Click here to listen to the audio.

What do Ecuador, San Diego, the FBI and Bayfront HMA medical Center have in common? They’re all in data privacy news this first week of fall 2019.

Ecuador disclosed a data breach affecting more than 20 million people, more than its entire population. The breach exposed data held on an unsecured server operated by an Ecuadorian analytics firm. National identity, tax and employment information was hacked and is presumably now available on the dark web for sale. Ecuador will expedite passage of cybersecurity and data privacy legislation, a wave cresting throughout Latin America.

U.S. Health and Human Services settled with Bayfront HMA Medical for a fine of $85,000 and a corrective action plan. This arose from a mother’s complaint that she was not provided timely access to records about her unborn.

The FBI disclosed that it uses subpoenas without a judge’s review and approval to seek documents from a broad spectrum of companies. It justifies secret subpoenas when it has specific facts indicating that a target is an agent of a foreign power and the information sought is relevant to an investigation into terrorism, counterintelligence or a data leak. The subpoenas typically include what amounts to a gag order.

Big tech is addressing the interface between data collection and misuse by third parties. Tech companies are suspending or restricting apps that could result in scandals like Cambridge Analytica. Facebook has suspended tens of thousands of apps for reasons ranging from improper collection of posted information and failure to respond to its inquiries.

The battle between local government data collection and privacy rages in San Diego, where a coalition called for the City to stop using its “smart streetlight” program. The City collects data about pedestrian and vehicle movement and counts, parking and other matters for planning purposes. Coalition members demand that the public be informed about what’s being collected and involved in restricting use of such data.

Marketing and ad companies - take note of the Interactive Advertising Bureau’s Proposal for Enhanced Accountability. This outlines industry technical solutions and best practices, including moving away from cookies to a single standardized identifier to track consumer behavior.

Facebook lost most of round one in a California court involving Cambridge Analytica claims, allowing a class action to move beyond a motion to dismiss despite Facebook’s argument that no tangible harm was shown about information shared on social media. At the dismissal stage a plaintiff’s allegations are generally assumed to be true for pleading purposes, but the District Court judge remarked that Facebook’s views about data privacy were “so wrong,” a strong term at initial stages. The battle moves to round two.