On July 10, 2023, the European Commission (EC) adopted its adequacy decision for the EU-U.S. Data Privacy Framework (EU-U.S. DPF, or “Privacy Framework”), which establishes the Privacy Framework as an authorized mechanism...more
7/31/2023
/ Court of Justice of the European Union (CJEU) ,
Cross-Border Transactions ,
Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Privacy Laws ,
Regulatory Agenda
The International Association of Privacy Professionals held its annual Global Privacy Summit on April 4-5 in Washington, D.C. Here are some things we learned.
1. Generative Artificial Intelligence (“AI”) is Ubiquitous in the...more
4/13/2023
/ Artificial Intelligence ,
Corporate Governance ,
CPOs ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Information Technology ,
Internet ,
Machine Learning ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management ,
Web Scraping
When it comes to website privacy compliance, cookies have consistently presented the most fraught issues for U.S. businesses. This is especially true for those businesses that find themselves in a sometimes new or often...more
1/27/2023
/ Consumer Privacy Rights ,
Cookie Banners ,
Cookies ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Enforcement ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Member State ,
Privacy Laws ,
UK ,
Websites
On March 2, 2021, Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law. This made Virginia the second state to enact a consumer privacy and data security law, and follows hot the heels of...more
January 28 is Data Privacy Day, and on this 14th annual Data Privacy Day, I find myself reflecting on the question of data ethics.
Far from being an academic concept, “data ethics” presents a model for data management...more
On July 16, 2020, the European Court of Justice issued one of its most important decisions on data privacy law (Schrems II), holding that the EU-US Privacy Shield is no longer a viable mechanism for EU-US data transfers under...more
7/17/2020
/ Corporate Counsel ,
Data Privacy ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
National Security ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
What do businesses need to do to comply with privacy and data security laws? The first place to look is to relevant statutes. If you store or process the personal information of Massachusetts residents, then you will at...more
5/4/2020
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Enforcement ,
Equifax ,
Personal Information ,
Popular ,
Privacy Laws ,
State and Local Government ,
WISP
The new decade has barely begun, and the world of privacy already seems set to change quickly. Here is a brief overview:
New Laws In Effect as of January 1 -
On January 1, 2020, new data breach notification requirements...more
1/14/2020
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Opt-Outs ,
State Data Breach Notification Statutes
Data scraping is a technique where information on one platform is exported onto another. The practice is widespread and is used for all sort of reasons, like market analysis or advertising. The kind of information located and...more
9/11/2019
/ Cease and Desist ,
Computer Fraud and Abuse Act (CFAA) ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Rights ,
Data Use Policies ,
LinkedIn ,
Notification Requirements ,
Online Platforms ,
Personal Information ,
Personally Identifiable Information ,
Public Information ,
Web Scraping ,
Websites
Shifting how businesses think about privacy.
Let’s stop thinking about privacy policies alone, and let’s start thinking about data governance plans.
For the ordinary business trying to generate revenue and minimize risk,...more
8/27/2019
/ Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Governance ,
Personal Data ,
Popular ,
Privacy Laws ,
Privacy Policy ,
Risk Management
If you are doing business in California, the way you handle personal data could soon change in significant ways. The California Consumer Privacy Act (“CCPA”) goes into effect on January 1, 2020, and the time to start...more
Imagine this scenario: you’ve had a productive and mutually advantageous ongoing contractual relationship of several years with another party. You have built up quite a bit of trust over the years, and communicate regularly...more
4/29/2019
/ Best Practices ,
Corporate Liability ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybertheft ,
Data Privacy ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Phishing Scams ,
Risk Mitigation ,
Wire Fraud ,
Wire Transfers
In 2018, privacy and data security crossed a number of thresholds. In the public mind, through high-profile data breaches and revelations about unexpected uses of personal information, questions of privacy became much more...more
4/26/2019
/ Attorney General ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Cryptocurrency ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Energy Sector ,
Enforcement Actions ,
FCC ,
FERC ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Political Advertising ,
Popular ,
Privacy Concerns ,
Securities and Exchange Commission (SEC)
You probably are employed by an organization that has a website privacy policy. I am. That’s because most organizations process personal information through their websites in some way, such as through online forms that ask...more
4/10/2019
/ Best Practices ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Use Policies ,
Personal Data ,
Privacy Policy ,
Risk Assessment ,
Risk Mitigation ,
Websites
The California Consumer Privacy Act of 2018 (the “CCPA”) was signed into law on June 28, 2018. Although it is a state law, it has national and international ramifications. ...more
The California Consumer Privacy Act of 2018 (the “CCPA”) was signed into law on June 28, 2018. Although it is a state law, it has national and international ramifications. Here are some key aspects to be aware of....more
Editor’s note: This is the sixth and last in our end-of-year series. See our previous posts on trade secrets, state regulation and law enforcement, HIPAA compliance, emerging threats, and energy. See you in...more
In Case You Missed It: In a sign of the growing importance of cyber operations in warfare, the Obama administration plans to elevate the status of the Pentagon’s Cyber Command. The U.S. Cyber Command, or USCYBERCOM, was...more
In Case You Missed It: The Federal Trade Commission issued an opinion in the LabMD case, overturning an ALJ’s November 2015 decision holding that the FTC failed to meet its burden to prove that LabMD’s data security...more
8/1/2016
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
Hackers ,
Hillary Clinton ,
LabMD ,
Political Campaigns ,
Section 5 ,
Unfair or Deceptive Trade Practices
In Case You Missed It: Illinois strengthened its data privacy and security law, with the amendments going into effect in January 2017. The amendments include expanding the definition of “personal information” to include a...more
What is the future of data privacy regulation in Massachusetts? -
On March 24, 2016, the Massachusetts Attorney General’s Office gave us a glimpse. In collaboration with Harvard’s Berkman Center for Internet and Society,...more
I had the pleasure of moderating an excellent panel at the Advanced Cyber Security Center’s annual conference on November 4. The panel’s topic for discussion was “What is Reasonable in Cybersecurity: Responsibility and...more
11/5/2015
/ Audits ,
Best Practices ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Employee Training ,
Information Technology ,
Popular ,
Risk Management ,
Risk Mitigation
A timely new resource for business executives, technology professionals, and lawyers alike is the newly-published Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers from the New York...more
10/26/2015
/ Board of Directors ,
Corporate Officers ,
Crisis Management ,
Cyber Incident Reporting ,
Cyber Insurance ,
Cyber Threats ,
Cybersecurity ,
Data Breach Plans ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Directors ,
Employee Training ,
Information Technology ,
Personal Data ,
Popular ,
Risk Management ,
Risk Mitigation
The Cybersecurity and Information Sharing Act (S.754), or CISA, cleared an important hurdle on October 22, 2015 when the Senate voted 83-14 to end debate on several amendments to the bill. CISA creates a cyberthreat...more
Data breaches are crisis moments that business must prepare for in many ways: not just in taking steps at prevention, but also mitigating losses, arranging for business continuity, complying with legal and regulatory...more
10/19/2015
/ Business Continuity Plans ,
Crisis Management ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Privacy ,
Data Protection ,
Data Security ,
Loss Mitigation ,
Popular ,
Public Relations ,
Reputation Management