1st April, 2022
1st April, 2022
Any person under the age of 18 is classified as a child under the Personal Data Protection (PDP) Bill, 2019. His or her data cannot be handled without the consent of his or her parents or guardians, as well as age verification. The Srikrishna Committee, which formulated the bill, indicated that the 18-year-old age was chosen to be consistent with other domestic regulations. It was decided that the cut-off age was too high and should be altered to take into account a child’s development. In contrast to India’s approach, the Children’s Online Privacy Protection Act in the United States has set a limit on the age of consent at 13, with verifiable parental consent required only for those under the age of 13. The General Data Protection Regulation (GDPR) in Europe proposes a range between 13 to 16 years.
By defining the age of consent below which rigorous processing constraints apply, the proposed legislation attempts to protect children’s personal and sensitive data. The provision is critical because it ensures that children’s inability to comprehend internet threats does not expose them to exploitation. However, given the dynamic nature of the internet, putting these measures in place could be difficult.
Many debates over the usage of internet-based services have revolved around the age of consent. The Bill’s child safety provisions ban commercial websites or online services “directed” at minors from profiling, tracking, behaviorally monitoring, or targeting adverts without the approval of their parents or guardians. To put it another way, the Bill assumes that such practices are harmful to anyone under the age of 18.
In recent times, there have been various occurrences where parents received calls from coaching centers for their kids through various mediums even from schools, which has made it difficult to keep track of the data being shared. Nevertheless, it is necessary to spread awareness regarding the laws governing data related to children. Tsaaro is working on a Survey toward understanding the need for a system that helps keep the data relating to children secure.
Major Privacy Updates of the Week
US Lawmakers Introduce 'ECASH' Bill in New Push to Create a Digital Dollar
US lawmaker has proposed a large-scale trial of government-backed digital cash. The Electronic Currency and Secure Hardware (ECASH) Act, introduced by Rep. Stephen Lynch (D-MA), would direct the Secretary of the Treasury to publicly test an “electronic version” of the US dollar. While the bill’s odds of passing likely remain low, it demonstrates governments’ increasing interest in launching alternatives to cryptocurrency.
US Lawmakers Introduce 'ECASH' Bill in New Push to Create a Digital Dollar
US lawmaker has proposed a large-scale trial of government-backed digital cash. The Electronic Currency and Secure Hardware (ECASH) Act, introduced by Rep. Stephen Lynch (D-MA), would direct the Secretary of the Treasury to publicly test an “electronic version” of the US dollar. While the bill’s odds of passing likely remain low, it demonstrates governments’ increasing interest in launching alternatives to cryptocurrency.
The Utah Consumer Privacy Act – Latest Privacy Law within US.
Continuing efforts at the state level to establish a data privacy framework in the US, a fourth state has passed a comprehensive consumer privacy law. Utah has joined the ranks of Colorado, California, and Virginia after Governor Spencer Cox signed the Utah Consumer Privacy Act (“UCPA”) on March 24, 2022. The legislation is set to take effect well after other state data privacy laws, on December 31, 2023.
The Utah Consumer Privacy Act – Latest Privacy Law within US.
Continuing efforts at the state level to establish a data privacy framework in the US, a fourth state has passed a comprehensive consumer privacy law. Utah has joined the ranks of Colorado, California, and Virginia after Governor Spencer Cox signed the Utah Consumer Privacy Act (“UCPA”) on March 24, 2022. The legislation is set to take effect well after other state data privacy laws, on December 31, 2023.
IT giant Globant discloses hack after Lapsus$ leaks 70GB of stolen data
IT and software development firm Globant said in a statement Wednesday that it experienced a network breach. The statement appeared to confirm claims made by Lapsus$, a group that has successfully compromised Microsoft, Nvidia, Okta, and other victims in recent weeks. Lapsus$ is a relative newcomer to the data-extortion scene. While the group’s tactics and procedures lack sophistication, members largely believed to be young and technically immature makeup for it with persistence. Gang members were rumored to be among seven individuals arrested last week by London police.
IT giant Globant discloses hack after Lapsus$ leaks 70GB of stolen data
IT and software development firm Globant said in a statement Wednesday that it experienced a network breach. The statement appeared to confirm claims made by Lapsus$, a group that has successfully compromised Microsoft, Nvidia, Okta, and other victims in recent weeks. Lapsus$ is a relative newcomer to the data-extortion scene. While the group’s tactics and procedures lack sophistication, members largely believed to be young and technically immature makeup for it with persistence. Gang members were rumored to be among seven individuals arrested last week by London police.
Transparent Tribe APT returns to strike the Indian Government.
A threat actor of likely Pakistani origin has been attributed to yet another campaign designed to backdoor targets of interest with a Windows-based remote access trojan named CrimsonRAT since at least June 2021.The latest set of attacks detailed by Cisco Talos involves making use of fake domains that mimic legitimate government and related organizations to deliver the malicious payloads, including a Python-based stager used to install .NET-based reconnaissance tools and RATs as well as a barebones .NET-based implant to run arbitrary code on the infected system.
Transparent Tribe APT returns to strike the Indian Government.
A threat actor of likely Pakistani origin has been attributed to yet another campaign designed to backdoor targets of interest with a Windows-based remote access trojan named CrimsonRAT since at least June 2021.The latest set of attacks detailed by Cisco Talos involves making use of fake domains that mimic legitimate government and related organizations to deliver the malicious payloads, including a Python-based stager used to install .NET-based reconnaissance tools and RATs as well as a barebones .NET-based implant to run arbitrary code on the infected system.
Hacker steals about $600 million in one of the biggest crypto heists
A cryptocurrency firm used by gamers to transfer virtual coins has revealed that hackers stole hundreds of millions of dollars worth of currency from it. Vietnamese blockchain game developer Sky Mavis created the Ronin Network to function as an Ethereum sidechain for its Axie Infinity game. In practice, it allows users to transfer cryptocurrency in and out of the game. Ronin Network only discovered the massive cyber-heist after a user complained yesterday that they could not withdraw funds from the bridge. The incident occurred a week ago. It said an attacker compromised Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes and used hijacked private keys to forge fake withdrawals. This resulted in the theft of 173,600 Ethereum ($592m) and $25.5m from the Ronin bridge in two transactions.
Hacker steals about $600 million in one of the biggest crypto heists
A cryptocurrency firm used by gamers to transfer virtual coins has revealed that hackers stole hundreds of millions of dollars worth of currency from it. Vietnamese blockchain game developer Sky Mavis created the Ronin Network to function as an Ethereum sidechain for its Axie Infinity game. In practice, it allows users to transfer cryptocurrency in and out of the game. Ronin Network only discovered the massive cyber-heist after a user complained yesterday that they could not withdraw funds from the bridge. The incident occurred a week ago. It said an attacker compromised Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes and used hijacked private keys to forge fake withdrawals. This resulted in the theft of 173,600 Ethereum ($592m) and $25.5m from the Ronin bridge in two transactions.
WEEKLY PRIVACY NEWSLETTER
Keep up to pace with this high-impact weekly privacy newsletter that
features significant data privacy updates, trends, and tools that can
help to make your life secure & easier every day!
*By clicking on subscribe, I agree to receive communications from Tsaaro