Data Privacy Dish

Updates on the Evolving Data Protection Landscape

Blog Authors

AB C DEF G HIJK L M N OPQR S TUVWXYZ

Latest from Data Privacy Dish

Data Privacy Dish

Thinking beyond the law: What is the ISO 27701 privacy framework?

By David A. Zetoony

June 11, 2021

ISO - International Organization Standardization

In 2019, the International Organization for Standards joint technical committee ISO/IEC JTC1, Information technology subcommittee SC27, developed a privacy framework that was intended to build off of the existing ISO data security standards – i.e., ISO/IEC 27001:2013 (Information security management systems) and ISO/IEC 27002:2013 (Code of practice for information security controls) – by integrating into those existing security standards data privacy-related concepts. Among other things, the ISO 27701 privacy framework integrated many controls that were…

Data Privacy Dish

David Zetoony Quoted in IAPP Article, ‘Colorado Privacy Act passes, professionals ponder effects’

By Greenberg Traurig, LLP

June 9, 2021

Greenberg Traurig Shareholder and Co-Chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice David Zetoony is quoted in a June 9 IAPP article titled “Colorado Privacy Act passes, professionals ponder effects.” Click here to read the full article.…

Data Privacy Dish

EU Decision on Cross-Border SCC of June 4, 2021

By Dr. Viola Bensinger, Carsten A. Kociok & Gretchen A. Ramos

June 9, 2021

On 04 June 2021, the EU Commission adopted two new sets of standard contractual clauses (SCC): one set for the transfer of personal data from the EU to third countries (Cross-Border SCC) and another set addressing certain clauses in controller-processor data processing agreements (DPA-SCC). The adoption was made some seven months after initial drafts of both SCC had been published by the EU Commission for public consultation (see GT blog post from 18 November 2020…

Data Privacy Dish

What is considered sensitive personal information?

By David A. Zetoony

June 9, 2021

Protect cloud information data concept. Security and safety of cloud data.

Some privacy statutes explicitly reference “sensitive” or “special” categories of personal information. While such terms, when used, often include similar data types that are generally considered as raising greater privacy risks to data subjects if disclosed, the exact categories that fall under those rubrics differ between and among statutes. Furthermore, other privacy statutes do not expressly reference “sensitive” categories of personal information, but they functionally impart additional protections on certain categories of personal information. As…

Data Privacy Dish

Does the NIST privacy framework require that companies score themselves?

By David A. Zetoony

June 7, 2021

No. The NIST privacy framework recommends that companies summarize their maturity with respect to each category by using four “Tiers.” The Tiers are intended to describe whether the current practices of the company with respect to the domain are partially in place (Tier 1), risk informed (Tier 2), repeatable (Tier 3), or adaptive (Tier 4). While the NIST privacy framework contemplates that a maturity assignment using the tiering system will help a company “communicate internally…

Data Privacy Dish

What is a profile in the context of the NIST privacy framework?

By David A. Zetoony

June 4, 2021

The NIST privacy framework refers to the term “current profile” to describe the current state of a company’s privacy program in relation to a specific Subcategory. So, for example, a company might include the following description in its current profile for the following subcategory: Subcategory Current Profile ID.IM-P1: Systems/products/services that process data are inventoried. The company maintains a data inventory policy which requires that a data inventory be conducted every 12 months that identifies each…

Data Privacy Dish

Website Accessibility: Issues Under the ADA, CCPA, and More

By Greenberg Traurig, LLP

June 3, 2021

On Thursday, June 10 from 12:00 – 1:00 p.m. MDT (2:00 – 3:00 p.m. EDT), Greenberg Traurig attorney Tyler Thompson will lead a discussion focusing on website accessibility requirements and compliance options, the intersection of the Americans with Disabilities Act (ADA) and the California Consumer Privacy Act (CCPA), new issues with overlays and plugins, the Unruh Civil Rights Act, and other key digital accessibility issues. 2021 is on pace to be the hottest year on…

Data Privacy Dish

WestLawLegal Webinar | Tracking Technologies: An Update on the Current State of Law in the U.S. and Europe on Cookies, Pixels, Scripts and Other Ecosystem Changes

By Greenberg Traurig, LLP

June 3, 2021

On Wednesday, June 9, David A. Zetoony, U.S. co-chair of Greenberg Traurig’s Data, Privacy & Cybersecurity Practice, will present the WestLawLegal webinar “Tracking Technologies: An Update on the Current State of Law in the U.S. and Europe on Cookies, Pixels, Scripts and Other Ecosystem Changes.” New laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), and the proposed ePrivacy Regulation,…

Data Privacy Dish

How many core subcategories are included in the NIST privacy framework?

By David A. Zetoony

June 3, 2021

The NIST privacy framework refers to the term “core” to describe a set of privacy activities and outcomes. The core is composed of three nested levels: Function, Category, and Subcategory. Subcategory is the most granular, and tangible, aspect of the core. In total, the NIST privacy framework proposes 100 Subcategories. It should be noted, however, that the Subcategories included within the NIST privacy framework are not intended to be exhaustive, and companies may alter the…

Data Privacy Dish

How many core categories are included in the NIST privacy framework?

By David A. Zetoony

June 2, 2021

Modern building structure with curving steel — Modern building with curving roof and glass steel column.

The NIST privacy framework refers to the term “core” to describe a set of privacy activities and outcomes. The core is composed of three nested levels: Function, Category, and Subcategory. Categories are intended to be subdivisions of the Functions, and groupings of the Subcategories. In total, the NIST privacy framework contains 18 Categories.…

Data Privacy Dish

Updates on the Evolving Data Protection Landscape

Blog Authors

Thinking beyond the law: What is the ISO 27701 privacy framework?

David Zetoony Quoted in IAPP Article, ‘Colorado Privacy Act passes, professionals ponder effects’

EU Decision on Cross-Border SCC of June 4, 2021

What is considered sensitive personal information?

Does the NIST privacy framework require that companies score themselves?

What is a profile in the context of the NIST privacy framework?

Website Accessibility: Issues Under the ADA, CCPA, and More

WestLawLegal Webinar | Tracking Technologies: An Update on the Current State of Law in the U.S. and Europe on Cookies, Pixels, Scripts and Other Ecosystem Changes

How many core subcategories are included in the NIST privacy framework?

How many core categories are included in the NIST privacy framework?

Stay Connected

Company

Products

Support

New to the Network