The Federal Trade Commission (FTC) has a long-standing habit of creating legal obligations through blog posts. Recent communications from the FTC by way of its Office of Technology Blog evidence an aggressive expectation...more
What does the United Kingdom's Information Commissioner's Office's draft guidance say about governance and anonymization? Why is it important for GDPR and for the host of new US Privacy laws, including CPRA, CDPA and CPA? ...more
Given the significant risk of harm to individuals stemming from data re-identification, it is imperative that the SJC account for data identifiability in determining which information in court records will be made accessible...more
In some cases yes, and in other cases no. The CCPA defines “personal information” as information that, among other things, “is capable of being associated with” a particular consumer....more
Maybe. “Salting” refers to the insertion of a random value (e.g., a number or a letter) into personal data before that data is hashed. Whether personal information that has undergone salting and hashing is still...more
Maybe. Hashing refers to the process of using an algorithm to transform data of any size into a unique fixed sized output (e.g., combination of numbers). ...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more