Get Started

October 31, 2024

Issue 36 — Latest in privacy & security

In today's email…

  • Tips from the new CPPA dark pattern advisory
  • FCC expands cooperation with state
  • New CFPB rule aims for open, competitive banking
  • SEC announces $7 million fine over inaccurate breach disclosures
  • End-user error is still your biggest cybersecurity challenge

Here we go! 

 Latest in Privacy and Security

  • The CPPA issued an advisory reminding orgs that dark patterns are illegal under the CCPA. Intent doesn’t matter; if your choices are potentially confusing to consumers, you’re at risk of enforcement actions. Make sure the choices you give consumers:
  • Use clear, easy-to-understand language
  • Avoid technical jargon
  • Are symmetrical — e.g., opting out should be no longer or more difficult than opting in
  • The FCC’s Privacy and Data Protection Task Force is expanding a 2023 program to help states enforce data protections, by partnering with State Attorneys General in 10 states and the District of Columbia. This nearly doubles the program, which began with 5 states and DC. Read more

  

Regulations / Fines

  • A new CFPB rule requires financial services to transfer personal info for free at the consumer request. The Personal Financial Data Rights rule aims to create a more open, competitive financial market. Enforcement starts on 4/1/2026 for large companies, and 4/1/30 for the smallest institutions.
    Read more
  • The SEC fined four companies a combined $7 million for misleading consumers about the 2019 SolarWinds hack, with Unisys paying the largest fine ($4 million.) The companies downplayed the hack in different ways, from not fully sharing the types of data compromised, to entirely failing to disclose that they had been hacked. Read more
  • Human error is still the biggest problem in Cybersecurity, according to a new survey of IT professionals. According to the 2024 Kaseya Security Survey, 89% of IT pros believed end users were their main cybersecurity problem, split roughly equally between poor user practices, and lack of end-user training.

  Upcoming Events

 

Job Board

  • Chief Privacy Officer at Ancestry: Ancestry is seeking a VP & Chief Privacy Officer to oversee global and product privacy. The CPO will report to the General Counsel, and work with the board and management on compliance and strategic development.
  • Privacy Program Manager at Roblox: Roblox is looking for an experienced Privacy Program Manager to join our Legal team! This is a full-time position based in San Mateo, CA (hybrid structure with 3 days onsite per week) and will report to the Head of Privacy, Legal.
  • Director of Privacy at Microsoft: M+S Privacy is seeking a highly experienced Director of Privacy to lead and perform comprehensive privacy reviews for the tools and systems used across the Marketing and Microsoft Customer & Partner Solutions (MCAPS) organizations.
  • Privacy Risk & Compliance Manager: Reporting to Rivian’s Senior Director of Privacy, you will help to lead Rivian’s privacy risk and compliance efforts worldwide, with a focus on Rivian products. You will work closely with product teams to promote privacy-by-design, perform risk assessment (e.g., privacy impact assessment), and support overall privacy program operations and growth.

 

Trust meme of the day

Trust meme of the day

Planning for Q1 2025?

  • Let us help you design your privacy and security program the right way.
Loading GTM...