Daily Digest (5/21)

Facebook to Pay $9M to Settle Canadian Privacy Probe; NSO Group Impersonated Facebook to Help Clients Hack Targets; CDC: U.S. Schools Should Reopen With Social Distancing Once Goals Are Met; Study: 97% of US Companies Plan to Increase Data-Privacy Spending This Year. Click “Continue reading” below.

Facebook to Pay $9M to Settle Canadian Privacy Probe

Facebook Inc. has agreed to pay $9 million to settle the Competition Bureau Canada’s investigation into the company’s privacy practices.

The bureau said Tuesday that its probe found that Facebook had given the impression to users that they could control who could see and access their data, without limiting the sharing of users’ personal information with third-party developers.

In addition, third-party developers could also access the personal information of users’ friends after users installed third-party applications.

The Canadian group’s findings mirrored a section of the U.S. Federal Trade Commission Act, which bars “unfair or deceptive acts or practices in or affecting commerce” and is regularly applied by the commission to enforce “privacy promises,” according to news reports.

Sources (external links):

NSO Group Impersonated Facebook to Help Clients Hack Targets

Israeli surveillance firm NSO Group created a look-alike website to a Facebook security site to deploy its Pegasus hacking tool to targets around the world, Vice.com’s Motherboard platform reported Wednesday.

NSO already is embroiled in a lawsuit with Facebook, which is suing the company for leveraging a vulnerability in WhatsApp to let NSO clients remotely hack cellphones. WhatsApp is owned by Facebook.

In its latest discovery, Motherboard said it found more evidence that NSO used a U.S.-based infrastructure and a server used by the surveillance firm to deliver malware owned by Amazon.

According to the report, a former NSO employee provided Motherboard with the IP address of a server set-up to infect phones with NSO’s Pegasus hacking tool.

Motherboard said it had “granted the source anonymity to protect them from retaliation from the company.”

Source (external link): NSO Group Impersonated Facebook to Help Clients Hack Targets

CDC: U.S. Schools Should Reopen With Social Distancing Once Goals Are Met

U.S. schools closed the coronavirus pandemic should pursue a carefully phased reopening only after public-health goals are set, according to new federal guidelines, and summer camps should be limited largely to children from the immediate area.

The U.S. Centers for Disease Control and Prevention (CDC) released reopening suggestions Tuesday for other such settings as restaurants, mass-transit systems and employers with workers at high risk.

Nearly all 50 states so far have allowed some businesses to reopen, Reuters reports, with some moving before meeting federal guidelines.

In its directives for kindergarten through 12th grade, the CDC said schools should only reopen after a sustained decrease in newly identified cases, and even then they should implement enhanced social-distancing measures.

Those include closing cafeterias and playgrounds and serving meals in classrooms instead.

Once new cases drop to nearly zero, schools could move to looser distancing measures, such as staggering school drop-off times, according to the guidelines.

Source (external link): U.S. schools should only reopen with social distancing as benchmarks met: CDC

Study: 97% of US Companies Plan to Increase Data-Privacy Spending This Year

Ninety-seven percent of American companies said they would increase their data-privacy spending this coming year, with some saying they planned to double expenditures

The study, released Wednesday by FTI Consulting, surveyed more than 500 leaders from large U.S. companies in November 2019.

Here are some other results:

  • A third planned to expand data-privacy budgets by as much as 90% to more than 100%.
  • Eighty-seven percent said taking steps toward privacy compliance would mitigate regulatory scrutiny.
  • Seventy-eight agreed that “the value of data is encouraging organizations to find ways to avoid complying fully with data privacy regulation.”
  • Forty-four percent said they expected lack of awareness and training to be the key data-privacy challenges of the coming year.

“The survey demonstrated a general awareness and understanding of the many risks and challenges at play in the data-privacy arena,” Jake Frazier, a senior FTI Technology managing director, said in announcing the results.

Source (external link): FTI Consulting Survey Shares Data Privacy Budget and Solutions Forecast | FTI Consulting

— By DPN Staff