Privacy newsletter - August 25, 2020

Welcome to the latest edition of the Privacy Insider Newsletter. Each week, we send you the latest and smartest news in the world of data privacy.

Here are the top stories from last week you might have missed:

1. Dozens of companies are facing attacks similar to the one that hit Twitter last month. Twitter publicized the methods hackers used to access their internal company tools to promote a bitcoin scam in mid-July. Known as "phone spear phishing," hackers call up staffers using false identities and convince employees to give up sensitive information. The attention around that attack has led to many copycats. Link
2. U.S law enforcement agencies are getting savvier about employing evidence from smart speakers and other connected devices as part of criminal investigations. Speaker, smart home, and wearable data has become an increasingly common part of investigations over the past five years. Police use smart speaker activity logs to verify a suspects' alibis at the time of a crime and are stitching data from multiple internet-enabled devices to triangulate location. Link
3. The Content Marketing Institute spoke to Osano's CEO, Arlo Gilbert, about using consent management to build trust. Lessons you learned in kindergarten can be a useful guide when thinking about how to handle data privacy at your organization: Always ask permission before taking something that belongs to someone else, tell a user where you got something if they ask, and return the item if someone asks for it back. Privacy doesn't have to be complicated! Link
4. As many students get ready to return to school virtually, numerous questions about data privacy and learning are still unresolved. It isn't clear if teachers can mandate keeping cameras on or if a video can be securely captured and stored. The rules meant to protect students from improper surveillance weren't written with a global pandemic in mind. Link
5. Facebook won preliminary approval for the settlement of a lawsuit that claimed it illegally collected and stored biometric data of millions of users without their consent. The updated settlement value is $650 million, $100 million more than was previously offered by the social media company. Facebook allegedly violated Illinois' Biometric Information Privacy Act, which has been a continual issue for companies developing facial recognition software. Link
6. Criminal charges were filed against Uber's former head of security. Joe Sullivan was charged with two felonies: for withholding information about a 2016 data breach involving 57 million records and negotiating a $100,000 "hush money" payment. Sullivan even convinced the hackers to sign nondisclosure agreements. Link