Hello Friends,
Companies offering multiple services utilise stored data to cross-sell their other products and services are now a worried lot and seeking a legal opinion regarding the processing under Inida’s Digital Personal Data Protection Act, 2023.
Enjoy reading!
Privacy Enforcement
Morgan Stanley, US states reach $6.5M data security settlement
New York Attorney General Letitia James announced a USD6.5 million settlement with multinational financial firm Morgan Stanley after a multistate lawsuit claimed the company put consumer data at risk. State attorneys general from Connecticut, Florida, Indiana, New Jersey, New York, and Vermont claimed Morgan Stanley failed to decommission its computers and erase unencrypted data in certain computer devices that were later auctioned.
Data Breach
Greek real estate company managing government's properties suffers DDoS attack
The real estate company managing the assets of the Greek government sustained a Distributed Denial-of-Service attack on 8 Nov. Hellenic Public Properties reportedly informed both the Hellenic Data Protection Authority and National Cyber Security Authority that the DDoS attack had a limited effect on its operations and that it had not detected a data breach. In response to the attack, the opposition party called for a new national strategy to deal with cyber threats.
1.3M people in Maine affected by data breach, state says
Approximately 1.3 million people in Maine may have had their personal information compromised after the data transfer software MOVEit was hit by a Russian ransomware attack. The state says it has patched the breach and is offering free credit monitoring to those who were affected. Residents can call a hotline to see what data was compromised.
Privacy in Spotlight
Microsoft temporarily blocked employee access to ChatGPT
Microsoft briefly blocked employee access to ChatGPT after its internal technology department raised concerns about the software's security protections. Management again allowed access to ChatGPT about an hour later and said the restrictions were made in error. OpenAI, which created ChatGPT, is backed by Microsoft.
A review of Meta's ad-free subscription option for Instagram
Meta's new ad-free subscription service is like the company's attempts to comply with the European Data Protection Board's ruling restricting data collection for targeted advertising. A reporter found Instagram did show fewer ads, but data collection on account interactions and viewed posts reportedly remains a targeting tool
Regulations
Companies worried India's DPDPA is too strict
Some financial, health care, and telecommunications companies are considering legal action after the passage of India's Digital Personal Data Protection Act. The companies said the DPDPA's strict requirements around how personal data can be used and to delete that information if asked to do so will hurt their operations.
Independent UK data transfer council publishes international transfers report
The International Data Transfer Expert Council introduced an independent report to the U.K. Department for Science, Innovation and Technology with recommendations on the goals for sustainable international data transfers. The report details the importance of collaboration with the EU on personal data protection. The council's goal is to oster a more consistent global dialogue about where surveillance and government access could pose a risk of harm.
US lawmaker introduces parents' rights bill
U.S. Rep. Matt Gaetz, R-Fla., introduced the Parents' Right to Know Act that would allow parents access to school counseling and medical records. The bill was created in response to President Joe Biden's guidance in April on the Family Educational Rights and Privacy Act, which would require students to provide written consent for parents to see school health information.