California Enacts “Delete Act” For Data Privacy
Governor Newsom signed the first US bill requiring data brokers to delete personal data upon request
Privacy concerns how laws and norms govern personal data, shaping cybersecurity duties for collection, storage, access, and disclosure.
Search across headline titles and summaries.
Background for this topic.
Privacy is the ability of people to control how information about them is collected, used, retained, and disclosed. In technical and legal contexts, it covers identifiable data and data that can support inferences about a person, not only information made public. Privacy rules and organizational policies commonly address purpose, transparency, access, correction, retention, and sharing.
For security practitioners, privacy depends on reducing unnecessary data and restricting legitimate access: data minimization, encryption, least-privilege controls, segregation of identifiers, retention limits, and audit logs all reduce exposure. Compromised credentials, misconfigured storage, excessive telemetry, or third-party access can reveal sensitive information; pseudonymized datasets may also be re-identified when combined with other data. During an incident, teams must establish what personal data was accessed or disclosed, contain further exposure, preserve evidence, and meet applicable notification and handling requirements.
Governor Newsom signed the first US bill requiring data brokers to delete personal data upon request
Evasive malware disguised as a caching plugin allows attackers to create an admin account on a WordPress site, then take over and monetize sites at the expense of legitimate SEO and user privacy.
Microsoft Copilot introduces potential privacy risks as it can have full access to your organization's documents, email, contacts, chats, and calendar. Learn more from Varonis about Microsoft Copilot's security model works and the privacy risks associated with using it. [...]
Britain's privacy watchdog still not happy that agreement 'appropriately' protects sensitive data Opinion The UK Extension to the EU-US Data Privacy Framework (aka Data Bridge) will enter into force on October 12, allowing certifying entities to easily transfer personal data from the UK to the US.…