When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
Katten's Privacy, Data and Cybersecurity Quick Clicks is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe....more
The Court of Justice of the EU (CJEU)1 has held that the General Data Protection Regulation (GDPR) requires controllers to provide data subjects a "faithful reproduction" of their personal data, which takes into account the...more
For American companies doing business in Europe and European businesses relying on U.S. vendors and service providers, 2023 may be the year when Europe and the United States finally come together to implement a viable and...more
Employers often want to have a data retention policy that works for all of their international operations. We look at the challenges with this approach and how to make it work in practice....more
New Set of SCCs for Data Transfers to Third Countries On June 4, 2021, the European Commission (EC) published its long awaited new set of Standard Contractual Clauses (New SCCs). This new data transfer mechanism allows for...more
The European Data Protection Board and European Data Protection Supervisor have published a joint opinion on the data protection aspects of the European Union's proposals for a Digital Green Certificate, a form of COVID-19...more
The United Kingdom’s Information Commissioner’s Office (ICO) finalized a new Code of Practice (the Code) in September 2020, which applies to most companies that offer online services to or otherwise collect personal data from...more
Article 45 of the GDPR allows the transfer of personal data from the EU to a third country when the third country ensures an “adequate level of protection” (adequacy decision). In determining “adequacy,” the GDPR provides...more
On Friday September 4, 2020, the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area, announced that it had formed two new...more
More than 60 U.S. and global data protection authorities and governmental agencies have issued guidance on health data collection, COVID-19 diagnosis disclosure, work-at-home practices, and return-to-work approaches. The...more
Global organizations need a clear, legal means to share data across borders, whether to conduct day-to-day business, comply with government regulations, perform under a contract, respond to lawsuits, or simply communicate and...more
Since the first enforcement actions have been initiated, some with significant fines, many companies may find themselves somewhat at a loss as they may not fully know how to assess the risks involved and how to react should...more
The Data Protection Supervisory Authority for the state of Berlin (Die Berliner Beauftragte für Datenschutz und Informationsfreiheit, “Supervisory Authority”) recently issued a fine for GDPR violations against Germany’s...more
Data protection authorities (DPAs) in the European Union (EU) continue to scrutinize practices in the adtech sector for compliance with the EU’s General Data Protection Regulation (GDPR) and local data protection and...more
What can organizations learn from the first year of enforcement of the European Union’s General Data Protection Regulation (GDPR)? Quite a bit, if you pay attention to what the EU government regulators are doing....more
The GDPR is wrapping up its first year and moving full steam ahead. This principles-based regulation has had a global impact on organizations as well as individuals. While there continue to be many questions about its...more
The Lithuanian data protection inspectorate issued a 61,500 EUR fine against a payment services provider for violations of the data minimization, adequate security measures and data breach reporting requirements of GDPR....more
At the beginning of this month, more than 4,000 privacy professionals from around the globe gathered in Washington, D.C. for the International Association of Privacy Professionals’ Global Privacy Summit 2019....more
Why does this topic matter to organisations? EU data protection law provides data subjects with a wide array of rights that can be enforced against organisations that process personal data. These rights may limit the...more
As we previously reported the EU and Japan reached a tentative deal last summer to ease data transfer restrictions between them. That deal has now been approved by both the European Commission and by Japan and is effective...more
It has been six months since the European Union’s General Data Protection Regulation (GDPR) took effect on May 25, 2018, but the law is still in the early implementation stage. As discussed in a previous blog post, the GDPR...more
Background - On 17 July 2018, the European Union (the “EU”) and Japan reached an agreement to recognize each other’s data protections systems as “equivalent”, and each commits to complete internal procedures by fall 2018 (the...more
If you have ever made an online purchase, chances are that you have received at least one email in the last month notifying you that a company’s privacy policy has changed. ...more
A data lake is an infrastructure that permits different data sets from within a group to be combined and analysed together. To analyse a data lake under GDPR, it is helpful to think of a data lake in two phases, which we...more
In May 2018, the General Data Protection Regulation (GDPR) entered into effect in EU member states, replacing a longstanding and less rigorous data and e-privacy directive. ...more