Hello all, and happy Thursday!
A few stories in our newsletter this week highlight the perpetually underestimated risk of being victim to a data breach. Specifically, the American Bar Association (ABA) suffered a data breach (and is, of course, being sued). T-Mobile also suffered another data breach this year, marking its eighth breach since 2018.
It’s funny—data breaches have become so common that they almost fly under the radar. In the recently released Internet Crime Report, the FBI’s Internet Crime Complaint Center (IC3) stated they received a total of 800,944 reported crime complaints in 2022, with associated losses exceeding $10.3 billion. Because these breaches are so common, we’ve almost become desensitized to them.
And even though it feels like being kicked when you’re down, data breaches are a trigger for lawsuits and data privacy enforcement action. They serve as evidence that personal data was mishandled, whether through excessive collection and retention or a lack of sufficient protection. That’s the focus of the ABA class action lawsuit—the plaintiffs allege that the ABA “grossly fail[ed] to comply with security standards.”
Unfortunately, there will never be an end to cybercrime, nor a blanket solution to protecting yourself. Malicious actors develop new techniques every year, so the only recourse to continuously develop new defenses and mitigation strategies to protect your and your consumers’ data.
Best,
Arlo
UK ICO Updates Guidance on Artificial Intelligence and Data Protection
The UK’s Information Commissioner’s Office (ICO) recently released a set of best practices for data protection-compliant AI as well as information on how it interprets data privacy law in the context of AI. The guidance is not legally binding but does provide useful insights into how to use AI ethically and how future laws regulating AI might unfold.
EU MEPs Adopt Resolution Against Adequacy Decision Of The EU-U.S. Data Protection Framework
Members of the European Parliament (MEPs) have recommended that the EU Parliament not grant the EU-U.S. Data Protection Framework an adequacy decision that would allow for the flow of personal data from the EU to the U.S. without the use of standard contractual clauses, binding corporate rules, or another lawful method of transfer.
ChatGPT Resumes Service in Italy After Adding Privacy Disclosures and Controls
Although a local probe of ChatGPT’s compliance with Italy’s data protection rules continues, the AI chatbot has resumed service in Italy. Now, Italian users are presented with a popup asking for confirmation that they are 18+ (or 13+ with consent from a parent or guardian) as well as links to OpenAI’s Privacy Policy and an article on how OpenAI develops and trains ChatGPT. These new disclosures and controls, among other changes, address the bulk of Italian authorities’ objections.
American Bar Association Accused of Data Breach Affecting 1.4 million people
In a class action lawsuit, the American Bar Association (ABA) has been accused of “grossly fail[ing] to comply with security standards” and causing a data breach that affected approximately 1.5 million people. The breach occurred in March of 2023, and the stolen data included personal information such as names, phone numbers, addresses, email addresses, and financial information.
All SMS Will Now Be Intercepted, Screened in Malaysia
Based on a directive from the Malaysian government, telecommunications providers will now seize and screen all SMS sent out in Malaysia for “prohibited contents.” Ostensibly to protect individuals from falling victim to online scams, all SMSs containing URLs, phone numbers, identity card numbers, bank accounts, or other personal details will be blocked.
T-Mobile Discloses Second Data Breach Since the Start of 2023
After discovering a data breach that leaked the personal information of 37 million customers, T-Mobile disclosed that it was hit by another data breach in February 2023. In part due to precautions the telecommunications company put in place after its first data breach, this most recent breach only affected 836 customers. It is the eighth data breach disclosed by T-Mobile since 2018.
Osano Blog: ChatGPT vs Privacy—How Concerned Should We Be?
ChatGPT is once again available in Italy after being initially banned by Italian data protection authorities. But what does the future of AI and privacy look like? How long will ChatGPT remain available in the EU? Read our blog to find out.
If you’re interested in working at Osano, check out our Careers page! We might have the perfect opportunity for you.