The Federal Trade Commission's proposed changes to its 14-year-old Health Breach Notification Rule come at a time when some advocates say stronger consumer data privacy protections are needed. But will the FTC potentially face legal challenges to its authority to make these sweeping changes?
The Federal Trade Commission on Thursday made a few bold moves to ramp up its oversight of data privacy. They include issuing a notice of proposed amendments to its Health Breach Notification Rule and releasing a policy statement warning of heightened scrutiny over the use of biometric information.
The French data protection authority on Tuesday signaled increased concerns over the privacy impacts of generative artificial intelligence and said issues such as data scraping raise data protection questions. Data scraping by AI companies is a flashpoint in the technology's rollout.
Fifteen months after Russia intensified its illegal invasion of Ukraine, experts say top cyber defense lessons policymakers and defenders should apply include focusing on resilience. Building for resilience acknowledges the inevitability of ongoing attacks.
The Federal Trade Commission has barred the developer of fertility tracking app Premom from sharing users' personal health data with third parties for advertising purposes and has fined the vendor $100,000 for alleged violations of the agency's Health Data Breach Notification Rule.
IBM has bought a startup founded by a longtime security leader in the Israeli Prime Minister's Office to ensure personal identifiable information isn't left unprotected. The deal will ensure sensitive data isn't exposed in public cloud data stores or SaaS apps like Slack, SharePoint or Office 365.
Huntress has completed a Series C round to expand beyond the endpoint protection market and bring managed security to identity and cloud. Hackers are increasingly going after employee accounts at SMBs and using the compromised identity to move into other systems via SSO, CEO Kyle Hanslovan said.
Organizations of all types have important work ahead to comply with Washington state's new My Health My Data Act, which pertains to any entity - inside or outside the state - that handles health data of consumers in the state, said Cat Kozlowski, attorney at law firm Polsinelli.
In the latest weekly update, ISMG editors discuss how the Feds have dismembered Russia's 'Snake' cyberespionage operation; the ongoing debate over privacy laws and regulations in the APAC region; and why more companies are banning the use of generative AI tool ChatGPT.
Crosspoint Capital Partners has joined Thoma Bravo and others in the take-private cybersecurity spree, agreeing to buy endpoint security vendor Absolute Software for $657 million. The deal will allow Absolute Software to expand from asset visibility and control to endpoint resilience and access.
A recently proposed federal rule would prohibit healthcare organizations from disclosing to law enforcement patient information related to obtaining or providing an abortion. If enacted, it will address longstanding loopholes in healthcare privacy, said attorney Kathleen McGee.
The purchase of promising early-stage startup Laminar by a large tech vendor would match many M&A deals seen in 2023. The downturn has made it tough for small startups to raise additional funding at an increased valuation, while the push for profitability has left big firms open to only tuck-in M&A.
In the annals of attempting to downplay the impact of a data breach, here's a new one: British outsourcing giant Capita says the hackers who hit it - steling data pertaining to customers, suppliers and employees - accessed "less than 0.1% of its server estate."
Federal authorities are warning healthcare sector entities of a rise in cyberattacks against Veeam's Backup & Replication software. Some incidents appear tied to exploitation of a high-severity vulnerability in the vendor's software in that was disclosed in March.
Attacks like Kaseya and SolarWinds have highlighted the supply chain risks and demonstrated how securing the supply chain can no longer just be considered a compliance function. It has evolved into a risk management function, said Fred Kneip, chief executive officer at CyberGRX.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.