At a glance.
- Distance learning against privacy.
- Facebook attempts to get privacy right with VR.
- Contact tracing remains suspect in people's minds.
- More disclosures related to the Blackbaud breach.
- Comment on Brazil's data protection law.
Distance learning challenges privacy.
Students are facing a perfect storm of privacy threats: overwhelmed districts, teachers with limited data security training, bottom-up technology decisions, ed tech designed for ease of use instead of security, and what the executive director of the Campaign for a Commercial-Free Childhood calls “woefully insufficient” FTC enforcement of the Children's Online Privacy and Protection Act (COPPA), Axios reports. COPPA regulates the behavior of web pages and services, not schools, and schools are permitted to make non-commercial decisions about students’ data. Eleven states have additional privacy protections in the form of “two-party consent” laws that require permission from all participants for a conversation to be recorded, Digital Media Law Project says. The chief concern is minors’ data landing “in the wrong hands,” but bullying is another worry, the New York Times points out.
Facebook gets privacy right with augmented reality glasses?
An Information Technology and Innovation Foundation (ITIF) press release praises the “proactive measures aimed at protecting participant and bystander privacy from the outset” of Facebook Reality Labs’ augmented reality (AR) glasses project, expressing hope that “Project Aria” will set the tone for sector standards going forward and help work out privacy kinks before widespread societal adoption of AR technology. Facebook says this generation of Aria glasses will only “encrypt, compress, and store data until it’s uploaded to our separate, designated back-end storage systems.” Glasses guinea pigs are trained not to record bathrooms, places of prayer, and sensitive situations, and can’t view raw data, but they can access “low-resolution thumbnails.” Faces and license plates will be blurred before the data is further handled.
The US might adopt some form of contact tracing, but a lot of people won’t like it.
A July poll of two-thousand US adults found that the majority believe contract tracing apps work and would disclose their health information, but do not trust the data protection safeguards of government and technology company apps and would not feel better if the government set general privacy guidelines, Virtru reports. Generational differences were apparent. Millennials demonstrated the most faith in the technology’s privacy and efficacy, and Boomers the least.
Blackbaud breach fallout continues.
Four hospitals in Minnesota and one in Maine join the roster of those potentially affected by a Blackbaud breach impacting over 3 million people, according to Bring Me The News and WGME. “Full names, addresses, phone numbers, ages, dates of birth, genders, medical record numbers, dates of treatment, locations of treatment, names of doctors and health insurance status” may have been accessed in a thwarted ransomware attack. Software vendor Blackbaud doesn’t think the swiped data will be abused or circulated; five class action suits filed by Minnesota, California, and Florida donors say impacted parties remain displeased, per the Chronicle of Philanthropy.
Brazil's data protection law, Lei Geral de Proteção de Dados (LGPD) is now in effect.
Add LGPD to GDPR and CCPA. Brazil's general data protection law, the Lei Geral de Proteção de Dados, took effect yesterday. We heard from Cindy Provin, General Manager of nCipher Security and Senior Vice President of Entrust, who offered some thoughts on how enterprises might establish roots of trust during this implementation.
"Data compliance regulations such as Lei Geral de Proteção de Dados (LGPD) have put data protection and encryption at the forefront of customers’ security strategies, especially within the financial services and telecom industries, government, and with organizations pursuing a cloud-first strategy. Effective encryption strategies require strong key generation and management and the best practice is to store those keys in an HSM.
"Encryption protects sensitive information including financial data, government IDs and Social Security numbers by making it unreadable, but if you fail to protect the encryption keys it’s like locking your front door and leaving the keys under the mat. When businesses employ encryption and key management, they are better positioned to win and keep customers everywhere. A robust root of trust must be established to ensure that the keys and credentials that underpin the security of the encryption solutions deployed are always protected. Hardware security modules (HSMs) can enable that, acting as the root of trust to store and manage encryption keys and credentials."