October 31, 2024
Issue 36 — Latest in privacy & security
In today's email…
- Tips from the new CPPA dark pattern advisory
- FCC expands cooperation with state
- New CFPB rule aims for open, competitive banking
- SEC announces $7 million fine over inaccurate breach disclosures
- End-user error is still your biggest cybersecurity challenge
Here we go!
Latest in Privacy and Security
- The CPPA issued an advisory reminding orgs that dark patterns are illegal under the CCPA. Intent doesn’t matter; if your choices are potentially confusing to consumers, you’re at risk of enforcement actions. Make sure the choices you give consumers:
- Use clear, easy-to-understand language
- Avoid technical jargon
- Are symmetrical — e.g., opting out should be no longer or more difficult than opting in
- The FCC’s Privacy and Data Protection Task Force is expanding a 2023 program to help states enforce data protections, by partnering with State Attorneys General in 10 states and the District of Columbia. This nearly doubles the program, which began with 5 states and DC. Read more
Regulations / Fines
- A new CFPB rule requires financial services to transfer personal info for free at the consumer request. The Personal Financial Data Rights rule aims to create a more open, competitive financial market. Enforcement starts on 4/1/2026 for large companies, and 4/1/30 for the smallest institutions.
Read more - The SEC fined four companies a combined $7 million for misleading consumers about the 2019 SolarWinds hack, with Unisys paying the largest fine ($4 million.) The companies downplayed the hack in different ways, from not fully sharing the types of data compromised, to entirely failing to disclose that they had been hacked. Read more
- Human error is still the biggest problem in Cybersecurity, according to a new survey of IT professionals. According to the 2024 Kaseya Security Survey, 89% of IT pros believed end users were their main cybersecurity problem, split roughly equally between poor user practices, and lack of end-user training.
Upcoming Events
- IAPP Europe Data Protection Congress | Nov 18, 2024 | Brussels, Belgium
- FutureCon Nashville | November 14, 2024 | Nashville, TN and Online
- FutureCon Boston | Nov 21, 2024 |Boston, MA and Online
- IAPP ANZ Summit 2024 | November 26-29 | Melbourne, Australia
- IAB State Privacy Law Summit | Nov 19, 2024 | New York City, NY
Job Board
- Chief Privacy Officer at Ancestry: Ancestry is seeking a VP & Chief Privacy Officer to oversee global and product privacy. The CPO will report to the General Counsel, and work with the board and management on compliance and strategic development.
- Privacy Program Manager at Roblox: Roblox is looking for an experienced Privacy Program Manager to join our Legal team! This is a full-time position based in San Mateo, CA (hybrid structure with 3 days onsite per week) and will report to the Head of Privacy, Legal.
- Director of Privacy at Microsoft: M+S Privacy is seeking a highly experienced Director of Privacy to lead and perform comprehensive privacy reviews for the tools and systems used across the Marketing and Microsoft Customer & Partner Solutions (MCAPS) organizations.
- Privacy Risk & Compliance Manager: Reporting to Rivian’s Senior Director of Privacy, you will help to lead Rivian’s privacy risk and compliance efforts worldwide, with a focus on Rivian products. You will work closely with product teams to promote privacy-by-design, perform risk assessment (e.g., privacy impact assessment), and support overall privacy program operations and growth.
Trust meme of the day
Planning for Q1 2025?
- Let us help you design your privacy and security program the right way.