Month: September 2019

Yesterday I had the opportunity to attend a PrivacyConnect CCPA & GDPR workshop put on by OneTrust. You can see the schedule of upcoming workshops here. The workshops are free and a great resource for getting up to speed on the CCPA & GDPR. They cover a lot of material, but take time to answer questions and provide a good opportunity for attendees to network as well. If you are in one of the workshop locations, you should make time to attend!

I came across this article from ZDNet in which Professor Richard Buckland (from the University of New South Wales) is quoted as saying, “Cybersecurity is like knowing good nutrition.” He goes on to explain that it is a set of skills that all of need to know, but in the normal population–outside of experts–hardly anyone understands. I think Professor Buckland makes a great point. People don’t understand cybersecurity, so the fact that you’re reading this and thinking about it puts you ahead of the curve. Now make sure you are using your knowledge to your advantage and protecting yourself and educating those around you. You should also be looking for ways to communicate it to others so they can understand too. If we all keep at it, eventually the world will start catching on to the global importance of cybersecurity.

An article on Dark Reading says that more than 99% of email-based cyberattacks require the victim’s assistance. The article is based on Proof Point’s 2019 Human Factor report. While it is not really surprising, it is a good reminder how important it is to be wary about what you click when you receive an email. Make sure you and your staff are taking an extra second to look for the signs of a phishing attack before you click. That extra second could save you time and money that would otherwise be spent trying to recover from a malware attack.

It is being widely reported today that Google has agreed to pay the FTC a $170 million fine for YouTube violating COPPA (Children’s Online Privacy Protection Act). The FTC has enforcement power over COPPA and the fine is the largest civil penalty the FTC has levied under COPPA, “dwarfing the previous record fine of $5.7 million that the agency levied this year against the owner of TikTok, a social video-sharing app.” New York Times. YouTube’s violation was collecting data about children under the age of 13 viewing videos and then using that data to profit by selling advertising targeting those users. Apparently, YouTube even told some advertisers that they were not violating COPPA because they had no viewers under the age of 13. Anyone with a phone or tablet and a toddler knows that statement is miles from the truth.

While some argue the fine is a mere slap on the wrist for Google, following on the heels of the $5 billion Facebook privacy settlement, it shows an increasing intolerance for privacy violations in the US. The fine may not really affect YouTube’s bottom line, but it serves as a warning that even the biggest corporations are going to be expected to comply with privacy laws. You can assume that the FTC hopes that smaller corporations that target children will think twice about their privacy practices and follow the law to avoid such fines.