Archives: Privacy and Data Security

Subscribe to Privacy and Data Security RSS Feed

California Consumer Privacy Act of 2018: Will You Be Ready?

Effective January 1, 2020, a new game-changing privacy law will go into effect in California:  the California Consumer Privacy Act of 2018 (CCPA). The law will have profound implications for companies that collect personal information, as that term is broadly defined, about California consumers, even if the Company is not based in California. For many … Continue Reading

Where Next for Outsourcing?

As we look around in the mid part of 2018, the outsourcing industry is in something of a state of flux. There are certainly plenty of challenges. In the UK at least (and particularly vis-à-vis the public sector), a harsh spotlight is being shone on outsourcing. Similarly, the wider global movement towards protectionism and national … Continue Reading

EU & JAPAN: Free flow of personal data from EU to Japan soon possible

On 17 July 2018 the European Union and Japan agreed to recognize each other’s data protection systems as ‘equivalent’ and to adopt reciprocal adequacy decisions. What is an adequacy decision? An adequacy decision is a decision establishing that a third country provides a comparable level of protection of personal data to that in the European … Continue Reading

New guidelines on the application and setting of fines under GDPR

Written by Petr Šebatka and Jan Metelka Less than 6 months remain for individuals and companies to get ready for the breakthrough regulation in personal data protection envisaged by the Regulation 2016/679 of 27 April 2016[1] (furthermore as “GDPR“).  Since the final version of this Regulation, experts have tried to clarify some remaining “grey” areas … Continue Reading

UK: Commitment to introduce new Data Protection Bill in line with GDPR principles

Yesterday the UK Government set out its legislative programme for the next Parliamentary term, through the Queen’s Speech. Whilst Brexit will dominate the legislative agenda, data protection received special mention with a commitment to introduce a new Data Protection Bill. The Bill will reiterate the UK’s commitment to implementation of the principles of privacy enshrined … Continue Reading

FTC Updates COPPA Guidance: Six-Step Compliance Plan for Your Business

Written by Michelle Anderson and Samantha Glazer In a June 21, 2017 blog post, the FTC announced updates to its Six-Step Compliance Plan for Your Business under the Children’s Online Privacy Protection Act (COPPA). The revisions make clear that the FTC considers new business models (e.g., voice-activated devices) and products (e.g., connected toys) to be … Continue Reading

AUSTRALIA: Increased focus on global privacy and data protection for Australian organizations

By GSC Marketing Authors: Sinead Lynch and Jessica Noakesmith Regulators around the world are, and will be, taking a much closer look at rules on the protection of individual personal data and the security of their citizen’s information. The onslaught of the new and arduous General Data Protection Regulation (GDPR) regime in Europe, the recent … Continue Reading

New Mexico becomes 48th state to enact a data breach law, plus US state-level updates

Written by Jim Halpert and Anne Kierig An active spring state legislative session has already produced a few new state data breach laws. Notably, when New Mexico HB 15 was signed into law on April 6, the state became the 48th in the nation to have a data breach law on the books. The only … Continue Reading

Congress Rolls Back FCC Broadband Privacy Rules: What Does It Mean?

Written by Sydney White and Jim Halpert This week the US House of Representatives passed a Congressional Review Act (CRA) resolution of disapproval of the US Federal Communications Commission (FCC) broadband privacy rules that were approved by the FCC in a straight partisan vote at the end of the Obama Administration, but have not yet … Continue Reading

New York AG Announces Record Year for Data Breaches in New York – and Updates Guidance on Reasonable Security Measures

Written by Michelle Anderson and Anne Kierig New York Attorney General Eric Schneiderman announced that his office received a record number (1,300) of data breach notices in 2016. In the press release, Attorney General Schneiderman also provided a list of recommendations for how organizations can help protect sensitive personal data—a list that could be used … Continue Reading

FRANCE: The French Data Protection Authority (CNIL) Publishes 6-Step Methodology For Compliance With GDPR

Written by Carol Umhoefer and Caroline Chancé  On March 15, 2017, the CNIL published a 6-step methodology for companies that want to prepare for the changes that will apply as from May 25, 2018 under the EU the General Data Protection Regulation (“GDPR”). The abolishment under GDPR of registrations and filings with data protection authorities … Continue Reading

Commerce to Begin Accepting Swiss-US Privacy Shield Applications in a Month

As we noted in our January blog post Swiss-US Privacy Shield Adopted, Aligns with EU-US Privacy Shield, the Department of Commerce will begin accepting self-certifications to the Swiss-US Privacy Shield on April 12, 2017. In response to frequently asked questions, Commerce provides guidance on how to self-certify: Companies already certified under the EU-US Privacy Shield: … Continue Reading

Data protection laws and AI: What can we learn from the GDPR?

Written by Giangiacomo Olivi  Connected devices that exchange substantial volumes of data come with some obvious data protection concerns. Such concerns increase when dealing with artificial intelligence or other devices/robots that autonomously collect large amounts of information and learn though experience. Although there are not (yet) specific regulations on data protection and artificial intelligence (AI), … Continue Reading
LexBlog