Privacy Insider: November 24

Here in the U.S., we're closing our laptops for a couple of days for the Thanksgiving holiday. Honestly, I could do Thanksgiving or not. As you may recognize by now, small talk pains me greatly. I want to start talking about the things that matter to us immediately. If I could swap "Where are you based?" at every industry conference with "Did you feel loved growing up?" I would. 

Every time.

But I tell you what does appeal to me right now: The idea of logging offline. 

I think it's just news fatigue. We haven't finished 2021 yet, and I'm already waving to it from the cruise ship's deck; white handkerchief and red lipstick. Bye! And while I acknowledge that I'm a Scorpio and, yes, in the wintertime, often paint my nails "midnight sky" or "Linkin Park After Dark," I recognize that some good things happened in the last year. 

Mostly, I'm grateful for the opportunity to start a dialogue with you over the last year. Technically, we don't monitor replies to our Privacy Insider email because it goes out to tens of thousands of people worldwide, many of whom are sending an auto out-of-office bounceback. But I try to read the junk responses once in a while, in case one of you is trying to get in touch. 

Thanks for the feedback! I'm grateful for it. And for when you take some time to send it, whether it's positive or a critique. From where I sit, we're just getting started. But as a young company seeking to connect with its audience, I do feel grateful that y'all have sent me notes to tell me what you like. And what you don't. 

I'm even grateful for the reader who told me I should leave America! Truly, I am. We talked that one out, exchanged well wishes, and both of us agreed I could stay. 

I think. 

I appreciate you. And who gets told that they're appreciated enough? And I mean it. I really do picture you in my head when I write, and I want to give you information that helps you do your jobs better. Please know you can always send me a note at ac@osano.com to let me know how I can do that better. 

In the meantime, hope you remember to tell someone lovely that you're grateful for them this gourd-filled holiday season. 

Hope you enjoy this roundup of the big privacy news. See you next week!

Murder trial data used to convict was retained too long, court advisor says

When Graham Dwyer was convicted of murdering childcare worker Elaine O'Hara, prosecutors used his mobile phone data to help their case. But the data used in the 2015 trial was retained illegally under Irish law at the time of the case, which only allowed for phone records to be retained for two years. In some circumstances, data can be kept for "specific severe" national security purposes. Still, the advocate general said those circumstances do not include "the prosecution of offenses, including serious offenses," such as murder cases. 
Read Story

Google updates privacy and security settings in new Chrome release

Google has reconfigured the privacy and security settings in its latest Chrome beta release, TechRadar reports. The change aims to allow users to understand how sites store data on them and delete all data stored by an individual site with one click. For developers: The ability to delete individual cookies will remain accessible at the web developer level in Google's DevTools, the report states. 
Read Story

Report on Amazon lobbying incites lawmakers' renewed calls for US privacy law

Last week, Reuters published a report alleging Amazon has been lobbying against consumer privacy protections in the U.S. In response, five lawmakers have renewed calls for a federal data privacy law. Rep. Jan Schakowsky, D-Ill., said the report illustrates Amazon's voicing support for privacy legislation but in truth only supports laws that would protect "their profits and their right to mine consumers' data, including voice recordings and facial scans." 
Read Story

US banks must report significant cyber incidents within 36 hours

U.S. financial regulators have approved a new rule that requires banks to report any "significant" cybersecurity incident within 36 hours of discovery. The rule requires banking organizations to tell their primary federal regulator if an incident has impacted their operations, ability to deliver products and services or "the stability of the U.S. financial sector," TechCrunch reports. The regulators expect full compliance with the new rule by May 1, 2022. 
Read Story

Hospital to settle for $18.4 million over patient cookies

A Massachusetts judge has granted preliminary approval for a class-action settlement based on a hospital's cookie practices. John Doe and Jane Doe sued, alleging Mass General Brigham Incorporated (and its partners) used web analytics tools to track their behavior on its public website domains without consent, then sold that information to third parties. Mass General and its subsidiaries deny the allegations but reached a preliminary settlement of $18.4 million. 
Read Story