Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyber Law. Show all posts

New Consumer Privacy Rights for Oregonians: What You Need to Know

 

As of July 1, Oregonians have gained significant new consumer privacy rights under the Oregon Consumer Privacy Act (OCPA). This law, enacted in July 2023 but now in effect, results from four years of work by the Attorney General’s Consumer Privacy Task Force, a group of over 150 experts.  

The OCPA offers broad definitions of personal and biometric data and provides comprehensive protections for consumer data. It empowers consumers with control over their data and mandates businesses to adhere to high standards. 

Key rights for consumers include: 

1. Right to Know: Consumers can request a list of entities that have received their personal data. 

2. Right to Correction: Consumers can correct inaccuracies in their data. 

3. Right to Deletion: Consumers can delete data held by businesses. 

4. Right to Opt Out: Consumers can refuse the sale, profiling, or targeted advertising using their data. 

5. Right to Data Portability: Consumers can obtain a copy of their personal data from businesses. 

The OCPA also introduces enhanced protections for sensitive data, which includes information on racial or ethnic background, health conditions, sexual orientation, and precise geolocation, among others. Businesses must obtain explicit consent before processing this data. Children and youth receive special protections. For children under 13, businesses must comply with the federal Children’s Online Privacy Protection Act (COPPA). For youth aged 13 to 15, businesses need "opt-in" consent for targeted advertising, profiling, or selling personal data. 

Attorney General Ellen Rosenblum highlighted the importance of the OCPA in keeping consumer protection laws up-to-date with technological advancements. She urged Oregonians to learn about their new rights and protections under the law. Businesses are required to be transparent about their data use, secure consumer consent for sensitive data collection, and protect children’s data. 

While some companies have already offered these protections, the OCPA now makes them mandatory. Not all businesses fall under this law, and certain industries with existing privacy regulations are exempt. However, for many Oregonians, the OCPA marks a significant step forward in managing and safeguarding personal data. 

CA Delete Act: Empowering Data Privacy

Governor Gavin Newsom has enacted the California Delete Act, marking a historic step for data privacy. This law represented a big step towards giving people more control over their personal information and was passed with resounding support from the state government.

The CA Delete Act, also known as Assembly Bill 375, is set to revolutionize the way businesses handle consumer data. It grants Californians the right to request the deletion of their personal information from company databases, putting the power back in the hands of the individual.

The bill's passage is being hailed as a major win for privacy advocates. It signals a shift towards a more consumer-centric approach to data handling. According to Governor Newsom, this legislation represents a critical move towards "putting consumers in the driver’s seat when it comes to their own data."

One of the key provisions of the CA Delete Act is the requirement for businesses to conspicuously display an opt-out option on their websites, allowing users to easily request the deletion of their data. This transparency ensures that consumers are fully aware of their rights and can exercise them effortlessly.

Furthermore, the legislation includes penalties for non-compliance. Businesses that fail to comply with deletion requests within the stipulated timeframe may face fines and other legal consequences. This aspect of the bill emphasizes the seriousness with which California is approaching data privacy.

Industry experts predict that the CA Delete Act could set a precedent for similar legislation on a national and even international scale. As businesses increasingly operate in a globalized digital landscape, the demand for comprehensive data protection measures is becoming paramount.

The significance of the CA Delete Act extends far beyond California's borders. It sends a clear message about the importance of prioritizing individual privacy in the digital age. As Joseph Jerome, a privacy expert, stated, "This law will likely serve as a catalyst for other states to take a harder look at consumer privacy."

Data privacy has advanced significantly thanks to the California Delete Act. Individuals now have the power to manage their personal information, which puts more responsibility and accountability on businesses to be open and honest about how they handle customer data. This historic law is a ray of hope for those defending privacy rights in the digital age since it could influence laws comparable to those around the world.


Privacy Class Action Targets OpenAI and Microsoft

A new consumer privacy class action lawsuit has targeted OpenAI and Microsoft, which is a significant step. This legal action is a response to alleged privacy violations in how they handled user data, and it could be a turning point in the continuing debate over internet companies and consumer privacy rights.

The complaint, which was submitted on September 6, 2023, claims that OpenAI and Microsoft both failed to protect user information effectively, infringing on the rights of consumers to privacy. According to the plaintiffs, the corporations' policies for gathering, storing, and exchanging data did not adhere to current privacy laws.

According to the plaintiffs, OpenAI and Microsoft were accused of amassing vast quantities of personal data without explicit user consent, potentially exposing sensitive information to unauthorized third parties. The complaint also raises concerns about the transparency of these companies' data-handling policies.

This lawsuit follows a string of high-profile privacy-related incidents in the tech industry, emphasizing the growing importance of protecting user data. Critics argue that as technology continues to play an increasingly integral role in daily life, companies must take more proactive measures to ensure the privacy and security of their users.

The case against OpenAI and Microsoft echoes similar legal battles involving other tech giants, including Meta (formerly Facebook), further underscoring the need for comprehensive privacy reform. Sarah Silverman, a prominent figure in the entertainment industry, recently filed a lawsuit against OpenAI, highlighting the potentially far-reaching implications of this case.

The outcome of this lawsuit could potentially set a precedent for future legal action against companies that fall short of safeguarding consumer privacy. It may also prompt a broader conversation about the role of regulatory bodies in enforcing stricter privacy standards within the tech industry.

As the legal proceedings unfold, all eyes will be on the courts to see how this case against OpenAI and Microsoft will shape the future of consumer privacy rights in the United States and potentially serve as a catalyst for more robust data protection measures across the industry.

UGC Offers Cyber Security Program for UG&PG Students

 

The University Grants Commission (UGC) has released the undergraduate (UG) and postgraduate (PG) cyber security course syllabus as part of Cyber Jaagrookta Diwas 2022. UGC Chairman M. Jagadesh Kumar remarked.
 
Cybersecurity as a discipline needs to be included at the undergraduate and graduate levels in all streams, according to Professor M. Jagadesh Kumar. The curriculum of these courses seeks to develop aware, receptive, and responsible digital citizens, thereby enhancing a robust ecosystem and posture for cyber security.

Higher Education Institutions (HEIS) may invite qualified professors or industry professionals/subject matter experts to take the lectures, practicals, and tutorials for these courses at the UG and PG levels in the classroom.

According to the UGC's syllabus, undergraduate students should learn fundamental and intermediate concepts, while graduate students should study intermediate and advanced concepts.

UG Cyber Security Course
  • Cybersecurity Introduction
  • Law and Cybercrime
  • Overview and security of social media
  • Online shopping and digital payments
  • Cybersecurity tools, techniques, and protection for digital devices
PG Syllabus for Cybersecurity
  • Introduction to Cyber Security
  • Online Crimes
  • Data Privacy & Security under Cyber Law
  • Management, compliance, and governance of cybersecurity
Vice-chancellors, principals, faculty members, and students from HEIs around the nation attended the occasion.

Additionally, Deepak Virmani, Deputy Secretary, Indian Cyber Crime Coordination Centre (14C), Ministry of Home Affairs, gave a lecture on cybercrime prevention and the adoption of cyber hygiene. Among the subjects covered in the presentation were cyber hygiene, safeguarding digital personal funds, appropriate social media use, projected future cyberattacks, email security, mobile and internet security, and computer security.

Students will also be able to comprehend the cyber security threat landscape and have a greater grasp of numerous cyberattacks, cybercrimes, vulnerabilities, and cures after completing the degree program.

The purpose of the Syllabus is to produce more responsible, responsive, and aware digital citizens. The fundamentals of cyber security and the threat landscape should be taught to students. Technical training and expertise for implementing and maintaining cyber security measures will be given to students. Students will learn more about and be more familiar with different kinds of cyberattacks.

Universities and colleges will offer the courses as elective or optional courses. It will also feature exercises on how to set privacy preferences on social media sites, file complaints about social media sites, and create password policies for computers and mobile devices, among several other things.



Digital Concentration Camp: Tech giants are playing God

Recent events in the United States have shown that the tech giants do not care about the constitution, this is a cause for concern.

There are situations when half a dozen people who have created their own technological empires do not even want to know what rights they have in their state. They determine their own rights on the basis of so-called "corporate norms" and do not respect the constitution of their states. We have seen this clearly in the United States. This, of course, a matter of serious concern.

In general, we are talking about the fact that several major multinational corporations - IT, media, pharmaceuticals, banks - plan to do what they want with people. As you know, the emergence of giant monopolies is a classic feature of any large-scale crisis of capitalism. Lenin wrote about this fascinatingly.

An excellent example of this was when Twitch, Twitter, Facebook, YouTube and Instagram previously blocked Trump's accounts for various periods of time due to his statements about the riots in Washington on January 6.

According to Vladimir Shapovalov, a member of the board of the Russian Association of Political Science, Trump and his supporters were deprived of the freedom to vote, the right to receive and disseminate information. But such a right is fundamental.

Another example is how the largest American airline Delta blacklisted almost nine hundred passengers for their "Trumpism". In November, the same company denied its services for life to a passenger who shouted slogans in support of Trump.

It's interesting to note that on one decision to ban Trump, Zuckerberg's company lost 5% of its value. However, they don't seem to care at all about profit. Uber, Snapchat, and Tesla record losses year after year. All they are interested in is the most severe control of their consumers.

It is worth noting that on January 17, Naavi, a veteran Cyber Law specialist in India, became a victim of the injustice of the monopolies. He published an interesting article Union Bank and RSA Fiasco, where he shared his experience and expressed his opinion about what is happening. It all started with the fact that his site was groundlessly accused of hosting a phishing script. The article about Union bank, published on January 14, 2021, received a complaint from the RSA security service. This resulted in the Service provider M / S Square brothers has disabled not only the article page but the entire website www.naavi.org.

Readers in the comments advise Naavi to send a legal notice to RSA and UBI for defamation, DoS (disruption of legal rights) and various sections of the IT Act. The consensus among readers is that RSA and UBI consider themselves above the law and that they need to be made aware of their limits.

Moreover, even our E Hacking news portal has faced similar issue. The Cyber Security Company Comodo mistakenly marked the E Hacking news site as phishing. We even sent a false positive request from their website and also tried to contact them on their Twitter account. There was no reaction on their part.

Earlier, E Hacking news reported that a Russian IT company reportedly lost the contract in the USA because of serving sites with content from Trump supporters.

GDPR privacy law exploited to reveal personal data

About one in four companies revealed personal information to a woman's partner, who had made a bogus demand for the data by citing an EU privacy law.

The security expert contacted dozens of UK and US-based firms to test how they would handle a "right of access" request made in someone else's name.

In each case, he asked for all the data that they held on his fiancee.

In one case, the response included the results of a criminal activity check.

Other replies included credit card information, travel details, account logins and passwords, and the target's full US social security number.

University of Oxford-based researcher James Pavur has presented his findings at the Black Hat conference in Las Vegas.

It is one of the first tests of its kind to exploit the EU's General Data Protection Regulation (GDPR), which came into force in May 2018. The law shortened the time organisations had to respond to data requests, added new types of information they have to provide, and increased the potential penalty for non-compliance.

"Generally if it was an extremely large company - especially tech ones - they tended to do really well," he told the BBC.

"Small companies tended to ignore me.

"But the kind of mid-sized businesses that knew about GDPR, but maybe didn't have much of a specialised process [to handle requests], failed."

He declined to identify the organisations that had mishandled the requests, but said they had included:

- a UK hotel chain that shared a complete record of his partner's overnight stays

- two UK rail companies that provided records of all the journeys she had taken with them over several years

- a US-based educational company that handed over her high school grades, mother's maiden name and the results of a criminal background check survey.

Mr Pavur has, however, named some of the companies that he said had performed well.

Putin signed the law on the isolation of the Russian Internet (Runet)


On May 1, Putin signed a law on the isolation of the Runet. Thus, Russia will have its own Internet. And it will happen this year. Roskomnadzor (The Federal Service for Supervision of Communications, Information Technology and Mass Media) and other agencies are currently preparing relevant regulatory documents and technical means that will make the Internet in Russia autonomous and controllable.

Since 2014, relations between Russia and Western countries began to deteriorate rapidly. It became obvious that in the event of further escalation of the conflict, the Western partners of the Russian Federation can extend the policy of sanctions on any sphere of public life, including IT.

The threat of disconnecting Russia from the global Internet became real in 2018 when the US developed and approved a cybersecurity strategy. According to it, Russia and Russian hackers declared one of the main threats to US cybersecurity. The text of the strategy states that the United States intends to punish those who represent a threat to US cybersecurity.

In addition to Russia, North Korea, China and Iran are enemies in the new US cybersecurity strategy. Two of these countries have already created their own sovereign Internet.

According to the Russian authorities, the main goal of the new law is to ensure the functioning of the Internet, even if someone decides to disconnect the Russian Federation from the relevant servers.

In accordance with the new law, all operators will be required to install additional equipment that should ensure the operation of the Internet throughout Russia without problems. Many experts already believe that, the cost of the Internet for Russian citizens will grow by 10-20% because of this decision.

The new law determines that Roskomnadzor assumes all the authority for managing networks in case of threats to the Russian Internet. In addition, Roskomnadzor has the right to directly block websites with prohibited information.

Recently it turned out that one law on the isolation of the Russian Internet was not enough. Now the Government is developing a new bill. All networks in Russia want to be divided into three levels: local, regional and all-Russian. The connection to foreign networks will be only at the all-Russian level and connection to the global Internet will be prohibited at the local and regional level.

The law on the isolation of the Runet will come into force in November 2019. The State financed about 30 billion rubles ($ 460 000 000) for its execution. Critics of the law believe that it will introduce total censorship in Russia, and most importantly is that the Internet in Russia will become slower and more expensive.