Privacy Compliance & Data Security

Information on Data Breach Prevention and the Appropriate Response

Privacy compliance as a competitive differentiator: 97% of 3,200 companies surveyed say they are receiving auxiliary benefits today from their data privacy investments, beyond just meeting compliance requirements. Benefits cited include: greater agility and innovation competitive advantage versus competition operational efficiency investor appeal less costly data breaches for companies that had undergone GDPR compliance work, breaches are said to have included fewer records, be shorter in duration and led to smaller financial impact fewer sales…
Will the California Consumer Privacy Act serve as a blueprint for a federal privacy law or for a patchwork quilt of state privacy laws? As states have been commencing legislative proceedings and as proposals for a federal privacy law are being formulated, the following seem to be principles that most agree should be included in a privacy law in the U.S.: Banning some practices, including using data to discriminate against users. Giving people the right…
New Jersey follows in California’s footsteps with legislative initiatives on privacy. The main proposed law (bill A-4902), will require commercial websites and online service operators to give customers: a description of the personal information collected a way to prevent the disclosure of personal information to third parties a description of the information an email address or phone number for requesting information upon request from an individual, information on all disclosures of his data within the…
If you de-identify end user data, this may be a use compatible with the original purpose for which the data was provided and not require seeking consent from the individual. So, that’s between you and the end user. What about in b2b contracts? Here, the question of using or commercializing data, even if anonymized, often becomes a point of discussion and negotiation. Details from the International Association of Privacy Professionals.…
The EU General Data Protection Regulation (GDPR) did NOT make all processing of personal data unlawful, though it seems than many think this, says Michael Kaiser, data protection officer at the Hesse Data Protection Authority in Germany. Per Kaiser, said the DPA has been inundated with complaints and breach notifications — up 1,200 percent since the GDPR went into effect. The Irish Data Protection Commissioner has a similar experience. The DPC had 2,795 breach reports…
Data monetization coming to California? “In his first state of the state address on Tuesday, California Gov. Gavin Newsom proposed “a new data dividend” that could allow residents to get paid for providing access to their data” – reports CNBC. “California’s consumers should also be able to share in the wealth that is created from their data,” Newsom said. Tech companies that “make billions of dollars collecting, curating and monetizing our personal data have a…
The Romanian Presidency of the Council of the EU has proposed a compromise on issues that are in the way of the EU e-Privacy Regulation. Highlights: A user’s consent to cookies should NOT be required for technical storage or access necessary and proportionate for the legitimate use of a service requested by the user. This may include: session cookies for tracking input when filling online form authentication session cookies cookies remembering items selected in shopping…
Data privacy bills are pending in at least eight states, reports Sara Merken at Bloomberg Law. State lawmakers are aiming to give citizens more control over their personal data. Some of the bills largely follow the lead of California, whose Consumer Privacy Act takes effect Jan. 1, 2020. Others are more narrowly focused on specific business practices. Some highlights: In North Dakota – a bill would require companies to provide to consumers, upon request, information…
China is in the early stages of setting up a data protection regulatory framework with rules for consent; personal data collection, use and sharing; and user-requested deletion of data. The intention is to build a Chinese data protection regime that is uniquely suited to China: one that builds consumer trust in a thriving digital economy but does not undermine the government’s ability to maintain control. Consequently, Chinese companies are increasingly finding that the days of…
Data rights > data ownership? That’s the position taken by Privacy International in its response to the recent editorial by artist wil.i.am in The Economist which called for tech giants to pay individuals for their data: Data rights offer a system of control and protection that is much more comprehensive than ownership, and these rights continue to exist even after you share your data with others. They apply to data that others collect about you…