Washington State legislators passed a new Data Breach bill, HB 1071, that strengthens data breach notification laws. The new law now includes the expansion of the definition of personal information and also reduces the breach notification deadline.
The European Parliament voted in favor of a massive database to unify and track biometrics data of EU and non-EU citizens, as part of approved Interoperability Legislation.
A government report revealed that the Federal Emergency Management Agency (FEMA) did not safeguard disaster survivor's personal data on up to 2.3 million people. FEMA shared the sensitive personally identifiable information (SPII) with a third party.
The National Institute of Standards and Technology (NIST) has released its Security Publication (SP) 1800-4, that includes security guidelines for mobile device security in cloud and hybrid environments.
French data protection watch dog and data privacy agency, CNIL, has imposed nearly a $57 million fine against Google for violating GDPR privacy rules. This is the first time GDPR-related penalties have been imposed against a large U.S. technology company since GDPR was first made into law last year.
A massive data leak from an ElasticSearch server has exposed information on over 108 million bets, as well as personal information, deposits and withdrawals. The server was not configured with any password or authentication required to protect the data.
Google announced a major security enhancement to its public Domain Name Service (DNS), the most widely used public DNS recursive resolver service used on the internet.
Two notable data loss incidents were reported on Wednesday, to include ElasticSearch data leak and Atrium Health data breach.
The company downgraded the user impact to 30 million users from 50 million users and also shared the details of the attacks that exploited a vulnerability in Facebook’s code that existed between July 2017 and September 2018.
Google has announced the sunsetting of the consumer version of Google+, as well as additional findings and actions from an operational review of its privacy controls dubbed "Project Strobe."