Tag Archives: future of privacy forum

Oklahoma Consumer Data Privacy Act…For Now

Yet another state has passed its own data privacy law, with the Oklahoma Consumer Data Privacy Act signed last month and taking effect in 2027. The key particulars:

“OKDPA grants consumers a set of rights…including rights of access, deletion, correction, and portability, and rights to opt-out of targeted advertising, sale, or profiling “in furtherance of a decision that produces a legal or similarly significant effect concerning the consumer.””

As for enforcement:

“Enforcement authority rests with the Oklahoma Attorney General.The bill includes a mandatory 30-day cure period, which does not sunset. The law imposes civil penalties of up to $7,500 per violation.”

As of now, between 19 and 22 states have privacy laws, depending upon how you count.

  • Some aren’t counting Florida because of its limited scope. It only applies to companies with over $1 billion in revenue.
  • Some aren’t counting Illinois because BIPA only applies to biometrics.
  • Some aren’t counting Oklahoma yet because it’s so new.

But we can agree that many states have privacy laws.

For now

And if some have their way, they will all disappear, to be replaced by a single uniform federal law. However, the level of preemption of state laws is an issue of discussion. The Future of Privacy Forum has addressed preemption here.

And if you need to write about privacy, biometric or otherwise, Bredemarket can help. Click below to book a free meeting with me.

Stop losing prospects! Use Bredemarket content for tech marketers
Content for tech marketers.

Here is a video about my services.

Bredemarket: Services, Process, and Pricing.

When Educational Identity Practices Don’t Meet the Future of Privacy Forum Pledge

Designed by Freepik.

When education vendors say that they protect the identities of their customers, but they don’t, bad things can happen. Illuminate Education discovered this the hard way.

On Monday, Thomas O’Malley shared the 2023 Comparitech article “US schools leaked 32 million records in 2,691 data breaches since 2005.” These leaks were due to large-scale breaches such as Illuminate Education and Blackbaud, as well as many other breaches, and affected institutions at all educational levels.

The December 2021 Illuminate Education data breach was first reported in January 2022, and by September was revealed to have affected schools across the country, exposing students’ names, birthdates, and other personal identifiable information (PII).

Two attempted class action lawsuits against Illuminate Education have been defeated. But there has still been fallout:

(The Future of Privacy Forum) initiated a review, seeking to determine whether (Illuminate Education’s) practices were and are consistent with its Pledge commitments, specifically with respect to technological safeguards in place to protect the security of data. Publicly available information appears to confirm that Illuminate Education did not encrypt all student information while at rest and in transit. Such a failure to encrypt would violate several Pledge provisions…

From https://studentprivacypledge.org/news/fpf-drops-illuminate-education-from-student-privacy-pledge/.

As a result of its inability to confirm that Illuminate Education practiced recommended data encryption practices, the Future of Privacy Forum “removed Illuminate Education from the list of Student Privacy Pledge signatories.” As of January 23, 2024, Illuminate Education’s status as a signatory has not been restored.

Can a company’s status as a Future of Privacy Forum signatory guarantee that they take all necessary steps to protect educational identity data? Of course not; perhaps there are unknown data protection failures by a signatory, and conversely a company may implement stellar policies but just never bothered to sign on the dotted line.

But presence or absence on the FPF signatories list can serve as a positive or negative risk indicator.