What should privacy and cybersecurity practitioners and specialists consider after the 2025 inauguration? There are a few notable issues that may shape how businesses think about their privacy and cybersecurity programs:...more
11/11/2024
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Protection ,
Election Results ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Intellectual Property Protection ,
Legislative Agendas ,
Members of Congress ,
Online Safety for Children ,
Presidential Elections ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
State Privacy Laws
On July 10, 2023, the European Commission (EC) adopted its adequacy decision for the EU-U.S. Data Privacy Framework (EU-U.S. DPF, or “Privacy Framework”), which establishes the Privacy Framework as an authorized mechanism...more
7/31/2023
/ Court of Justice of the European Union (CJEU) ,
Cross-Border Transactions ,
Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Privacy Laws ,
Regulatory Agenda
As we’ve written about before, the question of anonymization can be tricky. When is something “anonymized” or merely “de-identified” or “pseudonymous” — and when does it matter? This is a particularly fraught issue under...more
The International Association of Privacy Professionals held its annual Global Privacy Summit on April 4-5 in Washington, D.C. Here are some things we learned.
1. Generative Artificial Intelligence (“AI”) is Ubiquitous in the...more
4/13/2023
/ Artificial Intelligence ,
Corporate Governance ,
CPOs ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Information Technology ,
Internet ,
Machine Learning ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management ,
Web Scraping
With the adoption of new technology, including the quick and unexpected shift to virtual learning because of the COVID-19 pandemic, K-12 institutions are at an increased risk of cyberattacks and threats thereof. The rise in...more
When it comes to website privacy compliance, cookies have consistently presented the most fraught issues for U.S. businesses. This is especially true for those businesses that find themselves in a sometimes new or often...more
1/27/2023
/ Consumer Privacy Rights ,
Cookie Banners ,
Cookies ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Enforcement ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Member State ,
Privacy Laws ,
UK ,
Websites
As many businesses prepare to renew their insurance policies, considerations of consumer privacy rights ought to be top of mind.
The Colorado Privacy Act -
Scope -
Foley Hoag has previously written about the Colorado...more
12/23/2022
/ Biometric Information ,
Consumer Privacy Rights ,
Cyber Insurance ,
Data Protection ,
Enforcement ,
Insurance Brokers ,
Insurance Industry ,
Popular ,
Privacy Laws ,
Proposed Legislation ,
Proposed Regulation ,
Renewal Options ,
Sensitive Personal Information
On March 2, 2021, Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law. This made Virginia the second state to enact a consumer privacy and data security law, and follows hot the heels of...more
On April 21, 2021, the European Commission released a highly-anticipated proposal for a regulation governing artificial intelligence (AI). The proposal has been drafted by the Commission and its advisers, and plays a central...more
5/11/2021
/ Artificial Intelligence ,
Data Protection ,
Data Security ,
Enforcement ,
EU ,
European Commission ,
Facial Recognition Technology ,
Proposed Regulation ,
Registration Requirement ,
Regulatory Oversight ,
Transparency
January 28 is Data Privacy Day, and on this 14th annual Data Privacy Day, I find myself reflecting on the question of data ethics.
Far from being an academic concept, “data ethics” presents a model for data management...more
Last week saw major innovations in the law of data transfer from the European Economic Area (EEA) to other countries, including the United States. This alert covers one of them: new guidelines from the European Data...more
On July 16, 2020, the European Court of Justice issued one of its most important decisions on data privacy law (Schrems II), holding that the EU-US Privacy Shield is no longer a viable mechanism for EU-US data transfers under...more
7/17/2020
/ Corporate Counsel ,
Data Privacy ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
National Security ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
The new decade has barely begun, and the world of privacy already seems set to change quickly. Here is a brief overview:
New Laws In Effect as of January 1 -
On January 1, 2020, new data breach notification requirements...more
1/14/2020
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Opt-Outs ,
State Data Breach Notification Statutes
Data scraping is a technique where information on one platform is exported onto another. The practice is widespread and is used for all sort of reasons, like market analysis or advertising. The kind of information located and...more
9/11/2019
/ Cease and Desist ,
Computer Fraud and Abuse Act (CFAA) ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Rights ,
Data Use Policies ,
LinkedIn ,
Notification Requirements ,
Online Platforms ,
Personal Information ,
Personally Identifiable Information ,
Public Information ,
Web Scraping ,
Websites
Shifting how businesses think about privacy.
Let’s stop thinking about privacy policies alone, and let’s start thinking about data governance plans.
For the ordinary business trying to generate revenue and minimize risk,...more
8/27/2019
/ Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Governance ,
Personal Data ,
Popular ,
Privacy Laws ,
Privacy Policy ,
Risk Management
If you are doing business in California, the way you handle personal data could soon change in significant ways. The California Consumer Privacy Act (“CCPA”) goes into effect on January 1, 2020, and the time to start...more
Imagine this scenario: you’ve had a productive and mutually advantageous ongoing contractual relationship of several years with another party. You have built up quite a bit of trust over the years, and communicate regularly...more
4/29/2019
/ Best Practices ,
Corporate Liability ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybertheft ,
Data Privacy ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Phishing Scams ,
Risk Mitigation ,
Wire Fraud ,
Wire Transfers
In 2018, privacy and data security crossed a number of thresholds. In the public mind, through high-profile data breaches and revelations about unexpected uses of personal information, questions of privacy became much more...more
4/26/2019
/ Attorney General ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Cryptocurrency ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Energy Sector ,
Enforcement Actions ,
FCC ,
FERC ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Political Advertising ,
Popular ,
Privacy Concerns ,
Securities and Exchange Commission (SEC)
You probably are employed by an organization that has a website privacy policy. I am. That’s because most organizations process personal information through their websites in some way, such as through online forms that ask...more
4/10/2019
/ Best Practices ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Use Policies ,
Personal Data ,
Privacy Policy ,
Risk Assessment ,
Risk Mitigation ,
Websites
The California Consumer Privacy Act of 2018 (the “CCPA”) was signed into law on June 28, 2018. Although it is a state law, it has national and international ramifications. ...more
The California Consumer Privacy Act of 2018 (the “CCPA”) was signed into law on June 28, 2018. Although it is a state law, it has national and international ramifications. Here are some key aspects to be aware of....more
The Computer Fraud and Abuse Act, or CFAA, is the federal “anti-hacking” statute (or sometimes referred to as a “computer trespass” statute). In essence, the CFAA prohibits intentional unauthorized access into another...more
In Case You Missed It: US and EU officials signed on to the so-called “Privacy Umbrella” deal last week. The agreement is designed to protect the personal data of EU citizens when it is transferred to the US for law...more
6/7/2016
/ Cybersecurity ,
Data Protection ,
Enforcement Actions ,
EU ,
Facebook ,
Hackers ,
International Data Transfers ,
LinkedIn ,
Mark Zuckerberg ,
Personal Data ,
Privacy Umbrella ,
Ransomware ,
Social Media
I had the pleasure of moderating an excellent panel at the Advanced Cyber Security Center’s annual conference on November 4. The panel’s topic for discussion was “What is Reasonable in Cybersecurity: Responsibility and...more
11/5/2015
/ Audits ,
Best Practices ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Employee Training ,
Information Technology ,
Popular ,
Risk Management ,
Risk Mitigation
A timely new resource for business executives, technology professionals, and lawyers alike is the newly-published Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers from the New York...more
10/26/2015
/ Board of Directors ,
Corporate Officers ,
Crisis Management ,
Cyber Incident Reporting ,
Cyber Insurance ,
Cyber Threats ,
Cybersecurity ,
Data Breach Plans ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Directors ,
Employee Training ,
Information Technology ,
Personal Data ,
Popular ,
Risk Management ,
Risk Mitigation