Washington is Very Busy Before Jan 20th
It is interesting how “productive” the folks in DC can be when they want to.
But I ask what have you been doing for the last four years.
Getting my whining out of the way, there is a lot of stuff happening in this last week of the outgoing administration.
The Federal Trade Commission handed GM a five ban on selling sensitive drive information to data brokers. After that, I guess, they are free to get back to selling it. More important, GM is prohibited from misleading (also known as lying to) consumers about how it collects, uses and shares their data and to begin obtaining explicit affirmative consent before collecting the data. They were collecting your precise location data every three seconds and selling it. Credit: The Record
The data sold includes longitude, latitude, (to within 4.5 inches), elevation, heading, speed, date, time, trip identifier to link multiple events together. The location could be linked to the car’s VIN. At one point they were even selling what radio station you were listening to.
The Federal Trade Commission updates children’s Online Privacy regs (COPPA). COPPA will now require opt-in consent from parents who will have to specifically authorize targeted advertising. It also sets time limits for saving kid’s data. The incoming FTC chair voted FOR this rule, but then covered his butt by issuing a statement that said he disagreed with elements of the rule he just voted for like data retention limits and parental approval, so who know what will happen. It takes effect in 60 days. Credit: The Record
And finally, the FTC sued GoDaddy for lying about their security practices. GoDaddy will be required to actually implement security practices in response to breaches and misleading consumers at least since 2018. Many GoDaddy customers are small businesses with very limited cybersecurity knowledge, which made it easy for GoDaddy to spout lies unchallenged. According to the FTC’s complaint, GoDaddy’s unreasonable security practices included failing to use multi-factor authentication (MFA), manage software updates, log security-related events, segment its network, monitor for security threats (including by failing to use software that could actively detect threats from its many logs), and use file integrity monitoring. Other than that, GoDaddy is perfect. Credit: Bleeping Computer
If you need any assistance after reading this, please contact us.
by 