Retirement plan: Move to Brazil, start a “hacking for fun and profit” school with free tuition, accept 10% of each graduate’s first job.
Ransomware Recovery Costs More Than Double in a Year, Now Average $1.85 Million
A new report from cybersecurity firm Sophos indicates that ransomware recovery costs have shot up in the past year, with the average case approaching $2 million in total expenses. This is up from an average of $761,000 in 2020.
Organizations are also not finding that paying the ransom circumvents the expensive cleanup; only 8% report recovering all of their data after an attack, and 29% only recovered about half of their data. While ransomware recovery costs have ballooned to an average of 10x the usual ransom demand, it is increasingly apparent that this spending will be inevitable following a breach of this type.
Keeping up.
https://www.pogowasright.org/a-roundup-of-ccpa-court-decisions-i-only-know-of-7/
A Roundup of CCPA Court Decisions (I Only Know of 7)
Eric Goldman writes:
This post recaps the court decisions analyzing the California Consumer Privacy Act (CCPA) so far. I only know of seven opinions as of May 1, 2021, a number that struck me as surprisingly small. (If you think I’m missing any, please email me).
Overview
CCPA lawsuits generally fit into one of the following four categories:
Data breach Private Right of Action (PRA). Since Jan. 1, 2020, the CCPA authorizes a private right of action with respect to certain data breaches. I expected this would be a popular claim; I thought plaintiffs would allege it in every data breach lawsuit. We’ve seen many of those filings, but few of the cases have issued opinions yet. 16 months isn’t very long in the lifespan of litigation, so this jurisprudence is still emerging.
AG enforcement. The AG’s office gained partial enforcement power on July 1, 2021 (the remainder in August 2020). An AG enforcement will produce a court opinion only if the parties actually fight in court, which businesses are reluctant to do. Plus, the CCPA also gives businesses a mandatory cure period, which further reduces the odds of litigated disputes. I’m not aware of any AG enforcements of the CCPA spilling into court. In fact, I’m not aware of any publicized CCPA enforcement actions–a surprising stat given the target-rich enforcement environment.
Non-data breach PRA. The CCPA does not authorize PRAs for any statutory violations other than specified data breaches. Some plaintiffs have asserted those CCPA claims anyways. They will fail.
Constitutional challenges. In the CCPA’s early days, I heard a lot of chatter that unhappy businesses were going to challenge the CCPA, but I don’t believe any lawsuits were ever filed. Given the CCPA’s imminent deprecation due to the CPRA, I don’t expect any court challenges to the CCPA to emerge at this point.
TL;DR: it’s been pretty quiet on the CCPA litigation front so far.
Read his roundup of case summaries on Technology & Marketing Law Blog.
Pretty serious disruption of business models, will this stand?
96% of US users opt out of app tracking in iOS 14.5, analytics find
Some of the first data on user behavior exceeds advertisers' worst fears.
It seems that in the United States, at least, app developers and advertisers who rely on targeted mobile advertising for revenue are seeing their worst fears realized: Analytics data published this week suggests that US users choose to opt out of tracking 96 percent of the time in the wake of iOS 14.5.
Not California?
Massachusetts Pioneers Rules For Police Use Of Facial Recognition Tech
Massachusetts lawmakers passed one of the first state-wide restrictions of facial recognition as part of a sweeping police reform law.
… Police must now have a court order before they can compare images to the database of photos and names held by the RMV, the FBI, or Massachusetts State Police.
"It prevents the use of it by the police when it's not relevant to an investigation, which is an important but fairly low standard. That means [law enforcement] can't track someone in their personal life for personal reasons, like an ex-spouse, and so it prevents the most bald-faced types of potential misuse," said Rose.
… The new legislation also requires law enforcement to document their searches and eventually statistics on their searches will be made public. Whether or not the information will be disclosed to defendants is a question that's been put off to future legislation and a new commission.
The new law creates a commission to study due process and facial recognition as well as the technology's ability to identify people of different races, genders and ages and to provide recommendations for future use.
… Even though local law enforcement can only contract with the RMV, State Police, and the FBI, nothing is stopping the FBI or State Police from contracting with a private company, which local law enforcement would then have access to.
The post-Covid return to the office.
https://dilbert.com/strip/2021-05-08
