To view this e-mail as a web page, go here.

Upgrade your career in 2 days


Coming to the Windy City this fall: training on privacy in the U.S. private sector. The class includes all the tools you’ll need, and if you decide to aim for a credential, you’ll have a head start.
October 18-19, Chicago, IL

Register Now


Cook: Who’s responsible for all these data breaches?

With no shortage of data breaches to virtually every industry sector across the world, it can be easy to point the blame or say the vulnerability has been fixed. Yet, these old answers to data breach issues no longer suffice. “Data breaches have become a fact of business; and as consumers, we’ve resigned to the idea that our information will be stolen soon, if it hasn’t already been compromised,” writes XOR Data Exchange President & CEO Mike Cook. In this post for Privacy Perspectives, Cook looks into who really should be responsible for all these seemingly endless breaches. The answer, he argues, may not be far from home.
Full Story


EU planning $2B cybersecurity research investment

PCWorld reports the European Union wants a $2 billion investment into cybersecurity research. The EU is planning on contributing $500 million to it and is asking industry to contribute the remaining $1.5 billion. The European Commission fears the EU economy is susceptible to cyberattacks, saying the incidents "could undermine the digital single market and economic and social life as a whole." The $2 billion cybersecurity public-private partnership is “intended [to] boost cross-border research into cybersecurity, and to aid development of security products and services for the energy, health, transport and finance industries,” said the European Commission in a report published Tuesday. Developing strong levels of cybersecurity can also be a big advantage for the EU over other countries, the European Commission said, as IT security continues to accelerate in growth worldwide.
Full Story


Op-ed: Cloud information deserves stronger privacy rights

In an op-ed for Bloomberg Law, Delta Air Lines Executive Vice President and Chief Legal Officer Peter Carter argues the cloud should be given similar protection from the government under the Electronic Communications Privacy Act as other forms of data storage. “It is incomprehensible to us that the government has the ability to secretly demand private information about anyone it investigates, so long as that information is stored remotely,” said Carter. The Delta executive, whose company serves 180 million customers, applauded Microsoft’s handling of government requests in its highly publicized case with the Justice Department concerning email data stored on servers in Ireland. “Americans have privacy rights regardless of where personal information is stored,” said Carter. “As we continue to move forward into a data-driven digital society, the cloud deserves the same legal protection as the office or home filing cabinet.”
Full Story

Sponsored Content

New Research from the Ponemon Institute

Size doesn’t matter — all health care organizations are at risk for data breach. According to the recently released study from the Ponemon Institute, 90% of health care organizations experienced a data breach; and 45% of those organizations experienced more than five breaches within the last two years alone. It also found most organizations are unprepared to address new threats and lack adequate resources to protect patient data.

Download the Report


Tech coalition seeks elimination of EU ‘cookie law’

A large group of technology and telecommunications companies are pushing for the end of the European Union’s “cookie law,” Ars Technica reports. The European Commission was originally working to completely rework the current ePrivacy Directive, but the group now wants to see it eliminated altogether. “We believe that simplifying and streamlining regulation will benefit consumers by ensuring they are provided with a simple, consistent, and meaningful set of rules designed to protect their personal data," said the group. "At the same time, it will encourage innovation across the digital value chain and drive new growth and social opportunities.” The group includes among others BT, T-Mobile, Netflix, Facebook, Google, Amazon, Microsoft, Apple, and BlackBerry.
Full Story


Congressmen send recommendations to HHS on ransomware guidance

A pair of Congressmen have written a letter to the Department of Health and Human Services regarding the upcoming ransomware guidance planned by the HHS’ Office for Civil Rights, GovInfoSecurity reports. Reps. Ted Lieu, D-Calif., and Will Hurd, R-Texas, sent specific breach notifications and response recommendations for the guidance, specifically on the differences between ransomware attacks and other data breaches. "However, just because a ransomware attack qualifies as a conventional breach, that does not mean they should be treated the same or subject to the exact same risk assessment. One reason for this difference is that the effect of a ransomware breach is different," the Congressmen wrote. Hurd and Lieu said in ransomware attacks, "the threat is not usually to privacy, but typically to operational risks to health systems and potential impacts on patient safety and service."
Full Story


Federal appeals court upholds shared password conviction

The 9th U.S. Circuit Court of Appeals in San Francisco upheld a conviction of an executive illegally using an employee’s password to obtain information in violation of the Computer Fraud and Abuse Act, Reuters reports. The decision gives the Justice Department more flexibility to go after alleged password thieves under anti-hacking laws. Former Korn/Ferry International executive David Nosal was convicted of using his secretary’s password to take confidential data in order to start a new firm. Privacy advocates have watched Nosal’s case, fearing it could make it easier for law enforcement to prosecute individuals for simple password sharing. "The court is criminalizing conduct that ordinary Americans do every day online," said Electronic Frontier Foundation lawyer Jamie Williams. Circuit Judge Margaret McKeown disagreed, saying criminals could escape prosecution after finding employees willing to “willy-nilly give out passwords."
Full Story

Sponsored Content

Global Guide to Data Breach Notification

The global data breach notification landscape is rapidly evolving and requirements are constantly changing. The expanded second edition of the World Law Group Global Guide to Data Breach Notifications, 2016 is a critical resource covering the latest developments every organization needs to successfully launch and support a global data breach response. Download the guide to access summaries of relevant law, data breach reporting requirements, contact information for relevant data protection authorities, and more, currently for 60 countries worldwide.


Researchers: GDPR may create ‘right to explanation’ on algorithmic decision-making

Certain sections of the GDPR, according to new research, could lead to a “right to explanation” on algorithmic decision-making, Fusion reports. Oxford researchers Bryce Goodman and Seth Flaxman wrote in a paper stating portions of the GDPR could mandate how algorithms sort out information on individuals. The sections ban decisions “based solely on automated processing, including profiling, which produces an adverse legal effect concerning the data subject or significantly affects him or her,” meaning algorithms aren’t permitted to make negative decisions on their own. University of Washington law professor Ryan Calo, however, believes the use of the word “solely” does create a loophole. “All a firm needs to do is introduce a human —any human, however poorly trained or informed — somewhere in the system,” Calo said, adding, "Voila, the firm is no longer basing their decision ‘solely on automated processing.’”
Full Story


Appeals court begins Section 702 case arguments

On July 6, the 9th U.S. Circuit Court of Appeals will consider whether evidence used in a trial gleaned from personal communications as permitted under foreign intelligence statute Section 702 is constitutional or not, Reuters reports. In a “first-of-its-kind case,” plaintiff Mohamed Mohamud is appealing his sentence of 30 years in prison for an attempted Portland, Oregon car bombing in 2010, maintaining that his seizure was illegal as law enforcement used surveillance tactics without a warrant, the report states. “Section 702 has been challenged before in court, but cases have generally been dismissed due to an inability to prove someone’s communications were actually caught up in the highly secretive programs,” the report adds.
Full Story


Tanya Forsheit joins Frankfurt Kurnit Klein + Selz PC

BakerHostetler’s Tanya Forsheit, CIPP/US, has joined Frankfurt Kurnit Klein + Selz PC as partner and co-chair of the firm’s privacy and data security group in its Los Angeles office, the firm reports in a press release. Among Forsheit’s specialties is post-breach counsel, having worked on more than 100 data breaches and helping to defend clients “against allegations that they mishandled sensitive customer or employee information,” the report states. “Tanya is one of the country’s leading privacy and data security lawyers,” said Frankfurt Kurnit Managing Partner Jeffrey Greenbaum. “We are thrilled to have her join us.” Forsheit will also serve in the firm’s technology & digital media, advertising, and litigation groups, the report adds.
Full Story

Sponsored Content

New Cybersecurity Litigation Treatise

Cybersecurity Litigation: Consumer Data Protection and Privacy is a new 700-page treatise containing in-depth discussion of the liability facing companies, boards of directors and other employees responsible for cybersecurity and the recent cases applying those principles. It also includes a summary of the statutory schemes and governmental guidance that govern or advise on this emerging area of law, as well as special chapters focusing on the financial services and health care industries.

Available Here
IAPP Daily Dashboard readers receive a 15-percent discount! Use promotion code CYBIAP at checkout.


Facebook third-party data sharing case will move forward with one plaintiff

U.S. District Judge Ronald Whyte has ruled that plaintiff Wendy Marfeo’s suit against Facebook for allegedly sharing her information with a third-party site via “referrer headers” will move forward, Courthouse News Service reports. Whyte found “that she had suffered harm by Facebook sharing her personal and private information despite the tech company's many assertions it would not do so,” the report states. The judge did respect Facebook’s motion to dismiss co-plaintiff Katherine Pohl’s allegations that the company had shared her information with a third party, the report adds. "We are pleased that the court ruled in our favor and determined that the case should not proceed as a class action," said a Facebook representative.
Full Story


Op-ed: The pros, cons of biometric security debated

Four different contributors debate the role of biometrics in banking in this multi-part op-ed from The New York Times. Biometric technologies are a more secure answer to the fragile password, writes one of the contributors, Twin Mill CEO Samir Nanavati. “They are quick and simple — users can authenticate in a fraction of a second,” he writes. Not everyone agrees. While the allure of biometric systems stems from their individuality, its permanence in light of a breach is problematic, the Electronic Privacy Information Center’s Claire Gartland writes. “It’s possible to replace a stolen credit card or bank account number, but how do you replace fingerprints, facial features or an iris?” She asks. “Instead of credit monitoring, will hacked companies offer their customers plastic surgery?” (Registration may be required to access this story.)
Full Story


Infrared light could shut off forthcoming iPhones’ camera

Apple has been granted a patent for an unnamed system that allows those with infrared-capable devices to disable the filming capabilities of proximate iPhones, Tech.Mic reports. While the system was initially developed to prevent bootlegging of films or illegal filming of concerts, there is concern that law enforcement agencies could manipulate it. “Given how police have secretly adapted new kinds of technology, from Stingrays that can intercept text messages in transit to license plate scanners, it's not hard to predict how police could take [it] on as part of their arsenal, regardless of Apple's recent anti-surveillance track record,” the report states. At the time of publication, Tech.Mic was still awaiting a potential response from Apple.
Full Story

All Current Job Listings

PSR_Icon_96x96 2016_PADDING

Epic program at P.S.R.


Join us at Privacy. Security. Risk. 2016 to explore government-mandated backdoors in the session “Today’s ‘Golden Age of Surveillance’ and the ‘Going Dark’ Sunset.” It’s a phenomenal program—check it out!
Training and Workshops September 13-14
Conference September 15-16, San Jose, CA

Register Now


Sunrise, FL, U.S.
August 5

Cleveland, OH, U.S.
August 9

Los Angeles, CA, U.S.
August 11

Durham, NC, U.S.
August 16

Buenos Aires, Argentina
August 18

St. Louis, MO, U.S.
August 24

San Francisco, CA, U.S.
August 24

Austin, TX, U.S.
August 25

August 26

Palo Alto, CA, U.S.
August 31

Stockholm, Sweden
September 8

Register Now
July 6, 2016

Quick Links

Platinum Plus Members

» Accenture
» Capital One
» Cisco
» CVS Caremark
» Deloitte & Touche
» Ernst & Young
» Google
» Hewlett Packard Enterprise
» Intel Corporation
» Lockheed Martin Corporation
» Merck & Co., Inc.
» Microsoft Corporation
» OneTrust
» Oracle
» Pricewaterhouse Coopers LLP
» Promontory
» Teleperformance Group

Platinum Members

» American Express
» AstraZeneca
» AT&T
» AvePoint
» Baker & McKenzie
» Edelman
» Facebook, Inc.
» Ponemon Institute, LLC
» RELX Group
» The Nielsen Company
» Wal-Mart

Gold Members

» Amgen Inc.
» Apple Inc.
» Automatic Data Processing
» Bank of America
» Citigroup
» Hogan Lovells
» Holland & Knight
» Intuit
» Jones Day
» Kroll
» LinkedIn
» McKesson Corporation
» MetLife
» Protiviti
» Prudential
» Staples, Inc.
» Target
» TD Bank
» The Boeing Company
» UnitedHealth Group
» Vodafone Group Services Limited
» Yahoo! Inc.

Silver Members

Corporate Members

Copyright© 2000–2019 International Association of Privacy Professionals.
The views in this eNewsletter, if any, are those of the authors and are not necessarily those of the IAPP.

75 Rochester Ave., Suite 4, Portsmouth, NH 03801 USA +1 603.427.9200

This email was sent by: INTERNATIONAL ASSOCIATION OF PRIVACY PROFESSIONALS, 75 Rochester Ave., Portsmouth, NH 03801 USA +1.800.266.6501. This email was sent to you at You received this email because you are a member of International Association of Privacy Professionals (IAPP) or you provided your email address to us. We respect your right to privacy; view our privacy statement.

Manage Email Subscriptions


You cannot unsubscribe from IAPP listserv emails via this link. To unsubscribe from the IAPP Privacy List or IAPP Women Leading Privacy List, please use the unsubscribe links at the bottom of those emails.