Top News: New US Consumer Data Privacy and Security Act, China’s new rules for smart cars, and more




Consumer Data Privacy and Security Act reintroduced in Senate

A new federal privacy bill called the Consumer Data Privacy and Security Act has been reintroduced in the US Senate to strengthen laws around consumers’ personal data and create clear standards and regulations for American businesses that collect, process and use consumers’ personal identifiable data. Though the act draws similarities with the GDPR and CCPA in the way that it provides similar rights and protections but is more favorable to small and midsize businesses. Read more about the bill here.

The University of California (UC) part of nationwide cyber attack

The University of California (UC) was hit with a massive data breach, along with some other universities, government agencies, and private companies across the US. The attack targeted the Accellion file transfer application and exploited a vulnerability in the application’s file-transfer service to copy and transfer files. The UC stated that the compromised data includes names, addresses, telephone numbers, birth dates, Social Security numbers, and bank account details for “employees and their dependents and beneficiaries, retirees and their beneficiaries, students and their families,” and possibly other people with UC connections.


China to secure data from internet-connected cars

China has drafted rules to secure data generated by connected vehicles, like the Tesla smart cars. As per the new rules, companies are forbidden from processing data from cars that are not related to vehicle management or driving safety. In addition, data related to locations, roads, buildings, terrain and other information collected from the environment outside the cars through sensors such as cameras and radar should not leave the country. Read the report here.


Over 40 apps exposing AWS API keys

A security search engine for mobile apps called BeVigil has found 0.5% (more than 40) of mobile apps to be leaking their AWS API keys, putting their internal networks and user data at high risk. CloudSEK added that AWS keys hardcoded in a mobile app source code can be a huge problem, especially if its (Identity and Access Management) role has wide scope and permissions.


Data Privacy Protocol Alliance to build a decentralized data ecosystem

More than 20 businesses worldwide have come together to form the Data Privacy Protocol Alliance (DPPA) that will build a decentralized blockchain-based data ecosystem. The system will provide consumers control of their data and compete against entrenched data monopolies. Read the complete press release here.