< ciso
brief />
Tag Banner

All news with #data governance tag

106 articles · page 4 of 6

California Regulators Target Sale of Sensitive Health Data

⚖️California privacy regulators have taken enforcement action under the Delete Act, penalizing a marketing firm and a global analytics provider for trading in sensitive consumer profiles without proper registration. The agency fined Rickenbacher Data LLC (operating as Datamasters) $45,000 and ordered it to stop selling and delete California data. Separately, S&P Global was fined $62,600 for failing to register as a data broker. Officials highlighted risks from lists linked to medical conditions, race, age, political views and spending.
read more →

California Bars Data Broker from Reselling Health Data

🛑 The California Privacy Protection Agency ordered Rickenbacher Data LLC, operating as Datamasters, to stop selling Californians' health and personal information and fined the firm $45,000 for failing to register as a data broker under the California Delete Act. Regulators found Datamasters bought and resold hundreds of millions of records—names, emails, addresses and phone numbers—targeting people by medical conditions, age, perceived race, political views and purchases. The agency ordered deletion of previously acquired California records by the end of December, requires any newly received Californian data to be purged within 24 hours, and imposed five years of compliance measures; CalPrivacy also fined S&P Global $62,600 for an administrative registration lapse.
read more →

IDHS Privacy Misconfiguration Exposes Data of 700K Residents

🔒 The Illinois Department of Human Services (IDHS) said that misconfigured privacy settings on a public mapping website exposed personal and health-related information for nearly 700,000 residents. Maps intended for internal resource planning were publicly accessible for years, revealing addresses, case numbers, demographics, and plan names for many Medicaid and Medicare Savings Program recipients, and additional identifying details for some rehabilitation services customers. IDHS restricted access, reviewed exposed maps, blocked future uploads of identifiable customer data to public mapping platforms, and has notified affected individuals and regulators.
read more →

OpenAI Launches ChatGPT Health with Isolated Data Controls

🩺 OpenAI announced ChatGPT Health, a sandboxed space that lets users discuss health topics and optionally connect medical records and popular wellness apps (Apple Health, Function, MyFitnessPal, Weight Watchers, AllTrails, Instacart, Peloton) for tailored responses, lab-test insights, nutrition advice, meal ideas and suggested workouts. The feature is rolling out to Free, Go, Plus and Pro users outside the EEA, Switzerland and the U.K., and OpenAI says it is designed to support medical care, not replace diagnosis or treatment. Health operates in a silo with purpose-built encryption and isolation; conversations are not used to train OpenAI's foundation models, and connected apps require explicit permission and additional security review.
read more →

OpenAI: ChatGPT Health won't use health data to train models

🔒 OpenAI has introduced ChatGPT Health, a private space for health conversations, and says by default it will not use your health information to train its foundation models. An in-dashboard alert observed during early-access testing states health data is subject to a Health Privacy Notice and recommends enabling multi-factor authentication. OpenAI cautions that ChatGPT is not a substitute for professional medical advice and notes the feature is rolling out to most users but is not yet available in the EEA, Switzerland, or the UK.
read more →

Wegmans Likely Uses Facial Recognition on Customers

🔎 The New York City Wegmans is reportedly collecting biometric information about customers through in-store cameras and analytics systems. Bruce Schneier highlights that this appears to amount to facial recognition or at least biometric profiling without clear customer notice or consent. The piece raises concerns about transparency, retention policies, and potential misuse of sensitive data. It calls attention to gaps in oversight and urges better disclosure and regulation.
read more →

Shadow Spreadsheets: Controlling the Hidden Security Gap

🔒 Even well-defended environments can be undermined by 'shadow spreadsheets'—ad hoc Sheets or Excel files users share because official tools don't meet every need. These files proliferate, evade DLP and audit visibility, and create an unmanageable attack surface. Training or heavy-handed lockdowns often fail, while custom apps are costly and slow. The piece recommends Grist, a self-hostable, spreadsheet-like platform built on a relational back end with RBAC and audit logging to restore a single source of truth.
read more →

VMO2 and Google Cloud: Data Contracts for Scalable AI

🔒 VMO2, with Google Cloud, implemented data contracts as machine-readable agreements to guarantee dataset quality, schema, semantics, and SLOs for individual assets like BigQuery tables and Cloud Storage buckets. Defined in YAML and managed via GitLab, contracts are validated and operationalized by Dataplex Universal Catalog, which provisions Data Quality Scan jobs and profiling. The platform uses Cloud Composer, Pub/Sub, and BigQuery to orchestrate scans, surface results, and provide dashboards for real-time observability.
read more →

AWS launches Spatial Data Management (SDMA) solution

🗺️ Spatial Data Management on AWS (SDMA) centralizes multimodal spatial assets — 3D, geospatial, behavioral, and temporal data — into a secure, highly available cloud repository. It automates metadata extraction for formats such as .LAZ, .E57, .GLB, and .GLTF, provides REST APIs and customizable connectors, and offers web and desktop interfaces with auto-generated previews to accelerate validation without large downloads. SDMA is designed to simplify integrations, governance, and discoverability to speed operational insights across AWS regions.
read more →

Amazon Connect Customer Profiles adds Spark SQL segments

🔍 Amazon Connect Customer Profiles now offers Beta segmentation powered by Spark SQL, enabling analysts to build sophisticated customer segments from both custom and standard profile objects. You can join objects, apply statistical functions such as percentiles, and standardize date fields for complex temporal analysis, or use the Segment AI assistant to translate natural language into Spark SQL. AI-generated queries include plain-language explanations and automatic membership estimates so you can review and validate results before deployment. These capabilities work alongside existing segmentation features and integrate with segment membership calls, Flow blocks, and Outbound Campaigns, and are available in all AWS regions where Customer Profiles is offered.
read more →

Dataplex Data Products: Curated Assets for Enterprise

🔍 Google Cloud has introduced data products in Dataplex Universal Catalog (preview), packaging curated data assets, documentation, and governance controls into purpose-built units aligned to business use cases. These data products let producers declare quality, freshness, ownership, and contractual guarantees while grouping assets to simplify access and reduce operational toil. Consumers can discover, request access, and rely on documented lineage and context to accelerate analytics. Google also positions data products as foundational inputs to more reliable AI and agent-driven workflows.
read more →

Amazon SageMaker Catalog Exports Asset Metadata to Iceberg

🔍 Amazon SageMaker Catalog now exports asset metadata as an Apache Iceberg table via Amazon S3 Tables, enabling teams to query catalog inventory with standard SQL without building custom ETL. The export includes technical fields (resource_id, resource_type), business metadata (asset_name, business_description), ownership details, and timestamps, partitioned by snapshot_date for time travel queries. The dataset appears in SageMaker Unified Studio and is queryable from Amazon Athena, Studio notebooks, AI agents, and BI tools. Available in all supported Regions at no additional SageMaker charge; you pay for S3 Tables storage and Athena queries.
read more →

Amazon SageMaker Catalog Adds Automated Data Classification

🤖 Amazon SageMaker Catalog now provides automated data classification that suggests business glossary terms during dataset publishing to reduce manual tagging and improve metadata consistency. The capability leverages Amazon Bedrock language models to analyze table metadata and schema and recommend relevant business and sensitive-data terms from organizational glossaries. Data producers receive AI-generated suggestions they can accept or modify before publishing, helping standardize vocabulary and improve data discoverability. The feature is available in multiple AWS regions and can be managed via SageMaker Unified Studio, the AWS CLI, or SDKs.
read more →

AWS Glue Adds Apache Iceberg-Based Materialized Views

⚡ AWS Glue now supports materialized views stored in Apache Iceberg format and managed in the AWS Glue Data Catalog. Data teams can create views with standard Spark SQL, attach a refresh schedule, and rely on automatic change detection, incremental updates, and managed compute for refresh jobs. Query engines across Athena, EMR, and AWS Glue rewrite queries to use these views, improving performance by up to 8x and lowering compute costs, while SQL tools like Redshift and SageMaker can read the Iceberg tables directly.
read more →

Amazon S3 Metadata Now Available in 22 More Regions

🔍 Amazon S3 Metadata is expanding to twenty-two additional AWS Regions, bringing automated, queryable object and custom metadata closer to more customers. The feature automatically populates metadata for both new and existing objects in near real-time and supports system-defined details (size, source) and user-defined tags such as product SKUs or transaction IDs. This expansion makes S3 Metadata generally available in 28 Regions and enables faster data discovery, curation, and analytics inside existing S3 workflows.
read more →

AWS Glue: Zero-ETL Replication for Self-Managed Databases

🔁AWS Glue now supports zero-ETL for self-managed database sources, enabling no-code replication from Oracle, SQL Server, MySQL, and PostgreSQL hosted on-premises or on EC2 to Amazon Redshift. The feature auto-creates ongoing integrations to simplify setup, reduce operational overhead, and eliminate much of the engineering work previously required to build ingestion pipelines. It is available in multiple AWS Regions and aims to save teams weeks of engineering effort.
read more →

BigQuery Data Transfer Service Enhancements and Compliance

🔔 The BigQuery Data Transfer Service expands its connector ecosystem with new GA integrations (Oracle, Salesforce, ServiceNow, SFMC, Facebook Ads, and GA4) and preview connectors like Stripe, PayPal, Snowflake, and Hive. Platform improvements include event-driven transfers, incremental ingestion, GAQL-based custom Google Ads reports, and enhanced Oracle scale. Security and compliance gains—EU Data Boundary GA, FedRAMP High, CJIS, access transparency, regional endpoints, and key usage tracking—support regulated workloads. A new consumption-based pricing model applies to third-party connectors once they reach GA.
read more →

Amazon SageMaker Catalog Adds Column-Level Metadata

📣 Amazon SageMaker Catalog now supports custom column-level metadata forms and markdown-enabled rich text descriptions so data stewards can attach business-specific key-value metadata and formatted documentation directly to individual columns. Form values and rich text are indexed in real time and become immediately searchable alongside column names, descriptions, and glossary terms. This capability is available in all AWS Regions where SageMaker is supported.
read more →

Amazon SageMaker Catalog Enforces Glossary Metadata

📌 Amazon SageMaker Catalog now enforces glossary-term metadata during asset publishing. Administrators can require data producers to tag assets with approved business vocabulary from organizational glossaries, and enforcement rules will block publication if required terms are missing. This standardizes metadata, aligns technical schemas with business language, and improves discoverability and governance. Available in all regions where Amazon SageMaker Catalog operates; policies can be managed via the console, CLI, or SDKs.
read more →

India DPDP Rules 2025 Make Privacy an Engineering Challenge

🔒 India’s new Digital Personal Data Protection (DPDP) Rules, 2025 impose strict consent, verification, and fixed deletion timelines that require large platforms and enterprises to redesign how they collect, store, and erase personal data. The rules create Significant Data Fiduciaries with added audit and algorithmic-check obligations and formalize certified Consent Managers. Organizations have 12–18 months to adopt automated consent capture, verification, retention enforcement, and data-mapping across cloud, on‑prem, and SaaS environments.
read more →