Privacy newsletter - August 11, 2020

Welcome to the latest edition of the Privacy Insider Newsletter. Each week, we send you the latest and smartest news in the world of data privacy.

Here are the top stories from last week you might have missed:

1. Research from IBM found that the data breaches cost an average of $3.9 million. When more than 50 million records are breached, the average cost increases 100-fold to $392 million on average. The report found that malicious attacks caused 52% of breaches, and companies take an average of 280 days to contain a breach. Link
2. Arlo Gilbert, Osano's Co-Founder and CEO, published an op-ed with the International Association of Privacy Professionals on the relationship between privacy practices and data breaches. "In our new report, we outline what we have found is a direct and hard-to-ignore link between an organization's privacy posture and the likelihood of a publicly reported breach in the last 15 years." Link
3. Capital One has been fined $80 million for the 2019 hack of 100 million credit card applications. The hack was announced long ago, but U.S. regulators have taken longer to impose a punishment. Given the correlations between breaches and poor privacy practices, it's noteworthy that Capital One's privacy practices were quite poor at the time of the hack, but have since improved significantly. Capital One highlights their improved practices following the breach in response to the fine. Link
4. Two U.S. senators introduced a federal biometric privacy act. The bill would regulate companies collecting biometric privacy information, preventing them from doing it without consent. Currently, only a handful of states have biometric privacy protections in place. Link
5. More than 20 gigabytes of Intel's source code and proprietary data was dumped online. Researchers believe that Intel knowingly provided information to third parties under an NDA. Third-party breaches are an increasingly common form of a data breach, and some estimate they're responsible for two of every three incidents. Link
6. A class-action lawsuit was filed against Google, claiming that the search engine's privacy controls are fake. According to the suit, Google spies on users and sells private information even after consent was revoked or never granted in the first place. That's another ding for a company that already has a poor reputation for privacy. Link
7. Therapy startup Talkspace is under scrutiny for their privacy practices following an expose by the New York Times. Conversations between users and therapists were routinely reviewed and mined for insights. For instance, data scientists would share common phrases from clients' transcripts with the marketing team so that it could better target new customers. Link