The current COVID-19 pandemic raises some significant issues and risks relating to cybersecurity and data privacy in the US that should be considered carefully and addressed appropriately. Concerns range from cybercriminals targeting a newly-remote workforce with clever phishing scams that prey on the environment of uncertainty, to worries that the crisis will give cover to expanded and potentially problematic uses of technologies such as geolocation and facial recognition. Many businesses are unsure of whether and…

On Thursday, 26 March 2020, we will host a webinar – COVID-19 and EU Data Protection: Advice for Businesses Operating in the EU.  …

On February 10, 2020, the German Federal Commissioner for Data Protection and Freedom of Information (BfDI) initiated its first public consultation procedure on the anonymization of personal data, with a particular focus on providers of electronic communication services.  As the European Commission Communication in A European Strategy for Data recognized, anonymized data may be used for many purposes and bring enormous benefits to citizens, for example, by improving mobility and road safety.…

The ICO has updated its own blog with more helpful information, this time for individuals who may be worried about the increased processing of their own personal data and sensitive information, in light of the ongoing COVID-19 crisis. Of interest to businesses and employers, is the recognition that whilst employees might think requests for information about their health and recent travel are excessive, as we have previously reported employers and organisations do have legal obligations…

On March 6, 2020, the CNIL published recommendations on the collection of personal data in the context of COVID-19. Health data is particularly protected within the framework of a series of regulations (notably GDPR, French Data Protection Act and French Public Health Code). Restrictions The CNIL insists that employers cannot take measures likely to impair the privacy of the data subjects, in particular, by collecting health data that would go beyond the management of suspected…

Virgin Media is reportedly one of the latest UK companies to suffer a data security breach. On 5 March 2020, it published a statement on its website explaining that one of its databases had been accessed without Virgin Media’s authorisation, due to a configuration issue. It is reported that the database had been left unsecured since April 2019 and that it contained information about (approximately) 900,000 existing and potential customers. Virgin Media states that the…

On March 11, 2020, the California Attorney General (“AG”) published a second round of modifications to the proposed regulations under the California Consumer Privacy Act of 2018 (“CCPA”). The AG initially published the proposed regulations in October 2019 and then published modifications to such proposed regulations in February 2020. The deadline for submitting comments on this draft of modifications to the proposed CCPA regulations is Friday, March 27, 2020, at 5:00 p.m. PDT. The March…