The rise of data breaches, along with an expanding raft of regulations (now numbering 80 different regional regimes, and growing) have thrust data protection — having legal and compliant ways of handling personal user information — to the top of the list of things that an organization needs to consider when building and operating their businesses.Now a startup called InCountry, which is building both the infrastructure for these companies to securely store that personal data in each jurisdiction, as well as a comprehensive policy framework for them to follow, has raised a Series A of $15 million.The funding is coming in just three months after closing its seed round — underscoring both the attention this area is getting and the opportunity ahead.The funding is being led by three investors: Arbor Ventures of Singapore, Global Founders Capital of Berlin, and Mubadala of Abu Dhabi.Previous investors Caffeinated Capital, Felicis Ventures, Charles River Ventures, and Team Builder Ventures (along with others that are not being named) also participated.Peter Yared, the CEO and founder, pointed out in an interview the geographic diversity of the three lead backers: he described this as a strategic investment, which has resulted from InCountry already expanding its work in each region.
One German state has told schools it's now illegal to use Microsoft Office 365 under data protection laws.The Hesse Office for Data Protection and Information Freedom ruled that using the cloud platform could expose student and teacher personal information to access by US officials.The decision follows several years of debate in Germany over whether Microsoft software should be used in schools, CNET sister site ZDNet reported, due to the company's practice of sending user and telemetry data back to the US.It also comes after Microsoft closed down a German cloud service, which had originally caused Hesse to allow Office 365 to be used in local schools.Investigators in the Netherlands last year found that the data being transmitted by Microsoft Office 365 could include sentences from documents and email subject lines, in addition to the usual software diagnostics.This is a breach of the European Union's General Data Protection Regulation, the Netherlands said.
To read the full article, simply click here to claim your deal and get access to all exclusive Business Insider PRIME content.OneTrust, a data privacy and compliance startup, announced on Thursday that it raised $200 million in Series A funding from Insight Venture Partners.Richard Wells, the Managing Director at Insight Venture Partners that led the deal, told Business Insider he had confidence in the valuation after seeing first-hand the leadership team in action at their previous venture, AirWatch.Kabir Barday, founder and CEO of OneTrust, told Business Insider that the valuation comes partly from opportunities among organizations that were slow to catch on to new data privacy regulations like Europe's GDPR and California's CCPA.Perhaps not coincidentally, the OneTrust executive team is largely comprised of early AirWatch employees— OneTrust co-chairman Alan Dabbiere was also a founder at AirWatch, while CEO Kabir Barday was a product manager.Another thing the two companies have in common: They were both bootstrapped, meaning the founders used their own money to finance the company until it got off the ground.
GDPR, and the newer California Consumer Privacy Act, have given a legal bite to ongoing developments in online privacy and data protection: it’s always good practice for companies with an online presence to take measures to safeguard people’s data, but now failing to do so can land them in some serious hot water.Now — to underscore the urgency and demand in the market — one of the bigger companies helping organizations navigate those rules is announcing a huge round of the funding.OneTrust, which builds tools to help companies navigate data protection and privacy policies both internally and with its customers, has raised $200 million in a Series A round of funding led by Insight that values the company at $1.3 billion.Its Privacy Management Software helps an organization manage how they collect data as well as generate compliance reports in line with how a site is working relative to different jurisdictions.The third is a larger database and risk management platform that assesses how various third-party services (for example advertising providers) work on a site and where they might pose data protection risks.These are all provided either as a cloud-based software as a service, or an on-premises solution, depending on the customer in question.
With the California Consumer Privacy Act (CCPA) taking effect next January, and a shifting regulatory landscape around data sovereignty and localization globally, opportunities for third parties that help with compliance are on the rise.One of those companies is OneTrust, a data privacy management compliance platform that was set up to help businesses adhere to the growing array of regulations, including GDPR and CCPA.Today, OneTrust announced its first round of funding since it was founded in 2016 — a gargantuan $200 million series A from Insight Partners that values the startup at a hefty $1.3 billion.The OneTrust privacy management platform offers a range of tools and services, including a template-based self-assessment tool that enables companies to see where they’re at in terms of compliance with GDPR, Privacy Shield, and more.A questionnaire template enables companies to collate information about how personal data is being collected — including the purpose, processes, and how it’s stored and transferred.Elsewhere, OneTrust’s platform offers various tools for marketers, including cookie compliance, mobile app compliance, and consent management, and it also provides third-party risk-management and breach response tools.
The Information Commissioner’s Office (ICO) has warned that any organisation using facial recognition technology, and who then scan large databases of people to check for a match, is processing personal data.And the Information Commissioner had a stark warning to the police who are using the tech to identify individuals, saying “the potential threat to privacy that should concern us all.”Her warning came after a study last week found that 81 percent of ‘suspects’ flagged by Met’s police facial recognition technology are innocent, and that the overwhelming majority of people identified are not on police wanted lists.The Information Commissioner Elizabeth Denham in a blog post pointed to the use of live facial recognition (LFR) technology by South Wales Police, who in 2017 used facial recognition software at the Champions League Final in Cardiff to scan the face of every fan attending the game.The use of facial recognition systems by South Wales police in shopping centres is also currently under judicial review, and Denham has previously criticised “a lack of transparency about its use”.“But these trials also represent the widespread processing of biometric data of thousands of people as they go about their daily lives.
“It was crucial for me, as the regulator, to intervene to advise the court about the data protection issues in play.”The Information Commissioner Elizabeth Denham fired a warning shot across the bow of the UK’s police forces today, saying that use of live facial recognition (LFR) technology constitutes the processing personal data and that police must conduct a data protection impact assessment for each new deployment.It is the second stern comment from the Commissioner that suggests significant disquiet about the potential for unchecked roll-out of facial recognition technology in public spaces.In a May 2018 post she said: “Should my concerns not be addressed I will consider what legal action is needed to ensure the right protections are in place.”Highlighting the Metropolitan Police’s and South Wales Police’s recent use of LFR technology today, the Commissioner clearly outlined that any organisation using software that can recognise individuals in crowds is processing personal data.She wrote that police forces must:
The U.K. data protection authority said it will serve hotel giant Marriott with a £99 million ($123M) fine for a data breach that exposed up to 383 million guests.Marriott revealed last year that its acquired Starwood properties had its central reservation database hacked, including five million unencrypted passport numbers and eight million credit card records.The breach dated back to 2014 but was not discovered until November 2018.Marriott later pulled the hacked reservation system from its operations.The U.K.’s Information Commissioner’s Office (ICO) said its investigation found that Marriott “failed to undertake sufficient due diligence when it bought Starwood and should also have done more to secure its systems.”The breach affected about 30 million residents of European Union, according to the ICO, which confirmed the proposed fine in a statement Tuesday.
TikTok Investigated Over Children’s Data Privacy – PandailyWhat happened: Regulators in the UK are investigating how short video app TikTok handles the personal data collected from young users and whether it prioritizes children’s safety on the platform, Pandaily reported.The investigation started in February, following the $5.7 million dollar fine that the US Federal Trade Commission (FTC) imposed on the app for collecting personal information from users under 13.According to the report, while TikTok’s main user base is comprised of 16- to 24-year-olds, evidence indicates that many of them are under 13 and shouldn’t be allowed on the app, according to its rules.Why it’s important: Since the FTC fine, TikTok has revised its user agreement, limiting those under 13 to an ecosystem where they can only watch age-specific videos and removing almost all other in-app functionalities.The restrictions, however, can be easily circumvented by entering fake birth dates.
Italy’s data protection watchdog has issued Facebook with a €1 million (~$1.1M) fine for violations of local privacy law attached to the Cambridge Analytica data misuse scandal.Last year it emerged that up to 87 million Facebook users had had their data siphoned out of the social media giant’s platform by an app developer working for the controversial (and now defunct) political data company, Cambridge Analytica.The offences in question occurred prior to Europe’s tough new data protection framework, GDPR, coming into force — hence the relatively small size of the fine in this case, which has been calculated under Italy’s prior data protection regime.(Whereas fines under GDPR can scale as high as 4% of a company’s annual global turnover.)Reached for comment a Facebook spokesperson said: “We have said before that we wish we had done more to investigate claims about Cambridge Analytica in 2015.Dr Kogan only shared data with Cambridge Analytica in relation to US users.
Information security is a massive concern for anyone who has data stored online or in an online-accessible device.Surely there are whole teams of government agents in dark rooms coming up with laws and regulations to protect hapless consumers from the perils of big data and the black hat hackers that seek to profit from it, right?I do this whole "knowing about cars" thing for a living, and I was shocked at how little I actually knew about data privacy.Thankfully, the folks from CarGurus have decided this is all scary enough to warrant further research.Their new study is a significant step toward protecting information where your vehicle is concerned.I did and holy hell, it was a sobering thing.
The UAE is looking at implementing a data protection law, similar to EU’s introduction of General Data Protection Regulation (GDPR) in 2008, as part of the UAE National Cybersecurity Strategy.TRA has launched the 2020-2025 strategy as the country is entering the fifth-generation era in a bid to enable swift and coordinated response to cyber incidents in the UAE.We want to make sure that whatever regulations are put, are easy to be implemented across different sectors,” Mohammad Al Zarooni, Director of Policies and Programs Department at Telecommunications Regulatory Authority (TRA) of the UAE, told TechRadar Middle East, at an event.Bahrain has launched its Personal Data Protection Law and more countries in the region are expected to follow.GDPR has a ceiling of 4% of global annual revenues or up to 20,000 euros if a breach is not reported within 72 hours.Moreover, he said that there are some talks about a unified GCC law but “I believe that most of the regulations worldwide will be more or less the same, some will be more stringent and some will be relaxed.
In what sounds like a knock-out blow for highly invasive data-driven ads, the Information Commissioner’s Office (ICO) concludes that systematic profiling of web users via invasive tracking technologies such as cookies is in breach of U.K. and pan-EU privacy laws.“The adtech industry appears immature in its understanding of data protection requirements,” it writes.“Whilst the automated delivery of ad impressions is here to stay, we have general, systemic concerns around the level of compliance of RTB.”As we’ve previously reported, multiple complaints have been filed with European regulators arguing that RTB is in breach of the pan-EU General Data Protection Regulation (GDPR), including the ICO.The U.K. watchdog has not yet issued a formal legal decision against RTB.Its full list of conclusions is well worth reading — so we’ve pasted it below, along with our own “plainer English” paraphrasing of what’s actually being said (formatted in italics):
As businesses continue to move more of their computing and data to the cloud, one of the startups that has made a name for itself as a provider of cloud-based solutions to protect and manage those IT assets has raised a big round of funding to build its business.Druva, which provides software-as-a-service-based data protection, backup and management solutions, has raised $130 million in a round of funding that CEO and founder Jaspreet Singh says takes the company “well past the $1 billion mark” in terms of its valuation.The funding is being led by Viking Global Investors, the hedge fund and investment firm, with participation from two other new investors, Neuberger Berman and Atreides Capital; and existing investors including Riverwood Capital, Tenaya Capital, and Nexus Venture Partners (who were part of Druva’s last round of $80 million in 2017).Although he would not disclose revenues, he said it’s now in a strong position to consider going public as its next step (or finally entertaining one of the many acquisition offers Singh admitted Druva gets).Spurred by a number of factors — the unfortunate rise of malicious hacking and data breaches, a massive wave of computing services that are creating mountains of data that can now be parsed for insights, and a big move to cloud computing — the data protection industry is booming, with IDC predicting that it will collectively be worth $55 billion by 2020.Singh points out that others looking to provide services in the same area include huge incumbents like CommVault and IBM, as well as newer entrants like Rubrik (itself on something of a fundraising tear in the last few years to capitalise on the same opportunity).
It gathers all sorts of information, from where you've been to whom you've talked to and what music you like, and police are able to get all of that information without a warrant.The American Civil Liberties Union is set to argue on Wednesday that police must obtain a warrant to access data collected by cars.As technology's reach has expanded and changed the scope of how much personal information gets collected about a person, laws have lagged behind, leaving privacy rights in limbo for years.At the US borders, patrol agents are still able to search people's devices without a warrant, and it was only in 2014 when the Supreme Court ruled that police need to get warrants to search our phones."This is yet another case that calls on a court to decide whether older doctrines from before the digital age should be extended to new kinds of intrusions on people's personal data," ACLU attorney Nathan Freed Wessler said.The computer in a vehicle's infotainment system collects data including your location history, your phone contacts, songs you've listened to, video from inside the car and text messages.
Spain's top professional football league, La Liga, has been fined $284k by the country's data protection agency for using the league's mobile app to spy on its fans.The app, which has been downloaded on millions of devices, was reportedly used by La Liga to monitor bars showing football matches in an effort to catch establishments that showed games on television without a license.Fans that downloaded the app did so to stay up to date with schedules, player rankings, statistics and league news but few realized that it also was able to determine when and where they're watching games.The Spanish newspaper El País reported that the league informed authorities that the app detected when users were in bars and would then use the microphones on their smartphones to record audio.By using a technology similar to the app Shazam, the La Liga app would then use the recording to determine if the user was watching a soccer game.If so, officials would use the location of their device to determine if the bar they were in had a license to play the game.
Spain’s data protection agency has fined La Liga, the nation’s top professional football league, €250,000 (£222,000) for using the league’s phone app to spy on its fans.With millions of downloads, the app was reportedly being used to surveil bars in an effort to catch establishments playing matches on television without a license.According to Spanish newspaper El País, the league told authorities that when its apps detected users were in bars the apps would record audio through phone microphones.The apps would then use the recording to determine if the user was watching a football match, using technology that’s similar to the Shazam app.If a game was playing in the vicinity, officials would then be able to determine if that bar location had a license to play the game.Though La Liga admitted the app did record through users’ phones, the league insisted the users had the option to opt-out of allowing the app to track phone location and access the microphone.
Spain’s data protection agency has fined the country’s soccer league, LaLiga, €250,000 (about $280,000) for allegedly violating EU data privacy and transparency laws.The app, which is used for keeping track of games and stats, was using the phone’s microphone and GPS to track bars illegally streaming soccer games, Spanish newspaper El País reported.Using a Shazam-like technology, the app would record audio to identify soccer games, and use the geolocation of the phone to locate which bars were streaming without licenses.El Diario reports that fans have downloaded that app more than 10 million times, essentially turning them into undercover narcs.The league claims that the app asks for permission to access the phone’s microphone and location, and that the data — which is received as a code, not audio — is only used to detect LaLiga streams.The app does explain in the terms of service that by giving the app permission, users are consenting to LaLiga using their phones to detect fraudulent behavior, like pirated soccer games.
Regardless of where in the world you work, every business today needs an understanding of global privacy regulations like GDPR, and how to comply with them.Over one year on from GDPR’s inception many businesses are struggling to implement data strategies that help them to meet this challenging regulation; however, with the potential risks and loss of customer trust that you jeopardise by not safeguarding your customers’ data, now is the time to act.The data that is held by businesses, especially unstructured data, can often become messy due to the fact that everyone who can access it has the ability to use it, copy it and change it.Data mapping – pinpointing personal data, its content and its risk profile – helps stakeholders to understand the ‘before and after’ of a breach, which in turn helps to predict where a loss could occur and the potential impact this could have.There are going to be incidents no matter what, so the data protection team needs to plan for the worst, as the regret of knowing you didn’t do everything you could is very unpleasant indeed.Education remains the most important factor to consider when working towards GDPR compliance.
Location data helps deliver services to consumers where and when they want it.Given recent data breaches, there are many concerns that location data can infringe on consumers' privacy.For companies, it optimizes fleet routes and provides visibility along every mile of the supply chain.For advertisers, it zeroes in on appropriate customers so that they don't waste their money or consumers' time blasting messages to the wrong people at the wrong time in the wrong place or advertising channel.Sharing and analyzing location data can make life more pleasant and efficient, and as data accumulates, software developers will find new ways to combine and share it — developing services that are more meaningful to users.But by combining their data with other information from publicly available sources and social media, it's possible to discover people's identities and learn about their habits.