Security News
Some states have enacted privacy laws, and the federal government has enacted industry-specific laws - HIPAA, Gramm-Leach-Bliley Act and FCRA - but there is no single, homogeneous enforceable set of data privacy guidelines that all US companies are required to follow. With the emergence of stronger privacy laws abroad, the absence of national data privacy regulation in the US is making it harder for US companies to compete for global partners.
If you’re a WhatsApp user, pay attention to the changes in the privacy policy that you’re being forced to agree with. In 2016, WhatsApp gave users a one-time ability to opt out of having account...
In organizations, Apple's App Privacy data can start a conversation about privacy-respecting apps as well as help IT leaders stop the use of apps that collect more data than necessary. For more details, see: How Apple's new App Store privacy requirements may affect users and app developers.
Mozilla is strengthening the privacy protections in Firefox with the implementation of Encrypted Client Hello, an evolutionary step from Encrypted Server Name Indication. In 2018, just after Cloudflare turned on Encrypted SNI, Mozilla added support for encrypting the Transport Layer Security SNI extension to Firefox Nightly.
Intel introduced Intel RealSense ID, an on-device solution that combines an active depth sensor with a specialized neural network designed to deliver secure, accurate and user-aware facial authentication. "Intel RealSense ID combines purpose-built hardware and software with a dedicated neural network designed to deliver a secure facial authentication platform that users can trust," said Sagi Ben Moshe, Intel corporate vice president and general manager of Emerging Growth and Incubation.
IPinfo announced the availability of its Privacy Detection API. This API detects various methods used to mask a user's true IP address, including VPN detection, proxy detection, tor usage, or a connection via a hosting provider, which could potentially be used to tunnel traffic and mask the true IP address. IPinfo performs custom full internet-wide scans to detect almost 10 million active VPNs. This is combined with data on public SOCKS and HTTP proxies, tor exit nodes, and its own IP usage type classification to determine which IP ranges belong to hosting providers.
OneTrust, a provider of privacy, security and data governance tools, announced a $300 million Series C funding round led by new investor TCV. The company's valuation has nearly doubled in the past ten months, jumping from $2.7 billion when the company announced its $210 million Series B round in early 2020, to a current valuation of $5.1 billion. OneTrust says that more than 7,500 customers, including more than half of the Fortune 500, use its technology to comply with ever-changing privacy, security, and compliance requirements.
Something else to consider are third-party vendors such as analytics providers, advertisers, and payment processors who collect data on the company's business website. Customers should be advised who collects what data and given access links to the appropriate privacy policies.
United Kingdom's Information Commissioner's Office has warned organizations that fell victim to the SolarWinds hack that they are required to report data breaches within three days after their discovery. The UK independent authority urged organizations using compromised versions of the SolarWinds Orion IT management platform to check for evidence of attackers infiltrating their network and gaining access to personal information.
Facebook is again pushing back on new Apple privacy rules for its mobile devices, this time saying in full page newspaper ads that the social media giant is standing up for small businesses. In ads that ran in The New York Times, The Wall Street Journal and other national newspapers Wednesday, Facebook said Apple's new rules "Limit businesses' ability to run personalized ads and reach their customers effectively."