
Until recently, Artificial Intelligence (AI) was the domain of science fiction connoisseurs and Silicon Valley tech savants. Now, AI is ubiquitous in our daily lives, with a seemingly endless number of possible applications. As with any new and emerging technology, there are many novel questions and concerns that need to be addressed. Whether it be related to copyright ownership, ethics, cybersecurity obstacles, or discrimination and bias, concerns surrounding AI usage are mounting. AI system regulation has been rapidly increasing worldwide, while the U.S. regulatory landscape has remained relatively sparse. But it won’t be for long.
Mismanagement of Client Data Results in a $35 Million Fine for Large Investment Company
Juhi Desai Associate Editor Loyola University Chicago School of Law, JD 2024 Morgan Stanley Smith Barney (“Morgan Stanley”), a leading investment company, found itself in hot water after complaints of a data breach. In 2015, Morgan Stanley allegedly auctioned off devices that contained sensitive information. On September 20, 2022, the U.S. Securities and Exchange Commission …
Read more
Technology Giants Facing Historical BIPA Violations
A settlement has been reached in a $100 million dollar class action lawsuit against Google impacting an estimated 1.4 million Illinois resident users. The order comes as a result of Rivera, et al. v. Google LLC , where users photographs appeared in the storage application service, known as Google Photos, without having acquired proper consent nor provided notice to its users. Google is only one of many technology giants joining trending litigation in violation of the Biometric Information Privacy Act (BIPA). While this settlement is one of the largest in Illinois to date, one can expect there to be more class-action lawsuits on the way.
The Long Road Toward Federal Data Privacy
In June of this year, the U.S. House Committee on Energy and Commerce’s Subcommittee on Consumer protection and Commerce met regarding the American Data Privacy and Protection Act (ADPPA). At this meeting the committee members highlighted that this bill, seeking to establish federal data privacy, is intended to be a compromise on the topic of federal privacy legislation as committee members from both sides agree that a federal privacy act is necessary.