Security News
Unexpectedly, in December, Apple published a blog thanking Google for suggesting some changes to ITP which they'd implemented in Safari as part of December's iOS 13.3, and Safari for macOS 13.0.4 updates. Any site can issue cross-site requests, increasing the number of ITP strikes for an arbitrary domain and forcing it to be added to the user's ITP list.
An internet privacy firm says it was able to access private personal information of more than 30,000 medical marijuana patients, recreational pot customers or dispensary employees in several states. The privacy firm was searching for unsecured data online and says the database has now been secured.
Online services could help to prevent that and other types of harm that are befalling kids, but they aren't doing enough, the UK's data watchdog says. On Tuesday, the ICO published a code to ensure that online companies do just that - protect kids from harm, be it showing kids suicidal content, grooming by predators, illegal collection and profiteering off of children's data, or all the "Smart" toys and gadgets that enable children's locations to be tracked and for creeps to eavesdrop on them.
Verizon has slung out a new, privacy-focused search engine in an effort to win over customers who prefer not to have their browsing habits tracked by ad-slingers and the like. Three years ago, it bought Yahoo! and two years before that, AOL, in a ham-fisted effort to woo millennials away from Facebook and Google - which it later rebranded as Oath and then the Verizon Media Group.
Artificial intelligence - more specifically, the machine learning subset of AI - has a number of privacy problems. There is currently a fine line that AI developers must walk to create useful systems to benefit society and yet avoid violating privacy rights.
Apple is rolling out a new update to its iOS operating system that addresses the location privacy issue on iPhone 11 devices that was first detailed here last month. In December, KrebsOnSecurity pointed out the new iPhone 11 line queries the user's location even when all applications and system services are individually set never to request this data.
NIST has released a Privacy Framework to help you get your house in order. The brand new Privacy Framework 1.0 is the equivalent document for protecting peoples' personal privacy.
The National Institute of Standards and Technology last week announced version 1.0 of its Privacy Framework, a tool designed to help organizations manage privacy risks. NIST published a preliminary draft of the Privacy Framework in September 2019, when it requested public feedback.
The publication also provides clarification about privacy risk management concepts and the relationship between the Privacy Framework and NIST's Cybersecurity Framework. The NIST Privacy Framework is not a law or regulation, but rather a voluntary tool that can help organizations manage privacy risk arising from their products and services, as well as demonstrate compliance with laws that may affect them, such as the California Consumer Privacy Act and the European Union's General Data Protection Regulation.
Osano, a company building the first platform for data privacy transparency, has automated the compliance process for the California Consumer Privacy Act. By automating data privacy for businesses, Osano relieves the cognitive overhead on businesses and sets them up for a productive decade ahead. Activated January 1, 2020, the CCPA enables California residents to demand the sharing or deletion of data held by businesses that meet certain revenue, data-sharing or sales thresholds.