Eye On Privacy

Timely Updates and Analysis on Privacy and Cybersecurity Issues

Blog Authors

A B C DEF G H IJKLM NOPQR STUVWXYZ

Dave Thomas

Liisa Thomas

Matthew Turetzky

Latest from Eye On Privacy

Eye On Privacy

New European Data Protection Board Guidance on Data Protection by Design and by Default

By Liisa Thomas, Kari Rollins & Elfin Noce

December 10, 2019

The European Data Protection Board recently requested comments on its data protection “by design and default” guidelines. Comments are due by mid-January of next year. The Guidelines provide clarity about how to address GDPR’s requirement that companies take “appropriate” technical and organizational steps to protect personal information and individuals. Part of the law’s requirements, according to the guidelines, is that companies can show that the measures they took are effective.…

Eye On Privacy

New Artificial Intelligence Law for Illinois Employers in January 2020

By Julia Kadish & Liisa Thomas

December 3, 2019

January 1, 2020, organizations that employ individuals based in Illinois will need to keep in mind the Artificial Intelligence Video Interview Act. This Act sets forth new requirements for video-recorded interviews using AI to analyze such recordings. The law is not limited to just Illinois residents. It applies to applicants for positions based in Illinois. While brief, and without any definitions, the Act requires three things before using AI technology in video interviews.…

Eye On Privacy

The Privacy Shield Survives Another EU Commission Review, For Now…

By Liisa Thomas, Rachel Tarko Hudson, Rebecca Mackin & Julia Kadish

November 22, 2019

The EU Commission concluded its third annual review of the EU-U.S. Privacy Shield and found that it continues to provide an adequate level of protection for EU personal data. The program was created as a mechanism to facilitate transfers of personal data from the EU to the US. It is reviewed annually by the EU Commission, as we have discussed in prior posts. That body did express concern with some parts of the program.…

Eye On Privacy

FTC and Software Company Reach Security Settlement Over Unfair Practices

By Julia Kadish & Liisa Thomas

November 20, 2019

The FTC recently settled with Infotrax Systems, L.C. a technology company providing software to the direct sales industry. The settlement followed a breach suffered by the company, and involved allegations the company had failed to use reasonable security. According to the FTC, for almost two years, a hacker accessed InfroTrax’s server unnoticed at least seventeen times. The data accessed included social security numbers and payment card information. It also included unencrypted user IDs and passwords.…

Eye On Privacy

CISA Releases “Cyber Essentials” to Assist Small Businesses

By Jonathan E. Meyer, Townsend Bourne & *Nikole Snyder

November 12, 2019

The Department of Homeland Security Cybersecurity & Infrastructure Security Agency recently released its Cyber Essentials guide. Consistent with the NIST Cybersecurity Framework, these Cyber Essentials provide “a starting point to cyber readiness,” and are specifically aimed at small businesses and local government agencies that may have fewer resources to dedicate to cybersecurity. The guide suggests a holistic approach for managing cyber risks, and is broken down into six “Essential Elements of a Culture of…

Eye On Privacy

California Follows Vermont, Requires Data Broker Registration

By Liisa Thomas & Julia Kadish

October 14, 2019

Joining Vermont, California will now require data brokers to register with the California Attorney General. The law was signed October 11, 2019. It applies to companies that “knowingly” collect and sell personal information about consumers with whom they do not have a “direct relationship.” They must register with the AG by January 31, 2020.…

Eye On Privacy

Proposed CCPA Regs Released, Comments Due Dec. 6

By Craig Cardon, Liisa Thomas, Rachel Tarko Hudson, Kari Rollins, Brian Anderson & Julia Kadish

October 11, 2019

The California attorney general has released draft regulations for CCPA, giving companies further guidance on a variety of topics. The regulations are in draft, and comments are due to the attorney general’s office by December 6, 2019. The AGs office will also be holding a series of hearings across the state, on December 2 (Sacramento), 3 (Los Angeles), 4 (San Francisco), and 5 (Fresno). Among the many items that companies will be examining in more…

Eye On Privacy

A Single Text Message May Not Violate TCPA

By Shannon Petersen, Liisa Thomas, Lisa Yun & Elfin Noce

October 7, 2019

As we reported in our sister blog, “One ‘Chirp, Buzz, Or Blink’ Is Not Enough To Sue Under the TCPA”, a recent court decision makes it more difficult for plaintiffs to establish standing under the Telephone Consumer Protection Act. In its decision, the Eleventh Circuit ruled that a single text message from an attorney to his former client did not amount to sufficient harm to sue in federal court. The Court concluded that…

Eye On Privacy

Modifications Under CCPA To Receipt of Consumer Requests

By Liisa Thomas, Craig Cardon, Rachel Tarko Hudson & Rebecca Mackin

October 3, 2019

One of the CCPA amendments that has gone to the governor’s desk is AB 1564, which addresses the methods companies must make available to consumers to exercise their rights under CCPA. Businesses which operate exclusively online and have direct relationships with their consumers can (1) provide an email address for consumers to submit requests, and (2) if they have a website (which presumably all online businesses would!), have a method for consumers to submit requests…

Eye On Privacy

CNIL Issues Record-Keeping Guidance

By Liisa Thomas, Sylvie Rousseau & Rebecca Mackin

September 30, 2019

Under GDPR, companies are required to keep certain records of their processing activities. There has been some question about the types of records controllers should keep. To help clarify the questions arising from many companies, CNIL issued guidance recently about how to fulfill record keeping obligations. The guidance includes an RPA template for controllers, and outlines contents to include for both controllers and processors. This includes keeping track of why information was collected, the categories of…

Eye On Privacy

Timely Updates and Analysis on Privacy and Cybersecurity Issues

Blog Authors

New European Data Protection Board Guidance on Data Protection by Design and by Default

New Artificial Intelligence Law for Illinois Employers in January 2020

The Privacy Shield Survives Another EU Commission Review, For Now…

FTC and Software Company Reach Security Settlement Over Unfair Practices

CISA Releases “Cyber Essentials” to Assist Small Businesses

California Follows Vermont, Requires Data Broker Registration

Proposed CCPA Regs Released, Comments Due Dec. 6

A Single Text Message May Not Violate TCPA

Modifications Under CCPA To Receipt of Consumer Requests

CNIL Issues Record-Keeping Guidance

Stay Connected

Company

Support

New to the Network