Cybersecurity – Cyber Law Watch

FTC Bans Rite Aid from Using AI Facial Recognition Without Reasonable Safeguards

Jan 02 2024

By Whitney E. McCollum and Eric F. Vicente Flores

The Federal Trade Commission (FTC) issued a first-of-its-kind proposed order prohibiting Rite Aid Corporation from using facial recognition technology for surveillance purposes for five years.

The FTC alleged that Rite Aid’s facial recognition technology generated thousands of false-positive matches that incorrectly indicated a consumer matched the identity of an individual who was suspected or accused of wrongdoing. The FTC alleged that false-positive matches were more likely to occur in Rite Aid stores located in “plurality-Black” “plurality-Asian” and “plurality-Latino” areas. Additionally, Rite Aid allegedly failed to take reasonable measures to prevent harm to consumers when deploying its facial recognition technology. Reasonable measures include: inquiring about the accuracy of its technology before using it; preventing the use of low-quality images; training or overseeing employees tasked with operating the facial recognition technology; and implementing procedures for tracking the rate of false positive matches.

California Privacy Protection Agency Proposes Draft Rules for Automated Decision Making, Including Artificial Intelligence

Dec 07 2023

By Eric Vicente Flores and Michael Stortz

Executive Summary: The California Privacy Protection Agency has proposed a new set of draft regulations that aim to regulate the use of artificial intelligence and automated decision making technology. These regulations will be discussed alongside other draft regulations the agency has previously proposed regarding risk assessments and cybersecurity assessments. The three sets of draft regulations will be discussed at the agency’s meeting on 8 December.

California Proposes Cybersecurity Requirements for Businesses

Oct 11 2023

By: Eric Vicente Flores, Avril Love, and Whitney McCollum

In recognition of Cybersecurity Awareness Month in the US, we will be bringing awareness to relevant 2023 cybersecurity updates each week.

On 28 August, the California Privacy Protection Agency (CPPA) published draft regulations regarding risk assessments and cybersecurity audits for consideration at the Board’s September meeting. The draft regulations precede the formal rulemaking process, but provide insight into CPPA’s current priorities.

May 04 2023

By Cameron Abbott, Rob Pulham and Stephanie Mayhew

Given the current privacy reform and cyber threat environment, the question we get asked a lot is – what are the privacy risks that should be assessed in our organisation and how do we prioritise these? Unfortunately this isn’t always a ‘one size fits all’ answer but there are some basic matters you can check as to whether your organisation is considering privacy risks proactively.

May 03 2023

By Cameron Abbott, Rob Pulham, Stephanie Mayhew and Dadar Ahmadi-Pirshahid

The APPs require organisations to “take reasonable steps to implement practices, procedures and systems that ensure compliance with the APPs”. Putting your mind to privacy after a data breach or complaint is very much shutting the stable door after Phar Lap has bolted (good luck getting him back!)

Good privacy management starts with a good privacy culture in your organisation. Recommended steps to develop this include:

May 02 2023

By Cameron Abbott, Rob Pulham, and Stephanie Mayhew

With the cyber threat landscape significantly evolving, we are seeing companies – large and small – experience attacks. Recent high-profile attacks have shown that these breaches are alarming, targeting a range of sectors. With millions of Australians more concerned about their privacy than ever before, the federal government is making privacy a priority with the Attorney-General’s Department recently releasing 116 recommendations to amend the Privacy Act. The federal government has also made proposals to consider a new Cyber Security Act and strengthen existing laws around this space.

May 01 2023

By Cameron Abbott, Rob Pulham, and Stephanie Mayhew

The theme of this year’s Privacy Awareness Week (PAW) is “back to basics”. It’s fitting to consider some lessons arising from recent high-profile breaches affecting millions of Australians, and the consistent messages we’ve been hearing from the Australian Information Commissioner in the midst of those incidents.

Data breaches can happen to anyone. We know cyberattacks can be big business, and sophisticated criminal networks make a good living from these. And if your organisation has taken reasonable steps to avoid or mitigate such breaches, the fact you’ve encountered one will not, of itself, be held against you.

Apr 27 2023

By Cameron Abbott, Rob Pulham, Stephanie Mayhew and Dadar Ahmadi-Pirshahid

We saw last year how low hackers are willing to stoop to shame companies into paying ransoms, including leaking sensitive information aimed at embarrassing individuals affected by data breaches. As a result we also saw prominent calls for ransom payments to be ‘banned’, to reduce the financial incentives for hackers to target Australians’ personal information.

We are now hearing the flipside to that argument, with AGL Energy warning that a government-imposed ban on companies paying cyber ransoms to hackers could cause “catastrophic damage”.

Tag:Cybersecurity

FTC Bans Rite Aid from Using AI Facial Recognition Without Reasonable Safeguards

California Privacy Protection Agency Proposes Draft Rules for Automated Decision Making, Including Artificial Intelligence

California Proposes Cybersecurity Requirements for Businesses

Privacy Awareness Week Part IV – Privacy Priorities

Privacy Awareness Week Part III- The importance of being privacy prepared

Privacy Awareness Week Part II- Get in the know and get privacy right

Privacy Awareness Week Part I- The state of play

Proposed cyber ransom bans predicted to cause “catastrophic damage”