We are now in the 10-day countdown to the GDPR enforcement date that we’ve been talking about since 2015. If you are a charter member of Procrastinators Anonymous, or just secretly hoped that this would all go away, the sands...more
5/16/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Vendor Contacts
“Privacy by design” – while not a new concept – is certainly enjoying a new spot in the sunshine thanks to the European Union’s General Data Protection Regulation (“GDPR”) (50 days and counting…) and its codification of...more
4/5/2018
/ Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
We’ve discussed privacy compliance with regulations, legal requirements, etc. in the space since this blog’s inception. “Privacy by design” – while not a new concept – is certainly enjoying a new spot in the sunshine thanks...more
2/21/2018
/ Chief Information Security Officer (CISO) ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Privacy Policy
In case you had not heard, the European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s...more
2/13/2018
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
International Data Transfers ,
Life Sciences ,
Medical Records ,
Personal Data ,
Personally Identifiable Information ,
Third-Party Service Provider ,
US-EU Safe Harbor Framework
During 2016, amendments to breach notification laws in five states went into effect (California, Nebraska, Oregon, Rhode Island and Tennessee). And by the end of last year, well over twenty states had introduced or were...more
What does your TV-watching history say about you? According to a recent lawsuit against VIZIO, Inc., it might be more than you think! One of the world’s largest sellers of “smart” televisions has recently paid a $2.2 million...more
2/14/2017
/ Data Collection ,
Disclosure Requirements ,
Federal Trade Commission (FTC) ,
Personal Data ,
Prior Express Consent ,
Privacy Concerns ,
Smart Devices ,
Technology ,
Technology Sector ,
Television Programming ,
Tracking Systems ,
VIZIO
The term “cloud computing,” — a process by which remote computers are used to store, manage and process data — is no longer an unfamiliar term. According to at least one estimate, “approximately 90 percent of businesses...more
I. Introduction: Privacy Shield to Go Live August 1 (at Last) -
The replacement for Safe Harbor is finally in effect, over nine months after Safe Harbor was struck down by the Court of Justice of the EU in the Schrems...more
7/25/2016
/ Consent ,
Data Protection Authority ,
Data Security ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Notice Requirements ,
Personal Data ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
According to the FBI, “there are only two types of companies: those that have been hacked and those that will be.” It does not take an actual data breach, however, for a company to be liable for its data security practices. ...more
7/20/2016
/ Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Security ,
Dwolla ,
FinTech ,
FTC v Wyndham ,
Hackers ,
Personal Data ,
Privacy Laws
Sophisticated phishing scams and muscular hacking efforts continue to compromise personal and sensitive information held by insurers, hospital systems, and businesses large and small. In response, many states have...more
6/15/2016
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Encryption ,
Exemptions ,
Gramm-Leach-Blilely Act ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Personal Data ,
Personal Information Protection Act ,
Personally Identifiable Information ,
Phishing Scams ,
PIPA ,
Safe Harbors ,
State Data Breach Notification Statutes
Among the major headlines dominating not only the recent news cycle, but also this week’s RSA Conference in San Francisco, has been Apple’s challenge to the federal government’s request that Apple assist in unlocking the...more
3/3/2016
/ All Writs Act ,
Apple ,
CALEA ,
Corporate Counsel ,
Criminal Investigations ,
Encryption ,
FBI ,
iPhone ,
Personal Data ,
Right to Privacy ,
Search Warrant ,
Young Lawyers
And the days dwindle down, to a precious few … November …
We are still following developments in the EU relating to the invalidation of the US-EU Safe Harbor Framework. ...more
As all of our readers know by now, as of October 6, the US-EU Safe Harbor Framework is no more. Safe Harbor was the mechanism on which thousands of US companies (and thousands of companies based in the European Union)...more
10/22/2015
/ Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
International Data Transfers ,
Israel ,
Model Contracts ,
Personal Data ,
SCC ,
Schrems I & Schrems II ,
Switzerland ,
US-EU Safe Harbor Framework
On October 20, 2015, the Irish High Court ordered the Irish Data Protection Commissioner (DPC) to investigate Facebook’s European data privacy practices, bringing Max Schrems’ three-year fight full circle. The Court quashed...more
10/21/2015
/ Article 29 Working Party (WP29) ,
Data Privacy ,
Data Protection Authority ,
Data Protection Commissioner ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
International Data Transfers ,
Ireland ,
Legal Costs ,
Motions to Quash ,
Personal Data ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework
The so-called “Article 29 Working Party” of EU Data protection officials from the 28 EU member states today released a much-anticipated press release regarding the Court of Justice of the European Union (CJEU) landmark...more
10/19/2015
/ Article 29 Working Group ,
Binding Corporate Rules ,
Data Privacy ,
Data Protection Authority ,
Data Security ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
International Data Transfers ,
Model Contracts ,
Personal Data ,
SCC ,
US-EU Safe Harbor Framework