Data Privacy Monitor

Commentary on Data Privacy & Information Security Subjects

Blog Authors

Latest from Data Privacy Monitor

Are you an app publisher or do you advertise via mobile apps or obtain marketing data that originates from them?  If so, you need to beware that regulators and consumer protection authorities are taking action against companies with regard to the notice and choice, or lack thereof, they are providing to consumers for the collection of their precise location data on mobile devices. The Digital Advertising Alliance (DAA) recently held a presentation (DAA Presentation
On March 6, SB 5376, the Washington Privacy Act, passed the Washington Senate in an overwhelming 46-1 vote (with two members excused). Prior to its passage, the Senate adopted important revisions and clarifications that would provide important relief for businesses from some of the more onerous provisions of the legislation. As we reported in our blog post discussing the recently introduced legislation, the Washington Privacy Act anticipates that businesses will accord consumers certain GDPR-style rights…
In the absence of cookies-related guidance and enforcement by regulators against ordinary website publishers and operators, many e-commerce sites, online publishers and other website operators have taken a “wait and see” approach with respect to implementing GDPR-compliant cookies consent procedures. Recent cookies-related regulatory guidance, however, from the Dutch data protection authority, Autoriteit Persoonsgegevens (“Dutch DPA”), and the Bavarian data protection authority, Bayerisches Landesamt für Datenschutzaufsicht (“BayLDA”) sends a clear signal that companies should be taking…
The Federal Trade Commission announced the creation of a new task force that is dedicated to monitoring competition in the U.S. technology industry. This Technology Task Force will coordinate and consult with 17 staff attorneys throughout the FTC who have experience in complex product and service markets, including the markets for online advertising, social networking, mobile operating systems and apps, and platform businesses. In addition to examining industry practices and conducting law enforcement investigations, these…
CrowdStrike, FireEye and IBM Security recently released their annual threat reports. These reports contain a wealth of information on recent trends in cybersecurity attacks and recommendations on the preventive measures companies can take to protect themselves. As attackers’ tactics, techniques and procedures continue to evolve, and as the attack surface of organizations continues to grow, it is increasingly important that companies stay up to date on these matters.…
Over the past few weeks, California Republican lawmakers have introduced a new package of legislation called “Your Data, Your Way,” which would expand and strengthen consumer privacy rights beyond what is required by the new California Consumer Privacy Act (CCPA). The “Your Data, Your Way” package is comprised of bills that would impose new obligations on businesses, including providing consumers greater control over the use of their data, limiting companies’ storage and use of certain…
The California attorney general (AG) has kicked of it process of promulgating regulations to interpret and implement California’s sweeping new privacy law. After a series of public hearings across the state, which we covered here and here, the AG closed the initial public comment period on March 8. Our clients have mostly sought to convey their comments through their respective trade organizations.  About a dozen of our clients asked us to supplement those efforts…
March is now here and with it the Cybersecurity Regulation of the New York Department of Financial Services (NYDFS) is now in full force and effect, including requirements relating to Third Party Service Providers[1] (e.g., vendors, suppliers, agents). To comply with the regulation, banks, insurance companies, and other financial institutions and individuals who are, or should be, licensed with NYDFS (Covered Entities) were required to address substantial data security compliance requirements over the past two…
Cybersecurity threats continued to plague the healthcare sector in 2018. Healthcare organizations notified twice as many individuals under HIPAA and other notification statutes in 2018 as compared with 2017. According to a new report from Malwarebytes Labs, 2019 State of Malware Report, trojan malware was the greatest threat to the healthcare sector in 2018.[1] Specifically, trojans Emotet and Trickbot, originally used in banking incidents, were labeled the most common malware strains, while hijackers, rootkits…
It is the 25th anniversary of the federal Children’s Online Privacy Protection Act (COPPA), which has served us well, but states are looking to expand privacy protection for minors. Several years ago California expanded its Online Privacy Protection Act to give minors the right to remove content they have posted on social media and certain other websites and to limit advertising of age-restricted products to them. Now Connecticut proposes to do the same with GA