After a long hiatus, I have finally found the urge and sudden excitement to dive back into the latest privacy and security news. Relatively to the title, I have also made a promise to all of you to be consistent and dedicated with providing awareness around security and privacy issues in the tech world, in addition to tips that will help you to be secured. Saving the best announcement for last but never least, Happy February 1st, which observes the beginning of Black History Month and its importance to the work black people around the world have done to get to where we are today.
As always, please feel free to suggest any topics or news related to Security and privacy in the tech world as we navigate new information and tips each week.
Diving right into today's title, it dawned on me how many articles surfaced related to promises being made to protect consumers' data, and the creation of laws to make more of a physical statement, if you will. Are these promises always followed through and actually kept? I've seen a number of articles, podcast episodes, and other results that suggest otherwise. No, we cannot 100% prevent data breaches given the knowledge, skills, and technology hackers have acquired in order to outsmart security systems and the best encryption there is, but what we can do is be honest with the consumers' data we consume, use, store, and even sell.
So let's take a look at a few promises that were not kept:
Federal regulators allege that Drizly, alcohol delivery app, and Rellas were alerted to security problems two years before Drizly's 2020 breach, yet failed to act to protect consumers’ data.
The Irish watchdog fined Meta-owned Instagram 405 million euros in September after it found that the platform mishandled teenagers’ personal information. Meta was fined 17 million euro fines in March for its handling of a dozen data breach notifications.
In 2021, the watchdog fined Meta’s chat service WhatsApp 225 million euros for violating rules on sharing people’s data with other Meta companies.
Twitter's former Security Chief came forth with serious allegations, one of which Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had put stronger measures in place to protect the security and privacy of its users.
Sephora failed to tell customers that it was selling their personal information, failed to allow customers to opt out of that sale, and didn’t fix the problem within 30 days as required by the law, even after it was notified of the violation
Shall I continue? These are just a few examples from the past 2 years where well known companies have failed to protect their users' information AND in majority of the above, inform those users of data breaches that happened as a result of those false promises. What is the point of Privacy Notices, Privacy Policies, Terms of Use, etc. if companies don't abide by them? The answer is Privacy Laws, such as the California Consumer Privacy Act and European Union rules, known as General Data Protection Regulations. As long as we have these laws and practices in place, companies will have no choice but to be fined and face other consequences for not protecting our data, the worst of which is Brand Reputation.
For more information on the above bullet points listed, you can check out my sources below:
What are your thoughts on this topic? Subscribe to my blog if you haven't already and follow my Instagram - ToBeSecured for CyberTuesday vlogs. I have launched my YouTube channel and you can find me by simply typing Kassirer Dunn into the search engine. Thank you for tuning in and remember ToBeSecured!
Comentários