The Privacy Insider Podcast Ep. 7: David, Goliath, and Data Privacy Part II: Max Schrems
When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
LAG Düsseldorf: Hintergrund-Recherchen über Bewerber als Teil des üblichen Bewerbungsprozesses? Wie es in dem Zusammenhang zu einem Schadensersatzanspruch kommen kann. Ein Arbeitgeber muss einem Bewerber 1.000 EUR als...more
Private Nutzung von Internet und E-Mail am Arbeitsplatz: Endlich mehr Sicherheit für Arbeitgeber? Nach bisheriger Auffassung der deutschen Datenschutzbehörden ist der Arbeitgeber bei gestatteter Privatnutzung von...more
Italy plays a prominent role in EU AI Act negotiations and engages in political discussions for future laws. Laws/Regulations directly regulating AI (the “AI Regulations”) Currently, there are no specific laws,...more
Germany evaluates AI-specific legislation needs and actively engages in international initiatives. Laws/Regulations directly regulating AI (the “AI Regulations”) Currently, with the exception of minor references to AI...more
In September 2023, Delaware became the seventh state in 2023 to enact comprehensive privacy law with the Delaware Personal Data Privacy Act (DPDPA), joining Indiana, Iowa, Montana, Oregon, Tennessee and Texas. The DPDPA will...more
Warum ist das relevant? Bei Verstößen gegen das Datenschutzrecht drohen Unternehmen insbesondere zwei Konsequenzen: Maßnahmen der Datenschutzaufsichtsbehörden inkl. möglicher DSGVO-Geldbußen nach Art. 83 DSGVO sowie...more
The newly promulgated measures increase the threshold of data triggering security assessments and contract requirements while leaving room for Chinese authorities to heavily restrict cross-border data transfers. In...more
Die europäischen Datenschutzbehörden haben eine koordinierte Prüfaktion mit Fokus auf das Auskunftsrecht gem. Art. 15 DSGVO gestartet. Dabei handelt es sich um eines der in der Praxis bedeutsamsten Datenschutzrechte, gerade...more
The opinion was issued in response to a request by the French Data Protection Authority and provides guidance on the conditions for determining a controller's main establishment where that controller has establishments in...more
Warum ist das relevant? Die bisherige deutsche Rechtslage ging davon aus, dass die bloße Feststellung eines Datenschutzverstoßes durch ein Unternehmen für die Verhängung einer Geldbuße nicht ausreichend war. Vielmehr musste...more
On 19 September 2023, the UK Parliament passed the Online Safety Bill (“OSB”). The OSB aims to protect individuals from illegal online content and focuses on the protection of children by requiring the removal of content that...more
As of July 17, 2023, U.S.-based multinational employers that can access the personal data of their workforce members in the European Union (EU) via a human resources information system (HRIS), or otherwise transfer the...more
At the end of June, the European Data Protection Board (EDPB) published its Recommendations (Recs) on Binding Corporate Rules (BCRs). Among other things, the Recs require existing and in process BCRs to: - Incorporate...more
Most Financial Services Institutions (FSIs) have digital technology at their core. And a primary responsibility for most FSIs is “cyber-connect” customers – be they organizations or individuals – with their money simply and...more
In the last few months alone, dozens of reported data breaches have already occurred. From Twitter’s breach that leaked millions of user accounts to ChatGPT’s breach that exposed subscriber payment information, it can...more
The International Association of Privacy Professionals held its annual Global Privacy Summit on April 4-5 in Washington, D.C. Here are some things we learned. 1. Generative Artificial Intelligence (“AI”) is Ubiquitous in the...more
On 8 March 2023, the newly-created Department for Science, Innovation and Technology (“DSIT”) introduced the UK government’s updated proposals for data protection reform in the shape of the Data Protection and Digital...more
Data Privacy Week was an opportune time to consider the important issue of how we as a society determine when privacy takes precedence in conflicts between data access and data privacy. A recent such example was the November...more
On 16 November 2022, EU Regulation 2022/2065, better known as the Digital Services Act (“DSA”), came into force. The DSA is a key development in the use of online services in the European Union (“EU”), with an impact on...more
The EU’s General Data Protection Regulation (GDPR) regulates the transfer of personal data in the European Union. For many multinational employers, Standard Contractual Clauses (SCCs) offer the only practical means of...more
Data protection regulation and it’s enforcement is increasingly in the headlines. The widescale and growing reliance on technology has put greater pressure on lawmakers worldwide to ensure the necessary legal framework is put...more
Following a public consultation on an initial version released last January, the European Data Protection Board (“EDPB”) last month adopted a final version of its Guidelines on Examples regarding Personal Data Breach...more
It’s no secret that compliance is a huge part of a corporate lawyer’s job. Whether it’s internal or external compliance, there’s a lot that needs to be done to keep a business operating smoothly and on the right side of the...more
Companies not established in the UK who process the personal data of UK-based individuals are required to appoint a representative in the UK pursuant to Article 27 of the UK GDPR. This requirement may become less practical...more
EDPB Issues Draft Guidance on International Data Transfers - On November 18, 2021, the European Data Protection Board (“EDPB”) published draft guidance on the interaction between the GDPR’s transfer provisions set out in...more