Privacy Monday - January 5, 2015
Welcome to the first Privacy Monday of 2015!
We hope that you enjoyed our 12 Days of Privacy series (and if you missed it, they are all linked in the right column of the blog...).
Three things that you should know for your Privacy Monday:
1. The FTC approved the Snapchat final order on New Year's Eve
Following a public comment period, the Federal Trade Commission has approved a final order settling charges that Snapchat deceived consumers with promises about the disappearing nature of messages sent through the service.
We dissected the FTC’s complaint on this blog in May (here), and according to the FTC, Snapchat also deceived consumers over the amount of personal data it collected and the security measures taken to protect that data from misuse and unauthorized disclosure.
According to the FTC's release, "[t]he settlement with Snapchat is part of the FTC’s ongoing effort to ensure that companies market their apps truthfully and keep their privacy promises to consumers," and prohibits Snapchat from misrepresenting the extent to which it maintains the privacy, security, or confidentiality of users’ information.
2. Chick-fil-A is latest breach victim
Chick-fil-A, one of America's most popular fast food restaurants, is the latest corporation to investigate the possible hacking of its customers' credit card data.
"Chick-fil-A recently received reports of potential unusual activity involving payment cards used at a few of our restaurants," the company said in a statement last week.
"We are working with leading IT security firms, law enforcement and our payment industry contacts to determine all of the facts."
The company promised that if a security breach was confirmed, it would assume financial responsibility for fraudulent charges to customers' accounts, and arrange for free identity protection services -- including credit monitoring -- for any affected consumer.
With over $5 billion in annual sales Chick-fil-A, based in Atlanta, Georgia, is the biggest fast-food chicken restaurant in the United States.
3. The Experian 2015 "Crystal Ball" Report is out
Regular readers of this blog will know that we have been saying this for some time, but this appears in the 2015 Experian Data Breach Industry Forecast: "Board members and the C-suite can no longer ignore the drastic impact a data breach has on company reputation. Meanwhile, consumers are demanding more communication and remedies from businesses after a data breach occurs. As a result, the topic is one of the highest priorities facing businesses and regulators in 2015."
The Experian report predicts that:
-
top data breaches expected in 2015 include the following - payment breaches (with the adoption requirements for EMV “Chip and PIN” technology in the US in October 2015, the window may be closing for hackers to easily profit from point-of-sale attacks, however attackers may look for new ways to compromise these companies given how profitable the payoff can be),
-
hackers will target cloud data (cloud services have become a more attractive target for attackers because consumers rely more on online services such as online banking and mobile payments), and
-
growth in healthcare breaches (it is expected that healthcare breaches will increase, due to increased movement to electronic medical records and the introduction of wearable technologies).
Get the full report here.