Two more companies will conduct drone operations beyond visual line of sight (BVLOS). Recently, the Federal Aviation Administration (FAA) approved UPS Flight Forward and uAvionix for this type of operation in national airspace. UPS Flight Forward plans to conduct BVLOS drone operations for small-package delivery using a ground-based surveillance system. UPS Flight Forward will conduct
Latest from Data Privacy + Security Insider - Page 2
State Legislatures Eye AI Regulation
A growing number of states have enacted laws this year to study artificial intelligence (AI), ahead of possible legislative action to address expected threats to jobs, civil liberties, and property rights with the emerging technology. The specific goals of these committees have varied. For instance, Minnesota is studying how intelligence sharing with AI might enable
AI and Audits: Proposed CCPA Regulations Up for Discussion
On September 8, 2023, the California Privacy Protection Agency (CPPA) will discuss the two new sets of proposed California Privacy Protection Act (CCPA) regulations. Here is a breakdown of the two new proposed regulations and issues up for discussion:
Auditing Requirements: If a business processes data that poses a “significant risk to consumers’ security” then
CISA Alert: VMware Releases Security Update—Patch VMware Tools Now
VMware provides multi-cloud services, products, and solutions for its customers, including VMware Tools. On September 1, 2023, VMware released a security update for a vulnerability in VMware Tools. According to the Cybersecurity Infrastructure Security Agency (CISA), “A cyber threat actor can exploit this vulnerability to obtain sensitive information.”
In the alert, CISA “encourages users
Joint Commission Issues Alert on Patient Safety After a Cyber-Attack
On August 15, 2023, the Joint Commission issued a Sentinel Event Alert entitled “Preserving patient safety after a cyberattack,” which provides “tips on what organizations can do to prepare to deliver safe patient care in the event of a cyberattack.”
The Alert outlines the growth of cyber-attacks and information system breaches in the
Privacy Tip #371 – Internet Safety Guide for Seniors
I was talking to a client today about a security incident and the discussion turned to how threat actors are using increasingly more sophisticated ways to attack individuals and companies. She lamented that we know more than the average individual about how they implement attacks, but she worries about her mother, who is frequently online.
Congress Considers Kids Online Safety Act Amid Concerns from Activists
The Kids Online Safety Act (KOSA) of 2023 is circulating Congress with bipartisan support. According to bill sponsors Senator Richard Blumenthal (D-CT) and Marsha Blackburn (R-TN), KOSA would require social media companies to develop enhanced parental controls for online platforms.
Additionally, and much more controversially, KOSA creates a duty for online platforms to prevent and
Advocate Aurora Health to Pay $12.25 Million Settlement for Data Breach Class Action
In October 2022, Advocate Aurora Health notified three million individuals of a data breach resulting from its use of tracking pixels on its website for tracking website visitor activity. Now, this month, Advocate Aurora Health settled a class action stemming from that data breach for $12.25 million.
In its breach notification to patients, Advocate Aurora
Seven States Have Upcoming Privacy Laws
State privacy laws are changing rapidly in the U.S. Here are summaries of seven new state laws that have been enacted and go into effect in the next few years. We anticipate that more state legislatures will continue to enact privacy laws to protect consumers due to the absence of a federal privacy law.
Under
CISA Issues Four More Industrial Control Systems Advisories
On August 22, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) issued four more advisories related to industrial control systems. The advisories are applicable to four different industrial control products, explain the risk of the vulnerability (e.g., “successful exploitation of these vulnerabilities could allow an attacker to compromise availability, integrity, and confidentiality of the targeted