retail data breach – InfoHive

Lege TREND. 3 Ways Tech Companies Lobbying Against Data Privacy laws

Carving out exceptions to the California Consumer Privacy Act
- The message: “addressing workability issues from a business compliance standpoint, to strengthening the law from a consumer and privacy protection standpoint”
Coalition of business entities including:
- Internet Association
- TechNet
- Consumer Technology Association
- Chamber of Commerce
- Large Tech Companies
- Wireless Association,
Plausible Deniability
- Tech Companies and associations are not attending technical…

Lege Trend. Data Broker Registries

Tim Cook (Apple) is recommending a Data Broker Registry.

What’s a data broker? they buy and sell data from third parties

So how would it work?

every consumer can opt into their data being collected or not
consumers would be able to remove their data from the registry
the FTC would house the registry and consumers could see what info is being collected and by whom

Why does this sound familiar? Because in 2018 informed:intel told you about the first in the nation data broker state law in VT,…

Lege TREND. Top Data Security State Legislation in 2019.

California Privacy Act. Will other states replicate it? Is it the US solution for GDPR?
Federal Preemption. Will Congress pass federal data breach notification standards?
Data Privacy Requirements for Internet of Things. Privacy standards for your home thermostat, etc… See California’s SB 327 (2018)
Will small businesses get a carve out bill? See S770 (115th Congress)
Federal Preemption of Data Encryption Standards for Business

Sc Media | Top cybersecurity legislation of 2019

Refreshing our Recollection | 5 States. 5 Data Protection Bills. Health Care. Retailers. Notifications.

California Consumer Privacy Act (AB375 | 2018 | CA)
- 2 year grace period
- follows the EU’s GDPR
Vermont ( H764 | 2018 | VT)
- toughest data collection disclosure bill in the US
- Data Broker Bill
Colorado (HB11-1128 | 2018 | CO)
- Strengthened its protections of “personal identifying information”
New Jersey (S1913 | 2016 |NJ)
- Shopper Privacy Bill
- limits retailer retention of consumer data
Washington (HB1493 | 2017 | WA)
- Protects more health data

The Hill | States are leading…

5 Points. Apple Desired Information Privacy Law.

tech companies should de-identify customer data or not collect customer data
comprehensive federal law is necessary
- why? tech companies that collect a lot of data are basically spies
people should have a right in their data, and a right to have that data minimized
consumers must be told what data is being collected & why
the data belongs to the users and users (consumers) should always have access to it

The gold standard law: GDPR in the EU

Ars Technica | Tim Cook Calls for Strong US…

Lege TREND. Requiring Consumer Goods with Unique Passwords. 3 Points You Need to Know:

California’s Internet of Things legislation, SB 327 (2018 | CA), requires consumer goods to:

come with a unique password per consumer good
passwords cannot be set to admin or password
in the alternative, consumer goods can require a statup procedure that requires the consumer to set a password

BBC News | Weak passwords banned in California from 2020

Lege TREND. Data Miner Regulations. Legislation proposal.

How a state can legislatively protect its residents from data miners:

apply laws not only to 3rd party data miners but also 1st party data miners that do have a direct relationship with consumers such as:
- retailers
- social media companies

Also, what is a data miner? an entity or person that collects and sells personal information from consumers with whom the broker has no direct relationship

Electronic Fronteir Foundation | Vermont’s New Data Privacy Law

Lege Trend. Legislation to Regulate Data BROKERS. 5 Point Legislative Plan.

States can enacted legislation to address Data Broikers by:

impose a fiduciary duty towards the consumers whose data they harvest and monetize
establish a government office to assist the victims of data breaches
compensation for their financial & non-financial injuries
require disclosures by data brokers like:
- consumer’s “right to know” what personal information a data broker has gathered
- how the broker obtained it
- to whom they sold it
require consumer consent for data…

Lege TREND. Scale Back Data Breach Notification Bills. Only Focus on Financial Sector. What you need to know.

Which groups don’t like the focus on the financial sector? Retailers, because it slows passage of across the board data breach notification statutes

What’s the purpsoe of focusing on the financial sector?

Find a solution for the Equifax breach

What are state officials saying? “He has consistently opposed federal legislation that would pre-empt state attorneys general, as this proposal appears to do.” — CT Attorney General

Inside Cybersecurity | A debate unfolds over narrow breach-notice…

5 States leading the way on Data Security Legislation. Medical Data. Retail Data. Data Businesses. All Businesses.

States are enacting more quickly and fully than the federal government on data security regulation. Here’s a look at the 5 states leading the way:

California Consumer Privacy Act (AB375 | 2018 | CA)
- 2 year grace period
- follows the EU’s GDPR
Vermont ( H764 | 2018 | VT)
- toughest data collection disclosure bill in the US
- Data Broker Bill
Colorado (HB11-1128 | 2018 | CO)
- Strengthened its protections of “personal identifying information”
New Jersey (S1913 | 2016 |NJ)
- Shopper…