New York’s first Chief Privacy Officer Michele Jones said her state was “starting from the beginning” to protect residents’ privacy, Government Technology reports. Jones, who began her role two months ago, was appointed to the executive leadership team of the New York Office of Information Technology Services. During a panel at the National Association of State Chief Information Officers annual conference, Jones said a federal privacy law would make for a “uniform approach” to privacy for states to follow. Full Story
Author: Nora Reidy
Google expanded its search removal requests to include additional personally identifiable contact information, ZDNet reports. While users are able to request removal of certain sensitive information, they can now request data including phone numbers and email and physical addresses to be removed from search results, as well as information that may pose identity theft risks. In a blog post, Google Search Global Policy Lead Michelle Chang said, the updates “give people the tools they need to protect their safety and privacy online.” Full Story
U.S. college students had personal information unknowingly sent to Facebook when they applied for federal financial aid while applying to college, The Markup reports. The information, including full names, email addresses and zip codes, was transferred to Facebook through its Meta Pixels embedded in code on the U.S. government website where students fill out the Free Application for Federal Student Aid. Full Story
The Connecticut General Assembly gave final approval on what will be the U.S.’s fifth comprehensive state privacy law. Senate Bill 6, the Connecticut Data Privacy Act, earned final passage Thursday with a 144-5 vote by the House of Representatives following a 35-0 Senate approval April 20. The legislation will become law with a signature from Gov. Ned Lamont, D-Conn., or once 15 days have passed following adjournment of the current legislative session. IAPP Staff Writer Joe Duball provides reactions to the passage, the bill’s substance and its standing among the handful of existing state laws. Full Story
Utah became the fourth U.S. state to pass comprehensive privacy legislation when Gov. Spencer Cox, R-Utah, signed the Utah Consumer Privacy Act March 24. IAPP Westin Research Fellow Taylor Kay Lively, CIPP/US, writes the UCPA primarily draws from the Virginia Consumer Protection Act, but overall, takes a more “business-friendly approach to consumer privacy” compared to California, Colorado and Virginia. The law will apply to data controllers or processors who either conduct business in Utah or market products to state residents, and grosses more than $25 million in annual revenue. Full Story
The regulatory landscape for privacy and data protection in the U.S. is ever-changing. The IAPP Resource Center aims to keep privacy professionals in the know with a section dedicated to federal and state privacy updates. The page carries a link to the IAPP “US State Privacy Legislation Tracker,” which is updated weekly with the latest bill introductions and status updates. You’ll also find white papers and original articles related to potential and existing privacy legislation. Full Story
On July 8, 2021, the state of Colorado officially enacted the Colorado Privacy Act following Gov. Jared Polis, D-Colo., signing the bill. In passing the law, Colorado became the third U.S. state, following California in 2018 and Virginia earlier this year, to enact comprehensive privacy legislation. Read More
The rally for heightened U.S. enforcement against so-called “dark patterns” pushed forward Monday with a group of state attorneys general filing or preparing to file lawsuits over alleged dark patterns linked to Google’s location data practices. Washington, D.C., Attorney General Karl Racine announced he and attorneys general from Indiana, Texas and Washington State were staging a coordinated effort to address Google’s alleged work on “deceiving and manipulating consumers to gain access to their location data.” Read More
Friday, Jan. 28 is Data Protection Day (in the EU) or Data Privacy Day (in the U.S.). Initiated by the Committee of Ministers of the Council of Europe in 2006, Jan. 28 was chosen for Data Protection Day because it marks the anniversary of the opening for signature of the Council of Europe’s Convention 108 in 1981. Convention 108 holds special status as the first legally binding international agreement on data protection and continues to influence data protection laws around the world to this day. IAPP Senior Westin Fellow Müge Fazlioglu, CIPP/E, CIPP/US, takes a closer look at the significance…
Last year saw the highest number of recorded data breaches, CNET reports. Citing the Identity Theft Resource Center’s 2021 Data Breach Report, there were 1,862 breaches last year, up 68% from the year prior, and exceeded 2017’s previous record of 1,506. The targeted entities included oil pipeline operators and companies that protected sensitive personal information. The overall number of affected people decreased 5% last year, which ITRC attributed to cybercriminals shifting their focus to smaller, concentrated attacks, as opposed to large-scale data theft. Full Story