00;00;06;24 - 00;00;39;29
Speaker 1
This is a data privacy detective. It's Labor Day 2022. And dear listeners, this will be the first of what will become monthly reports on what happened the prior month. So we're going to think about some things that happened in August 2020 to that effect. Data, privacy and cybersecurity matters. Let's start with California Company known as Cigar, a settled a California lawsuit for $1.2 million.

00;00;41;01 - 00;01;16;03
Speaker 1
Now, Software is a cosmetics company and it was accused of violating California's Consumer Privacy Act. And this is an example of what happens when you have states with very different codes in California, has advance codes in the consumer privacy area. And a plaintiff filed a suit claiming that online retailers like Sephora were doing something in violation of the California Consumer Privacy Act.

00;01;16;06 - 00;01;43;27
Speaker 1
And what were they doing? Well, they were selling customer information without notifying their customers that they were doing that. Now, companies do this for a variety of reasons, for advertising, for selling to mortgage brokers and so on. And this is the settlement, meaning no court ruling. But you can see how $1.2 million for a cosmetics company is more than chump change to resolve a case.

00;01;43;28 - 00;02;15;08
Speaker 1
And one would think it's a signal that companies. There are many that aren't located in California. Better think twice before selling customer information without notifying the customers. Now, this is one that's quite interesting. The Federal Trade Commission, the FTC, has filed a lawsuit in Idaho claiming that the data broker sold 61 million users mobile location data to third parties.

00;02;15;21 - 00;02;53;12
Speaker 1
Now, KUJAWA is a data broker located in Idaho, and it sweeps up vast amounts of location information from hundreds of millions of mobile devices. And then it packages them into customized data, feeds that match unique mobile device identification numbers with location information. And those data feeds, of course, can be used then to help the clients of each other in advertising, analyzing foot traffic at a grocery store, for example.

00;02;54;12 - 00;03;33;13
Speaker 1
You know, legitimate customer marketing matters, but certainly things that are subject to abuse. Well, what kind of abuse? Well, this data could identify people who recently visited a reproductive health clinic or attended a synagogue or a mosque or Christian church or satanic religious gathering, whatever it may be in the religious area. It can obviously be misused by some people that don't agree with their religion or sect.

00;03;33;13 - 00;04;05;27
Speaker 1
It can tell whether someone's visited a homeless or domestic violence shelter. Well, so much for the privacy generally is women fleeing for men in domestic violence situations a way for the men to find out where the spouse is not a great idea. Adoption or addiction recovery centers. Location data will tell those who have access to it whether someone visited a alcohol or drug related recovery center.

00;04;06;26 - 00;04;46;06
Speaker 1
Obviously, this these are very sensitive matters. And the FTC, by the way, the vote was 4 to 1. There was a dissenter. But the FTC has issued a policy statement and given notice in 2021 that it doesn't believe that it's legally proper for a data broker to share or for that matter, the company that sweeps it up to begin with to share sensitive health data or location data and this kind of thing with third parties.

00;04;47;17 - 00;05;22;09
Speaker 1
We'll see what the courts do with this. And whether the FTC is a regulatory authority is as broad as this case would suggest. Very interesting matter, especially in the wake of the overturning Roe v Wade, which has everyone's attention, no matter what side of the issue you're on about that. About data privacy. Facebook settled in a federal case that accused it of unlawfully sharing user information with third parties.

00;05;22;11 - 00;05;51;12
Speaker 1
Now, you may remember the Cambridge Analytica case with the 2016 election. So, again, this is a settlement, not a court decision, but Facebook choosing to settle rather than contest the issue. But it's not so clear at all that they can simply share user information with third parties as they may wish to do it without better information and notification to users of Facebook core medical materials.

00;05;51;25 - 00;06;24;18
Speaker 1
Now, here's another one. Following a data breach involving over 8 million users, private information, a number of individuals filed a class action suit against the company block the Capital B over the mobile payment companies handling of the situation. What was the claim? Well, the claim was that the but block waited too long that the parent company of Cashapp and square on its block waited too long to inform customers of the incident and then didn't share enough information about it.

00;06;25;21 - 00;06;45;07
Speaker 1
Well, this gets to the need for prompt notification of people if there is a data breach, and hard as it is to know for sure, there's been a data breach for companies and they can't wait too long and then they need to be pretty clear about what happened to give their customers or the victims of a data breach time to react to it.

00;06;45;20 - 00;07;30;13
Speaker 1
Now, the FBI in August warned investors in blockchain and cryptocurrency matters to use caution when engaging with decentralized finance. Sometimes you see the acronym D. S Defi. That's a decentralized finance platform. The FBI had noticed a rise in cyber attackers exploitation of vulnerabilities in smart contracts that exist within the blockchain world. That allowed the stealing of cryptocurrency. Well, obviously, to an investor, if that's a real risk that is on the rise, that could seriously affect the material ality of the trading.

00;07;30;14 - 00;07;59;20
Speaker 1
The amount of value placed by investors on a company, on a defined company. California, which has been an early driver in data privacy rules with its ACT, Consumer Privacy Act and other acts that are already law, is working on a new matter that has to do with age appropriate design codes, but must also site subject to California law.

00;08;00;05 - 00;08;28;14
Speaker 1
Why does it matter what all sites must do when they have under-age users and right there to stop for a minute. How do you know the age of a user? Not not to say, oh, I clicked on over 18. Who knows that that's being done by a 13 year old. And then there's the phrase, quote, dark patterns, close quote in the the draft law that is circulating.

00;08;28;14 - 00;08;54;09
Speaker 1
What's a dress pattern? Dark, battered? What is a dark matter? I think we sort of can feel our way through it, but it's a bit, isn't it, without more specificity, like saying, well, where there's a law forbids pornography. Well, better define it. What does that mean? The law may be subject to such different interpretations that will find it overly broad and troublesome.

00;08;55;09 - 00;09;31;16
Speaker 1
And finally, for an August sweep of the Premier primarily been focused on US matters this month, the C.I. essay get to know what the CSA is. That's a federal agency. If you figured it out. Well, it's the U.S. Cybersecurity and Infrastructure Security Agency. So this is a federal agency dealing with cybersecurity and infrastructure security, things like the electric grid, utilities, water systems, major infrastructure in the United States.

00;09;32;20 - 00;10;07;04
Speaker 1
And what's the latest? Well, it has to do with the rise and the advent of quantum computing. Now, we've covered this in prior posts with some wonderful guests we've had about how quantum computing channels, engines, the current status of using double factor authentication and encryption and other things to try to control the privacy of personal information, the things you can do yourself now, but also that companies do to be privacy centric as best they can.

00;10;07;04 - 00;10;42;11
Speaker 1
Quantum computing is certainly threatening that. And now even the CIA is saying focused on major infrastructure uses is warning about how cyber security of infrastructure really needs to change. And on that, there's a fascinating article by Danny Carver written on August 26, 2022 and Z Net, a very fine web based source of information about cyber security in the age we're living in.

00;10;42;19 - 00;11;06;22
Speaker 1
Well, that's a sweep for August. We'll be back to you on a monthly report in October. Have a wonderful September. And as always, I would remind us on protecting your personal data begins with you.