The FTC recently sent a letter to a Chinese based children's app maker alleging that it may be in violation of the Children's Online Privacy Protection Act (COPPA). According to the allegations, "it appears the child-directed applications marketed by
the company, BabyBus, appear to collect precise geolocation information
about users" without parental consent.
COPPA requires companies collecting personal information from
children under 13 to post clear privacy policies and to notify parents
and get their consent before collecting or sharing any information from children. While this app is not the only one that has allegedly violated COPPA and/or collected more information than needed to operate, it demonstrates a very troubling trend in apps: privacy by design continues to be an afterthought.
While I believe the FTC's letter is a positive development, it demonstrates the need for constant vigilance to protect our children's privacy. In general, it is none of the app's business where my children live, go to school, play, etc....
Copyright 2014 by Shear Law, LLC. All rights reserved.
Tuesday, December 23, 2014
A Sony Hack Lesson: Digital Privacy and Cyber Security Go Hand and Hand
The Sony hack has taught us many lessons about digital privacy and cyber security. One of the biggest lessons is to be careful about what you put in an email. Another is to ensure that proper email retention policies are in place. A third lesson is that employees need to be better trained about these issues. As privacy law expert Prof. Dan Solove recently stated, there are real harms when one's privacy is breached.
According to multiple published reports, the FBI has named North Korea as the prime suspect in the hacking attack. If North Korea directed or encouraged those responsible for the hack because it wasn't happy with the theme of the movie The Interview it opens up a new front on what companies will have to prepare for when a business decision may not be popular with a foreign government or a well funded adversary.
If a nation state such as North Korea or a well funded organization is determined to hack into a corporate computer system it will do so. Companies can take steps to reduce the risk by creating new digital policies, training their employees, installing new cyber security systems, taking certain systems offline, etc...
The Sony hack has exposed most if not all of its secrets for all to see. From the troubling gender pay gap to the leak of social security numbers, personal health care records, corporate budgets, etc...the hack has greatly damaged Sony's reputation. While Sony may eventually be able to recover from this very troubling matter, it wouldn't surprise me if multiple executives leave the company in the near future due to what is contained in their emails.
The bottom line is that the most state of the art cyber security system may not protect against human error or stupidity. Therefore, it is imperative to constantly train and educate employees about digital privacy and cyber security matters. Privacy is something we take for granted until it has been lost. With the right education and mindset, privacy and cyber security doesn't have to be a luxury.
Copyright 2014 by Shear Law, LLC. All rights reserved.
According to multiple published reports, the FBI has named North Korea as the prime suspect in the hacking attack. If North Korea directed or encouraged those responsible for the hack because it wasn't happy with the theme of the movie The Interview it opens up a new front on what companies will have to prepare for when a business decision may not be popular with a foreign government or a well funded adversary.
If a nation state such as North Korea or a well funded organization is determined to hack into a corporate computer system it will do so. Companies can take steps to reduce the risk by creating new digital policies, training their employees, installing new cyber security systems, taking certain systems offline, etc...
The Sony hack has exposed most if not all of its secrets for all to see. From the troubling gender pay gap to the leak of social security numbers, personal health care records, corporate budgets, etc...the hack has greatly damaged Sony's reputation. While Sony may eventually be able to recover from this very troubling matter, it wouldn't surprise me if multiple executives leave the company in the near future due to what is contained in their emails.
The bottom line is that the most state of the art cyber security system may not protect against human error or stupidity. Therefore, it is imperative to constantly train and educate employees about digital privacy and cyber security matters. Privacy is something we take for granted until it has been lost. With the right education and mindset, privacy and cyber security doesn't have to be a luxury.
Copyright 2014 by Shear Law, LLC. All rights reserved.
Subscribe to:
Posts (Atom)