Privacy Compliance & Data Security

Information on Data Breach Prevention and the Appropriate Response

If at first they don’t consent, try, try again? A new form of privacy fraud further complicates the relationship between the Ad Tech industry and GDPR. As Ad Tech vendors struggle to comply with the strict requirements of the EU General Data Protection Regulation (GDPR), especially around the acquisition of freely given, specific, informed and unambiguous user consent for the use of personal data – a new form of privacy fraud called “consent string fraud”…
The European Parliament Committee on Civil Liberties, Justice and Home Affairs has weighed in on blockchain with the following key points: If you want to use a blockchain structure to handle personal data you need to specifically design the blockchain platform to support data sovereignty. Personal data in the blockchain is generally not anonymous and GDPR obligations would apply; future blockchain applications should integrate mechanisms that ensure that data can be fully anonymous. You should…
Keep your passwords close…and complex, and encrypted and unique, and ever-changing. In the wake of recent data breaches involving passwords, the French data protection authority, the CNIL, has published guidelines for adequate passwords. Some highlights include: If you use a password as your sole method of authentication, it needs to be at least 12 characters consisting of uppercase letters, numbers and special characters. If you use additional measures of protection, the password may be less complex.…
Don’t store users’ passwords in cleartext. Really. It’s not a good idea. Also, it may be deemed a ‘knowing violation’ of the EU General Data Protection Regulation (GDPR) requirement to adequately protect personal data. That is one key takeaway from the GDPR enforcement action by the State Commissioner for Data Protection and Freedom of Information Baden-Wuerttemberg, Germany (LfDI), against social media company knuddels.de, after a data breach that impacted 800,000 knuddels.de users. Other takeaways from…
According to Rochelle Osei-Tutu, an International Trade Specialist at the U.S. Department of Commerce, over 4,000 companies have already registered for EU-US Privacy Shield and 2,600 for the Swiss-US Shield. Of them, 1,300 cover cross-border flows of HR data. Eighty percent of registered companies are small and medium-sized businesses, but many Fortune 500 companies are registered as well. It took 13 years under the now defunct Safe Harbor to reach these numbers, which have been…
Does the EU General Data Protection Regulation (GDPR) apply to me? The European Data Protection Board (EDPB) published for public comment its much awaited guidelines on the extraterritorial effect of GDPR. Some highlights include: In some circumstances, the presence of one employee or agent of the non-EU entity may be sufficient to constitute a stable arrangement for the purpose of GDPR scope if that employee or agent acts with a sufficient degree of stability. A…
Enforcement actions under the EU General Data Protection Regulation (GDPR) are coming to a theater near you in 2019. At the IAPP Data Protection Congress, CNIL Director of Rights Protection and Sanctions Directorate Mathias Moulin, warns that the time for the GDPR’s transition “is coming to an end,” and that it’s “time for action” and there will be “teeth.” The EDPB’s Andrea Jelinek and Irish Data Protection Commissioner, Helen Dixon, predict major GDPR-related fines will…
Fox Rothschild’s Minneapolis Privacy Summit on November 8 will explore key cybersecurity issues and compliance questions facing company decision-makers. This free event will feature an impressive array of panelists drawn from cybersecurity leaders in major industries, experienced regulatory and compliance professionals and the Chief Division Counsel of the Minneapolis Division of the FBI. Attendees receive complimentary breakfast and lunch, and can take advantage of networking opportunities and informative panel sessions: GDPR and the California Consumer…
The American Bar Association is holding its upcoming 2018 Business Law Section Annual Meeting at the Austin Convention Center in Austin, TX, from September 13 to 15. Fox partner Matt Kittay will moderate a panel entitled “Lawyer Ethical Issues in M&A Technology.” Featuring Haley Altman of Doxly, Steve Obenski of Kira Systems, and James Walker of Richards Kibbe & Orbe. The group will discuss ethical issues facing lawyers who use both emerging and…
Jeffrey L. Widman writes: In 2008, the Illinois legislature enacted the Illinois Biometric Privacy Act, 740 ILCS 14/1 et seq. (“BIPA”) to provide standards of conduct for private entities in connection with the collection and possession of “biometric identifiers and information.” BIPA regulates the collection, use, safeguarding, handling, storage, retention and destruction of such biometric identifiers. Biometric identifiers include retina and iris scans, fingerprints, voiceprints, and scans of hands and faces. It does not include…