Get Started

December 19, 2024

Issue 39 — Latest in privacy & security

In today's email…

  • Lessons from the SEC’s record-setting year
  • New phishing scam using corrupted Word docs
  • Japan’s new proposal for stopping cyberattacks
  • FTC accuses two data brokers of unlawful tracking,
  • TerraTrue’s reimagined assessment templates feature unprecedented control
  • Upcoming webinars & events

  Latest in Privacy and Security

  • Phishing scammers are now using corrupted Microsoft Word docs and zip files to bypass security software. The docs, which mimic payroll or HR files promising employee benefits or bonuses, generally won’t trigger a virus scan. If a user opens the file, Word will ask if they want to recover the document. Once recovered, the doc shows a logo of the targeted business, along with a QR code, leading to a phishing site. Read more
  • Japan has lagged behind in cybersecurity, but that may be about to change. A new government proposal aims to curb major cyberattacks by:
  • Monitoring communications between Japan and other countries
  • Strengthening public-private security cooperation
  • Requiring infrastructure companies to report cyberattacks
  • Creating an independent body to oversee government cybersec efforts
  • Establishing a response system for cybersecurity emergencies. Read more

  Regulations / Fines

  • A proposed FTC settlement accused two companies of unlawfully tracking consumers, and using the data to infer sensitive information. The FTC claims that:
  • Mobilewalla tracked political protestors, and attempted to unmask the targets’ race.
  • Gravy Analytics used data to deduce consumers’ health decisions and religious beliefs without consent.
  • The proposed settlement would stop both from collecting or retaining sensitive location data. Read more
  • In 2024, the SEC charged $8.2 billion, its highest total on record, in spite of a 26% drop in enforcement actions. Here are a few takeaways::
  • Incentivize whistleblowing and self-enforcement: Whistleblowers were a major driver of federal enforcement actions in 2024, with the SEC alone handing out a total of $224 million in whistleblower awards. Create your own self-reporting and whistleblowing incentives for workers to share concerns, without fear of retaliation. If whistleblowers feel comfortable coming forward, you can fix compliance issues before they lead to costly enforcement actions.
  • Watch the regulatory environment: Enforcement actions, statements, new laws, and judicial rulings can tell you where the regulators are putting their focus — and where you should put yours.
  • Lead by example: Unless your leaders are invested in compliance, it’s going to be an uphill battle. Use regular training to make sure they understand what’s at stake, and how to remain in compliance.
  • Test your capabilities: Simulate breaches, audits, insider threats, and other regulatory and security events to make sure your system is ready.
  • Technology ties it together: Compliance automation dramatically reduces the workload, improves accuracy, and increases agility, keeping you ahead of your regulatory obligations.

  Feature Focus

  • TerraTrue has refined our assessment templates to give you unprecedented control. Our fully customizable DPIA, LIA, PIA, and TIA templates automatically populate assessment responses from your data specs. The templates preserve our simple and intuitive workflow, while making it easier to build complex assessment hierarchies to the precise needs of your organization. Read more.

 Upcoming Events

 Job Board

GDPR cat

Upgrading Your Privacy & Security Program for 2025?Let us help you think through how to plan, budget, and design your program.

Loading GTM...