California Attorney General Xavier Becerra endorsed a bill last week that expands the state's new privacy act to permit consumers to sue companies over their handling of personal data. The privacy law that was passed in 2018 gave consumers the right to sue only in the case of a data breach. The new bill allows them to sue over any violations. Becerra acted against the wishes of tech lobbyists, according to Reuters. Jason Stearns, ARMA’s president-elect, says the expansion of “the most significant change in the U.S. privacy landscape” heightens the need for a strong IG program within organizations. “This…
Read Article

In January, the Illinois Supreme Court ruled an individual does not have to plead an actual injury or harm, apart from the statutory violation itself, in order to sue under the Illinois Biometric Information Privacy Act (BIPA), as reported by Jeffrey Neuburger of Proskauer. The long-awaited decision stems from Rosenbach v. Six Flags Entertainment Corp. According to Neuberger’s account, because the BIPA statute does not define “aggrieved,” many legal arguments and amicus briefs have tried to influence the Court as to its meaning. John J. Isaza, Esq, of Rimon P.C., tells ARMA International the issue is not necessarily settled: “Despite…
Read Article

Dropbox has announced its acquisition of HelloSign, an organization that provides document workflow and e-signature services. Whitney Bouck, COO of HelloSign, told ARMA International that the company is “thrilled to be joining the Dropbox family.” She said, “With so many similarities between our products, business models, and cultures, it’s a natural fit. This move will accelerate our mission to give customers a better way to get work done.” Quentin Clark, Dropbox’s senior vice president of engineering, told TechCrunch that the workflow capabilities were integral to the acquisition: “What is unique about HelloSign is that the investment they’ve made in APIs…
Read Article

The New York Times was among the many sources recently reporting that the French data protection authority fined Google about $57 million for “not properly disclosing to users how data is collected across its services – including its search engine, Google Maps and You Tube – to present personalized advertisements.” It’s the largest penalty given for violating the General Data Protection Regulation (GDPR). According to the Times, it “shows that regulators are following through on a pledge to use the rules to push back against internet companies whose businesses depend on collecting data.” The ruling hits at Google’s basic practice…
Read Article

Published on Oct. 22, the Information Governance Body of Knowledge (IGBOK) provides information governance (IG) stakeholders – information management, information technology, legal, risk/compliance, privacy, security, and business unit heads – the clear, concise, and practical guidance they need to govern their organization’s information assets effectively. Filled with strategic advice, policy guidance, “how to” processes, and valuable templates, IGBOK was developed by a group of subject matter experts representing the IG stakeholder groups; collectively, this group has more than 500 years of experience and expertise. Those who purchase this edition of IGBOK will receive the second edition free of charge. Learn…
Read Article

The following award winners for the last fiscal year (July 1, 2017, to June 30, 2018) were announced at ARMA International’s 63rd Annual Conference & Expo in Anaheim, California, in mid-October. Company of Fellows ARMA International’s highest recognition is to be named to its Company of Fellows. This award honors ARMA members who have distinguished themselves through outstanding achievements and contributions in information management, as well as through noteworthy accomplishments in all levels of the association. This year’s two inductees bring the total number of Fellows of ARMA International (FAIs) to 60. Anita P. Castora, IGP, CRM, CBCP, FAI #59…
Read Article

Cyberscoop.com reports that at the recent United Nations (U.N.) session, White House officials gauged interest in restarting talks on global cybersecurity norms. Such negotiations crumbled in 2017 because of acrimony among certain countries, reportedly due to disagreements between Washington and Moscow and others over the right to self-defense in cyberspace. In a recent meeting with agents from some 20 U.N. countries, U.S. Deputy Secretary of State John J. Sullivan encouraged renewing the conversation at the U.N. Group of Governmental Experts (GGE), according to a U.S. State Department statement. “[N]onbinding norms of responsible behavior during peacetime provides important guidance to states,…
Read Article

Recently the United States, Mexico, and Canada proposed a new trade pact to replace the North American Free Trade Agreement (NAFTA). According to the HuntonPrivacyBlog, the new pact recognizes “the economic and social benefits of protecting the personal information of users of digital trade” and will require the three nations to “adopt or maintain a legal framework that provides for the protection of the personal information of the users[.]” This framework, according to the Hunton blog, should include such principles as limitations on collection, choice, data quality, purpose specification, use limitation, security safeguards, transparency, individual participation, and accountability. The agreement…
Read Article

As reported by ZDNet.com, a class-action lawsuit has been filed in Illinois that claims Wendy’s restaurant chain has broken state laws by improperly storing and managing employee fingerprints. The complaint centers on Wendy’s practice of using biometric clocks that scan fingerprints when employees arrive at work, when they leave, and when they use the point-of-sale and cash register systems. The suit contends that Wendy’s breaks the Illinois Biometric Information Privacy Act (BIPA) because the company doesn’t inform its employees how it uses their data and fails to obtain a written release with their explicit consent to obtain and handle the…
Read Article

In a recent piece on Information-Management.com, Matthew Nelson, an attorney with DiscoverReady LLC, says the 2018 California Consumer Privacy Act (CCPA) is constantly evolving, evidenced by the September passing of Senate Bill 1121, which serves rather like an amendment to the CCPA. Nelson says because of SB-1121, consumers bringing a private right of action no longer must notify the attorney general. Further, organizations no longer must disclose on their website or in their online privacy policy that a consumer has the right to delete personal information. Importantly, SB-1121 also made the CCPA effective immediately, but it extended the compliance deadline,…
Read Article

A Verizon report suggests that nearly 60% of data security incidents at healthcare organizations are caused by insiders, according to an article on Law.com. The “Protected Health Information Data Breach Report” implies that healthcare is the only industry in which internal players are the greatest threat to an organization’s data security. The study reviewed 1,368 security incidents involving patient medical records in 27 countries. It included confirmed breaches and security incidents in which data was at risk but not confirmed as having been compromised. Reporter Kristen Rasmussen says employers may take comfort in knowing that not all the internal breaches…
Read Article

ZDNet.com reports that near the Arctic Circle, experts at the National Library of Norway’s (NLN) secure storage facility are implementing an astonishing plan for digitizing everything ever published in Norway: books, newspapers, manuscripts, posters, photos, movies, broadcasts, and maps, as well as all websites on the Norwegian domain. The work was begun 12 years ago and will likely take 30 years to complete. According to the article, the library has more than 540,000 books and 2 million newspapers in its archive. Because the materials have been mass-scanned and OCR-processed, their content is free-text searchable.NLN’s mandates are for long-term safe storage…
Read Article

Eweek.com reports that the government of Canada is taking an active, aggressive strategy to defends its networks from cyber attacks. In October, Scott Jones, head of the Canadian Centre for Cyber Security at the Canadian Security Establishment (CSE), summarized the steps being taken and how individuals and organizations can benefit from the same approach. “Every day, the CSE blocks hundreds of millions of malicious activities directed at the government of Canada... We decided to break the cycle and make it harder for people to discover our vulnerabilities,” he said in a keynote. Jones says the CSE is making it more…
Read Article

As widely reported, the mid-September Facebook data breach may have affected nearly 50 million accounts. Bloomberg.com refers to it as “the latest in a series of missteps that are undermining confidence in the company’s social network and business model.” In a statement, Facebook said it has fixed the breach, which had let hackers take over accounts. The accounts of Chief Executive Officer Mark Zuckerberg and Chief Operating Officer Sheryl Sandberg were among those targeted by the hack, according to Bloomberg. Because of user data leaks, security breaches, and the spread of misinformation, Facebook has had to confront hostile congressional hearings…
Read Article

A recent Gartner Inc. report predicts the current enterprise content management (ECM) market will “devolve into purpose-built, cloud-based content solutions and solution services applications.” According to an article on idm.net.au, the Gartner study finds that organizations are increasingly adopting cloud solutions rather than on-premises ECMs. Software as a service (SaaS) remains the biggest segment of the cloud market, with global revenue predicted to grow 17.8% to reach $85.1 billion in 2019. “The increasing adoption of SaaS applications and other cloud services impacts the management, dissemination and exploitation of enterprise content,” said Craig Roth, research vice president at Gartner. While SaaS…
Read Article

California Gov. Jerry Brown has signed two bills that are designed to make manufacturers of Internet-connected devices more responsible for ensuring the privacy and security of Californians, as reported on GovTech.com. The bills require manufacturers to equip connected devices with a “reasonable security feature or features” that are appropriate to their nature, function, and the information they may collect, contain, or transmit. The security features must be designed to protect the device and its information from “unauthorized access, destruction, use, modification or disclosure.” The laws define a connected device as one with an Internet protocol (IP) or Bluetooth address that…
Read Article

Law.com reports on a web seminar hosted by The Sedona Conference® international electronic information management, discovery and disclosure working group, which looked at how e-discovery professionals and courts are subject to the EU General Data Protection Regulation (GDPR). Importantly, the panel suggested that the wide scope of what the GDPR considers to be personally identifiable information makes it probable that any EU data collection conducted by U.S. attorneys would have to comply to GDPR standards. In the data-gathering phase at pretrial, bulk collection would not be advisable because counsel must comply with GDPR protocol even when merely transferring data to…
Read Article

TechRepublic.com cites a recent report from a security company that suggests cyber attacks continue to increase in occurrence. The report, from Positive Technologies, says that the second quarter of 2018 saw a 47% increase in cyber attacks when compared to the same period in 2017. Targeted attacks outnumbered mass campaigns, which indicates a growing sophistication among the cybercrooks. Increasingly, data theft is driving the attacks, with many criminals seeking personal data (30%), credentials (22%), and payment card information (15%). Hackers are compromising online platforms, e-commerce sites, online ticketing systems, and hotel booking sites, according to the report. “Cyber-attacks in Q2…
Read Article

In a Washington Post op-ed piece, Neema Singh Guliani, senior legislative counsel at the American Civil Liberties Union (ACLU), warns that the growing push for federal privacy legislation is bad news for consumers. Guliani cites several examples of how states are leading the efforts to protect consumer privacy, including California’s recent consumer privacy act and the Illinois law that sets limits on the commercial collection and storage of biometric data. According to Guliani, the U.S. Chamber of Commerce and lobbying organizations that represent Amazon, Airbnb, Google, Microsoft, and many other digital behemoths are urging Congress to adopt a federal privacy…
Read Article