????? FILED Headlines: A very bad month for ticket companies, Microsoft's Recall labeled a "privacy nightmare" and, of course, the Medibank case

Hi there,??

Welcome to the inaugural edition of FILED Headlines, a new format for FILED.

As well as one email newsletter a month, we're also going to try shorter, curated-link-focused posts, sent at the end of each week. These will focus on the latest, most essential news from the intersection of data privacy, data security, and governance.

The regular monthly newsletter will be with you on schedule next week, but until then, enjoy this edition, and please feel free to provide feedback.

??? Privacy & governance?

If you saw Microsoft's recent announcement of Recall, an AI feature that records your screen, and thought, "that sounds like a privacy nightmare," the UK Information Commissioner's Office and many privacy advocates agree with you.

Slack has been using your messages to train its AI models, and if you want to opt out, you have to ask your admin to send the company an email. Slack says it uses the aggregated data to power channel and emoji suggestions and search results.

Vermont's tough new data privacy bill offers hope for states battling tech lobbyists.

And Google’s Chief Privacy Officer is out after 13 years at the company , which has no plans to replace him.

?? Security?

In case you missed it, Australian insurer Medibank faces a whopping $21 trillion fine for allegedly failing to protect customer data in one of the country’s biggest data breaches, as the Office of the Australian Information Commissioner (OAIC) sued the company in federal court. Stay tuned for a lot more from us on this subject.?

E-prescription firm MediSecure has declared insolvency following its 6.5 terabyte data breach in May. ??

This week in ticketing: Ticketmaster data breach affects 560 million customers, and in Australia a hack on rival ticket platform Ticketek exposes names, email addresses and dates of birth. ?

A leaked database shows thousands of (historical) privacy incidents at Google , laying bare the privacy challenges in running a large technology platform.?

Finally, a few victories to round out the section.?

• The FBI and international partners took down the 911 S5 botnet , which had infected more than 19 million IP addresses across 200 countries and was used for years to conceal cybercrime.?
• And authorities announced Operation Endgame , “the largest coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware,” and the beginning of an ongoing campaign targeting advanced malware “droppers” or “loaders” like IcedID, Smokeloader and Trickbot.?

??The latest from RecordPoint

?? Read:??

The ultimate guide to understanding your data , which can help with mitigating risk, improving security, and making better decisions.

Related: What is data security posture management ??

If you are based in Australia, you have undoubtedly heard that the tabelling of the Privacy Act amendments has been brought forward to August. Read our guide to preparing for them .?

?? Listen:?

Civic Data director Chris Brinkworth joined Anthony and Kris to dive deep into privacy law, following that Australia Privacy Act announcement. They cover the challenges of third-party data, the “fair and reasonable” test, and why companies responding to privacy law must focus on “privacy by design.”???

Then, SolCyber CEO Scott McCrady discussed the intersection of cybersecurity and data governance. This episode goes deep into how businesses struggle to prioritize security and privacy measures, the wider shift from perimeter-based security, to identity-based security, and the future of cybersecurity and AI.