As we’ve written about before, the question of anonymization can be tricky. When is something “anonymized” or merely “de-identified” or “pseudonymous” — and when does it matter? This is a particularly fraught issue under...more
January 28 is Data Privacy Day, and on this 14th annual Data Privacy Day, I find myself reflecting on the question of data ethics.
Far from being an academic concept, “data ethics” presents a model for data management...more
On July 16, 2020, the European Court of Justice issued one of its most important decisions on data privacy law (Schrems II), holding that the EU-US Privacy Shield is no longer a viable mechanism for EU-US data transfers under...more
7/17/2020
/ Corporate Counsel ,
Data Privacy ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
National Security ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
That sixth sense you have that someone is listening – could it be your smart speaker? There’s a chance the answer is yes, even when you don’t ask it to. A new study from Northeastern University finds that smart speakers...more
2/21/2020
/ Audio Recording ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Connected Items ,
Data Collection ,
General Data Protection Regulation (GDPR) ,
Internet of Things ,
Personal Data ,
Personal Information ,
Privacy Policy ,
Smart Devices ,
Technology Sector
Shifting how businesses think about privacy.
Let’s stop thinking about privacy policies alone, and let’s start thinking about data governance plans.
For the ordinary business trying to generate revenue and minimize risk,...more
8/27/2019
/ Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Governance ,
Personal Data ,
Popular ,
Privacy Laws ,
Privacy Policy ,
Risk Management
If you are doing business in California, the way you handle personal data could soon change in significant ways. The California Consumer Privacy Act (“CCPA”) goes into effect on January 1, 2020, and the time to start...more
You probably are employed by an organization that has a website privacy policy. I am. That’s because most organizations process personal information through their websites in some way, such as through online forms that ask...more
4/10/2019
/ Best Practices ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Use Policies ,
Personal Data ,
Privacy Policy ,
Risk Assessment ,
Risk Mitigation ,
Websites
In Case You Missed It: US and EU officials signed on to the so-called “Privacy Umbrella” deal last week. The agreement is designed to protect the personal data of EU citizens when it is transferred to the US for law...more
6/7/2016
/ Cybersecurity ,
Data Protection ,
Enforcement Actions ,
EU ,
Facebook ,
Hackers ,
International Data Transfers ,
LinkedIn ,
Mark Zuckerberg ,
Personal Data ,
Privacy Umbrella ,
Ransomware ,
Social Media
What is the future of data privacy regulation in Massachusetts? -
On March 24, 2016, the Massachusetts Attorney General’s Office gave us a glimpse. In collaboration with Harvard’s Berkman Center for Internet and Society,...more
A timely new resource for business executives, technology professionals, and lawyers alike is the newly-published Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers from the New York...more
10/26/2015
/ Board of Directors ,
Corporate Officers ,
Crisis Management ,
Cyber Incident Reporting ,
Cyber Insurance ,
Cyber Threats ,
Cybersecurity ,
Data Breach Plans ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Directors ,
Employee Training ,
Information Technology ,
Personal Data ,
Popular ,
Risk Management ,
Risk Mitigation
What makes data privacy law interesting for academics, challenging for lawyers, and frustrating for businesses its shape-shifting structure in the face of rapidly changing technology. The recent change in the invalidation of...more
10/19/2015
/ Administrative Authority ,
Breach Notification Rule ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
Federal Trade Commission (FTC) ,
FTC v Wyndham ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Popular ,
Unfair or Deceptive Trade Practices ,
US-EU Safe Harbor Framework ,
Wyndham