Privacy Compliance & Data Security

Information on Data Breach Prevention and the Appropriate Response

Latest from Privacy Compliance & Data Security

How Will CCPA Affect California Employers?

By Odia Kagan on August 22, 2019

With AB25, the pending amendment that attempts to carve out information of California employees from the scope of the California Consumer Privacy Act (CCPA), are employers of California-based employees completely off the hook? In short – no! Fox Rothschild’s Nancy Yaffe takes a deeper dive in this post to our California Employment Law blog. Read the full post.…

Privacy Compliance & Data Security

What Does it Mean to De-identify Information Under CCPA?

By Odia Kagan on August 22, 2019

Information that is de-identified is no longer personal information under the California Consumer Privacy Act. But what does “de-identified” really mean and does existing guidance under the European Union’s General Data Protection Regulation (GDPR) offer any insight? Take a deeper dive in this article: Read the full article. …

Privacy Compliance & Data Security

FTC Reaches Settlement With Company Over Privacy Shield Misrepresentations

By Fox Rothschild LLP on August 21, 2019

The Federal Trade Commission has approved a final consent order settling charges that a background screening company falsely claimed to be in compliance with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. SecurTest, Inc. agreed in June to settle FTC charges that its website falsely claimed that it participated in the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. The FTC alleged that while SecurTest initiated a Privacy Shield application in September 2017 with the U.S. Department of…

Privacy Compliance & Data Security

Ireland, Poland Offer Guidance on Data Breach Response Under GDPR

By Odia Kagan on August 19, 2019

The Irish Data Protection Commission and Polish Data Protection Authority have issued guidance on data breach notification under GDPR in which they address the following questions, and more: When do you “become aware” of a data breach? What should a data breach notification include? How do you communicate a data breach notification? The guidance offers plenty of actionable advice. Read my detailed analysis.…

Privacy Compliance & Data Security

How to Count to 30: UK ICO Sets Timeline for Responding to Data Subject Requests

By Odia Kagan on August 19, 2019

Following a decision from the Court of Justice of the EU, the UK Information Commissioner’s Office changed its guidance on how to calculate the GDPR 30-day time limit for data subject requests. Per the ICO: “You should calculate the time limit from the day you receive the request (whether it is a working day or not) until the corresponding calendar date in the next month. Example An organisation receives a request on 3 September. The…

Privacy Compliance & Data Security

Researchers: Most Cookie Consent Notices Are Not GDPR Compliant

By Odia Kagan on August 19, 2019

“Given the legal requirements for explicit, informed consent, it is obvious that the vast majority of cookie consent notices are not compliant with European privacy law – researchers at the University of Michigan have found.” “If given a choice, just 0.1 percent of site visitors would freely choose to enable all cookie categories/vendors — i.e. when not being forced to do so by a lack of choice or via nudging with manipulative dark patterns (such…

Privacy Compliance & Data Security

Legislation Would Give Consumers Ability to File Lawsuits Against Major Credit Reporting Agencies Over Data Breaches

By Odia Kagan on August 16, 2019

Rep. Katie Porter (D-Calif.) is preparing to take on the largest credit reporting bureaus with a data security proposal that would give consumers the right to sue after data breaches. Porter’s bill would amend the Fair Credit Reporting Act (FCRA) to include a reasonable data security standard for credit reporting agencies… as well as other entities subject to the law. Establishing that requirement would give consumers the ability to sue using the FCRA’s existing private…

Privacy Compliance & Data Security

US Senators Raise Concerns About EdTech Data Privacy

By Odia Kagan on August 16, 2019

“U.S. Senators Dick Durbin (D-IL), Ed Markey (D-MA), and Richard Blumenthal (D-CT) today sent letters to numerous education technology (EdTech) companies inquiring about data collection practices on American students. The Senators raised concerns that the learning tools used by these companies could pose a serious risk to students, parents, and educational institutions as a result of the potential for massive amounts of personal information to be stolen, collected, or sold without their permission or knowledge.…

Privacy Compliance & Data Security

Verifying Consumer Data Requests Under CCPA May Pose Business Risk

By Odia Kagan on August 14, 2019

“Companies need to be vigilant as they set up their consumer response processes. This ‘verified consumer’ part is no small thing. It requires a robust commitment to accurately sourcing your verification data, skill in identifying dubious requests, and some healthy skepticism wouldn’t hurt. The emphasis now is to bend over backward to help consumers to invoke their new rights, but if this is not done well, consumers will ultimately be hurt by fraudsters tampering with…

Privacy Compliance & Data Security

Draft GDPR Code of Conduct for Data Processors Has Broader Applications

By Odia Kagan on August 13, 2019

Meant for small and medium enterprises, a draft GDPR code of conduct for Data Processors has been submitted for approval in the Netherlands. It contains detailed requirements for data processor compliance including: Documented data protection plan Information security management system based on a recognized standard At least annual evaluation of your privacy and information security framework Store client data separately from other clients Render data inaccessible within no more than three months after client agreement…

Privacy Compliance & Data Security

Information on Data Breach Prevention and the Appropriate Response

Blog Authors

How Will CCPA Affect California Employers?

What Does it Mean to De-identify Information Under CCPA?

FTC Reaches Settlement With Company Over Privacy Shield Misrepresentations

Ireland, Poland Offer Guidance on Data Breach Response Under GDPR

How to Count to 30: UK ICO Sets Timeline for Responding to Data Subject Requests

Researchers: Most Cookie Consent Notices Are Not GDPR Compliant

Legislation Would Give Consumers Ability to File Lawsuits Against Major Credit Reporting Agencies Over Data Breaches

US Senators Raise Concerns About EdTech Data Privacy

Verifying Consumer Data Requests Under CCPA May Pose Business Risk

Draft GDPR Code of Conduct for Data Processors Has Broader Applications

Company

Support

New to the Network