Security News

Facebook has agreed to pay a Can$9 million fine for making false or misleading claims about its privacy settings, Canada's competition watchdog announced Tuesday. An investigation of the social media network's practices from 2012 to 2018 found that the company gave Canadians the impression that users could control who saw their personal information on Facebook and Messenger.

The complaint alleged that TikTok violated a previous agreement with the FTC, where it had vowed to remove all videos previously uploaded by children under the age of 13 and make stronger efforts to request parental consent when collecting children's personal data. TikTok's previous agreement came after it was slapped with a $5.7 million FTC fine for violating the Children's Online Privacy Protection Act, which sets privacy rules for operators of websites or online services directed to children under 13 years of age.

On Friday, the Dutch Data Protection Authority announced that it's launched an investigation into how TikTok handles user privacy. The rise of TikTok has led to growing concerns about privacy.

In early March, as COVID-19 impacted areas of the U.S., new healthcare data rules were issued by the Department of Health and Human Services' Office of the National Coordinator for Health Information Technology and Centers for Medicare & Medicaid Services to "Give patients unprecedented safe, secure access to their health data" so that they can better manage their care. Under the purview of HIPAA and new breeds of state privacy laws and regulations, these apps will need to be built with security and privacy in mind, governed with the right controls, and provide appropriate patient verification and authentication.

HID Global, a worldwide leader in trusted identity solutions, and Keyfactor, a provider of secure digital identity management solutions, announced a collaboration that will improve how organizations secure data and protect privacy. Transport Layer Security/Secure Sockets Layer certificates establish an encrypted connection between a browser or user's computer and a server or website to ensure data security, privacy and authenticity.

Many online training sites are offering significantly reduced prices on training programs during the month of May. This roundup includes free courses for people who are new to cybersecurity as well as specialized courses about security for the Internet of Things and California's new privacy law. Free online courses for security basicsIf you're not ready to spend money on cybersecurity training, take a look at the SANS Cyber Aces Online Courses.

The California Consumer Privacy Act is a lesson in missed opportunities. In September 2017, Alastair Mactaggart and Mary Ross proposed a statewide ballot initiative entitled the "California Consumer Privacy Act." Ballot initiatives are a process under California law in which private citizens can propose legislation directly to voters, and pursuant to which such legislation can be enacted through voter approval without any action by the state legislature or the governor.

These days, Josh is writing about the future of data policy and ownership, which are important issues for everyone that's really involved in the development of a new app or a system, from developers to project managers and everybody in between so that's why he's here talking about some of those things that developers need to know about data collection. One thing that we really need to start looking at it differently is the separation between data ownership and data privacy and data security because a lot of times I feel when people are talking about this, it gets all balled up into one.

In a post-Cambridge Analytica world, developers are more important than ever to the data privacy and security of the software they build.

People can generally hear audio frequencies ranging from 20 Hz and 20,000 Hz, though individual hearing ranges vary. Samuel Weiler, a web security engineer with MIT CSAIL and a member of the W3C's Privacy Interest Group, recently pushed to re-open a discussion about limiting the Web Audio API so that it cannot be used to generate or listen for ultrasonic signals without permission.