Privacy newsletter - March 10, 2020

Welcome to your latest edition of Osano's Privacy Insider Newsletter! Each week, we send you the latest information you need to know from the world of data privacy. 

In this edition: two more states in the US are moving to enact their own privacy bills, more companies experience the financial consequences from lax data practices, and employers struggle to balance employee health data privacy and safety amid the COVID-19 outbreak. 

Stay safe out there!

Here are the top stories from last week that you might have missed:

New Jersey Lawmakers Push Data-Privacy Bill - New Jersey legislators are proposing a bill to strengthen data protections and impose tougher restrictions on the tech industry, potentially following in the footsteps of privacy laws passed in California and Europe.

‘Consumer Data Privacy Act’ Introduced in Mississippi With Expansive Coverage - Legislators in Mississippi recently introduced SB 2548, the “Mississippi Consumer Data Privacy Act.” The legislation would provide consumers the right to know and request deletion of personal information collected about them and to opt-out of the sale of their personal information.  It includes CCPA-like requirements for submitting, receiving and verifying consumer requests.

Cathay Pacific Fined $639,000 in U.K. Over Data-Security Lapses - Cathay Pacific Airways Ltd. was fined 500,000 pounds ($639,000) by the U.K.’s privacy watchdog for failing to protect customers’ data due to security lapses lasting nearly four years. The penalty is the highest the U.K. authority could levy under old rules that were replaced in May 2018 with tougher measures boosting regulators’ fining powers.

Judge Finalizes Quest Diagnostics Settlement Over 2016 Data Breach - The US District Court in New Jersey issued a final approval of a class-action lawsuit settlement between Quest Diagnostics and the patients impacted by a 2016 data breach. The testing giant will pay $195,000 to resolve claims the data of 34,000 patients were compromised during the hack.

Home genealogy kit sales plummet over data privacy concerns - The two leading direct-to-consumer DNA testing companies in North America, 23andMe and Ancestry.com, announced within a week of each other that they were laying off a significant proportion of their workforce as a result of a steep drop in sales.

Decentralized connectivity network Nodle acquires data privacy/security startup Brickchain - Nodle, the decentralized network provider, has announced the acquisition of Brickchain.com for an undisclosed amount in equity and Nodle Cash. With this acquisition, Nodle is now able to provide Internet of Things (IoT) manufacturers, large enterprise customers, and Smart Cities compliance with GDPR and CCPA data privacy regulations and a more secure IoT network. 

Maintaining Employees’ Privacy During a Public Health Crisis - As coronavirus disease 2019 (COVID-19) continues to spread, employers have been trying to strike a balance between safety and privacy as they apply their own policies and attempt to follow laws such as the General Data Protection Regulation (GDPR) in the European Union and the Health Insurance Portability and Accountability Act of 1996 in the United States.