Canada’s GDPR Moment: Why the Consumer Privacy Protection Act is Canada’s Biggest Privacy Overhaul in Decades

Canada’s GDPR Moment: Why the Consumer Privacy Protection Act is Canada’s Biggest Privacy Overhaul in Decades

This post covers six of the biggest issues in the bill: the new privacy law structure, stronger enforcement, new privacy rights on data portability, de-identification, and algorithmic transparency, standards of consent, bringing back PIPEDA privacy requirements, and codes of practice.

Larry Summers

Larry Summers

It would be inappropriate for the SEC to mandate disclosure of tax-return documents, but it would be entirely reasonable for the SEC to require that a reconciliation of book and taxable income be included in regular financial reporting.

UK’s largest airline, easyJet, reveals January 2020 breach of 9 million customer records

UK’s largest airline, easyJet, reveals January 2020 breach of 9 million customer records

All in all, approximately 9 million customers were affected by the EasyJet hack.The EasyJet disclosure also revealed that 2,208 of the 9 million affected customers had their credit card information accessed but nobody had their passport records accessed.easyJet breach affects 9 million customers.

Personal data of nearly 8,000 small business owners seeking relief loans may have been exposed to other applicants

Personal data of nearly 8,000 small business owners seeking relief loans may have been exposed to other applicants

The personal data of some small business owners seeking help via the Small Business Administration's Economic Injury Disaster Loan program may have been exposed to other applicants.The official said that 4 million small business owners applied for $383 billion in aid via the EIDL program and emergency grants.

Redditor Wins Fight to Stay Anonymous

Redditor Wins Fight to Stay Anonymous

The judge ordered disclosure of Darkspilver’s identity to Watch Tower’s lawyer, so the organization could try to shore up its legal claims.An opinion released Monday said, “The record establishes that Darkspilver made fair use of the Watch Tower ad and chart.

Analysis: Dotcom Appeal Dismissed

Analysis: Dotcom Appeal Dismissed

The court ruled as follows: “[72] Having assessed the disputed communications, we find that GCSB’s claim that disclosure would harm national security and international relations is well-founded.

Suspect can’t be compelled to reveal “64-character” password, court rules

Suspect can’t be compelled to reveal “64-character” password, court rules

Writing for the majority in a ruling handed down on Wednesday, Justice Debra Todd wrote: Based upon these cases rendered by the United States Supreme Court regarding the scope of the Fifth Amendment, we conclude that compelling the disclosure of a password to a computer, that is, the act of production, is testimonial.

Google Confirms Android Camera Security Threat: ‘Hundreds Of Millions’ Of Users Affected

Google Confirms Android Camera Security Threat: ‘Hundreds Of Millions’ Of Users Affected

“Our team found a way of manipulating specific actions and intents,” Erez Yalon, director of security research at Checkmarx said, “making it possible for any application, without specific permissions, to control the Google Camera app.

How safe are school records? Not very, says student security researcher

How safe are school records? Not very, says student security researcher

Among one of the more damaging issues Demirkapi found in Follett’s student information system was an improper access control vulnerability, which if exploited could have allowed an attacker to read and write to the central Aspen database and obtain any student’s data.

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

On June 24th after 90 days of waiting, the last day before the public disclosure deadline, I discovered that Zoom had only implemented the ‘quick fix’ solution originally suggested.

Reddit Commenter's Fight for Anonynmity Is a Win for Free Speech and Fair Use

Reddit Commenter's Fight for Anonynmity Is a Win for Free Speech and Fair Use

Accordingly, Watch Tower’s subpoena could not pass the well-established “Doe” test, which allows a party to use the courts to pierce anonymity only where they can show that their claims are valid and also that the balance of harms favors disclosure.

Detroit Police Used Cellphone Location Tracking Dozens Of Times In 2018

Detroit Police Used Cellphone Location Tracking Dozens Of Times In 2018

In October 2017, the Detroit Police Department (DPD) obtained a cell-site simulator, which is a type of surveillance technology that locates and tracks phones by mimicking cell phone towers.

The Challenges of Ethical Hacking – A Minefield of Legal and Ethical Woes

The Challenges of Ethical Hacking – A Minefield of Legal and Ethical Woes

Depending on the organization that you’re dealing with, responses can be as positive as interested engagement and proactively fixing an issue, to dismissive and uninterested, to actively hostile and ready to pursue legal action.

Pentagon Says All of Google’s Work on Drones Is Exempt From the Freedom of Information Act

Pentagon Says All of Google’s Work on Drones Is Exempt From the Freedom of Information Act

According to a Pentagon memo signed last year, however, no one at Google needed worry: All 5,000 pages of documents about Google’s work on the drone effort, known as Project Maven, are barred from public disclosure, because they constitute “critical infrastructure security information.”.

Data Breaches

Data Breaches

Stationary Device (STAT) Stationary computer loss (lost, inappropriately accessed, discarded or stolen computer or server not designed for mobility) Unintended Disclosure (DISC) Unintended disclosure (not involving hacking, intentional breach or physical loss – for example: sensitive information posted publicly, mishandled or sent to the wrong party via publishing online, sending in an email, sending in a mailing or sending via fax) Unknown

617 million stolen records up for sale on dark web

617 million stolen records up for sale on dark web

The Register says the number of accounts from the following websites are for sale on the dark web: “The biggest risk of targeted individual attacks against the victims, however, is probably already in the past: now the buyers will likely conduct large-scale phishing and malware campaigns without a high degree of sophistication,” predicts Kolochenko.

Parenting site Mumsnet hit by data breach

Parenting site Mumsnet hit by data breach

These are external links and will open in a new window These are external links and will open in a new window Image copyright Mumsnet Image caption Mumsnet founder Justine Roberts posted a lengthy explanation about the breach Parenting site Mumsnet has reported itself to the UK's data protection watchdog after an upgrade let some people see details of other accounts.

Thousands of industrial refrigerators can be remotely defrosted, thanks to default passwords

Thousands of industrial refrigerators can be remotely defrosted, thanks to default passwords

More than 7,000 vulnerable temperature controlled systems , manufactured by U.K.-based firm Resource Data Management, are accessible from the internet and can be controlled by simply plugging in its default password found in documentation on the company’s website, according to Noam Rotem, one of the security researchers who found the vulnerable systems.

LibreOffice patches malicious code-execution bug, Apache OpenOffice – wait for it, wait for it – doesn't

LibreOffice patches malicious code-execution bug, Apache OpenOffice – wait for it, wait for it – doesn't

After trying various approaches to exploit the vulnerability, Inführ found that he could rig the event to call a specific function within a Python file included with the Python interpreter that ships with LibreOffice.

Canadian Privacy Laws: A Primer

Canadian Privacy Laws: A Primer

The Act also applies to the Government’s collection, use and disclosure of personal information in the course of providing services.”[1] Personal Information Protection and Electronic Documents Act (the “PIPEDA“) and Provincial Privacy Acts: The PIPEDA and Provincial Privacy Acts set out “the ground rules for how private-sector organizations collect, use, and disclose personal information in the course of for-profit, commercial activities across Canada.

The Internet Is A Privacy Disaster. But We Still Don't Know How To Talk About It.

The Internet Is A Privacy Disaster. But We Still Don't Know How To Talk About It.

One of the most shocking claims revolved around Facebook partner contracts that allegedly allowed Netflix and Spotify to “ read, write, and delete users’ private messages .” This raucous parade of privacy missteps has stoked a growing collective outrage about tech companies playing fast and loose with personal information we have assumed they would properly secure and protect from misuse.

A thread written by @The3Million

A thread written by @The3Million

1/ The @ukhomeoffice is forcing every EU citizen applying for Settled Status to accept its Privacy policy that allows it to share all data with "public and private sector organisations in the UK and overseas".

D.C. Attorney General Sues Facebook

D.C. Attorney General Sues Facebook

The D.C. Attorney General filed a complaint against Facebook under the D.C. Consumer Protection Procedures Act, making D.C. the first U.S. jurisdiction to take action against the company for the mishandling of user data that led to Cambridge Analytica.

A new standard for government based data collection – PrivaSecTech

A new standard for government based data collection – PrivaSecTech

I would like to see every government organization publish whom they have shared personal information with. In summary, related to the specific case at hand, I feel that StatsCan like every other organization in Canada, including political parties, should be bound by privacy laws.

Fortnite Android App Vulnerable to Man-in-the-Disk Attacks

Fortnite Android App Vulnerable to Man-in-the-Disk Attacks

They refused, creating an unnecessary risk for Android users in order to score cheap PR points," Sweeney said on Twitter, referring to one of his engineers' request to Google to hold off from publishing for 90 days so Fortnite users could update their apps.

Telling the Truth About Defects in Technology Should Never, Ever, Ever Be Illegal. EVER.

Telling the Truth About Defects in Technology Should Never, Ever, Ever Be Illegal. EVER.

The worst of these actors use threats of invoking CFAA and DMCA 1201 to silence researchers altogether, so the first time you discover that you've been trusting a defective product is when it is so widely exploited by criminals and grifters that it's impossible to keep the problem from becoming widely known.