The health care provider Albany ENT & Allergy Services agreed to pay USD2.75 million to resolve claims of failing to protect patient information and failing to respond adequately to a cyberattack. The New York attorney general's office said USD500,000 of the amount is penalty-related while the rest will be invested into information security infrastructure.Full story
Fitness app Strava's location tracking tools that allow users to track their runs have also shown the location data of politicians and U.S. Secret Service members on its platform, the Guardian reports. France's President Emmanuel Macron, as well as U.S. officials, told government workers to stop using the app to prevent further location data from being tracked.Full story
The California Privacy Protection Agency announced plans for a data broker registration compliance sweep. Through its authority under the Delete Act, the agency will explore which defined data brokers operating in California remain unregistered following a prior 31 Jan. 2024 deadline. IAPP News Editor Joe Duball reports on the sweep with thoughts from CPPA Deputy Director of Enforcement Michael Macko.Full story
Since all organizations process at least a limited amount of sensitive personal information, such as employee data, Baker McKenzie Partners Helena Engfeldt, CIPP/E, CIPP/US and Justine Phillips write that complying with the California Consumer Privacy Act can "feel like assembling a tedious jigsaw puzzle." They explain the ways companies are lawfully allowed to process sensitive data without triggering the CCPA's opt-in or opt-out requirements.Full story
The European Data Protection Board published its agenda for its upcoming plenary meeting 4 Nov. Key agenda items include discussing the EDPB's report examining the European Commission's first review of the EU-U.S. Data Privacy Framework and discussing the reply from the EU AI Office on the EDPB's statement on the role of member state data protection authorities within the AI Act Framework. Full story
Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, announced the winners of the Danilo Doneda Award for Scientific Articles. The award is a tribute to privacy and data protection scholar Danilo César Maganhoto Doneda and aims to acknowledge scholarly research into data security. Full story
Hong Kong's Legislative Council tabled the 2023-24 annual report by the Office of the Privacy Commissioner for Personal Data. The report reflects on the PCPD's efforts "to tackle the thorniest privacy risks associated with AI" and enforcement work that produced a "record-breaking surge in compliance actions, criminal investigations and arrests."Full story
India's Digital Personal Data Protection Act's draft administrative regulations will be notified prior to the 20 Nov. elections, Economic Times reports.
Turkey's data protection authority, the Kişisel Verileri Koruma Kurumu, launched an online module for data controllers and processors to fulfill notification requirements to complete cross-border data transfers using standard contractual clauses. The Personal Data Protection Board also deemed physical notification or registered electronic mail as acceptable notification methods.Full story
The Office of the Privacy Commissioner of Canada opened an inquiry into cyberattacks on the Canada Revenue Agency. The investigation will determine whether the CRA met its obligations under the Privacy Act after the agency allegedly experienced more than 30,000 privacy breaches since 2020. Full story