Singapore Personal Data Protection Commission (PDPC) has published a guide on data protection in the blockchain.
Some key points:
Permissionless blockchain:
•Any personal data published in-clear is a form of public...more
The Supreme Court of the United States held in Dobbs v. Jackson Women’s Health Organization, that the Constitution does not confer a right to abortion, overruling long-standing precedent in Roe v. Wade and Planned Parenthood...more
7/5/2022
/ Abortion ,
Aiding and Abetting ,
Board of Directors ,
Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Employee Assistance Programs ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Employer Group Health Plans ,
Employment Discrimination ,
Equal Employment Opportunity Commission (EEOC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HRA ,
PHI ,
Roe v Wade ,
SCOTUS ,
Self-Insured Health Plans ,
Title VII ,
Travel Expenses ,
White Collar Crimes
The Network Advertising Initiative (NAI), an industry trade group that develops self-regulatory standards for online advertising, has released its Precise Location Information Solution Provider Voluntary Enhanced Standards....more
The Health Insurance Portability and Accountability Act of 1996 may be the most well-known privacy law in the United States, but it is also one of the most misunderstood....more
Does vehicle service data for services performed on a vehicle while owned by a previous owner belong to the new owner and need to be provided as part of a GDPR Access request?...more
“Businesses, service providers, and contractors are to comply with not just the letter of the (California Consumer Privacy Act), but the spirit of the law.”
That is according to a new Initial Statement of Reasons issued...more
6/9/2022
/ Audits ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consent ,
Consumer Privacy Rights ,
Consumer Requests ,
Data Collection ,
Data Privacy ,
Disclosure Requirements ,
Opt-Outs ,
Third-Party Service Provider
During a recent webinar hosted by The Chicago Bar Association, some other panelists and I made some predictions about the future of data privacy.
What is on the horizon?...more
California Attorney General Rob Bonta has issued statement about protecting health data in mobile apps in view of the upcoming SCOTUS decision in Dobbs. In the process, he also signaled continued enforcement....more
If you are filing a data access request and it is clear that the intention is something other than finding out whether the processing of the data was lawful, the controller can refuse your request, according to the Higher...more
The old saying went that “if you don’t want it on the front page of the newspaper, don’t put it in an email.” Well, if you don’t want to produce it as part of an employee’s Data Subject Access Request (DSAR), it shouldn’t be...more
What can the California Privacy Protection Agency learn from the EU experience as it gets ready to draft regulations regarding DPIAs? Here is a recap of my remarks from the CPRA Regulations Stakeholder Session:...more
What do obscenity and data minimization have in common?
As Justice Potter Stewart famously wrote in his concurring opinion to the U.S. Supreme Court’s decision in the 1964 free speech case Jacobellis v. Ohio, “I know it...more
4/29/2022
/ CafePress ,
California Privacy Rights Act (CPRA) ,
CCTV ,
CNIL ,
Data Collection ,
Data Deletion ,
Data Retention ,
Databases ,
DPA ,
Federal Trade Commission (FTC) ,
Pornography ,
Telehealth
The European Union is gearing up to regulate AI, but what is the U.S. doing?
•There are new Federal algorithmic transparency bills being filed:
•The Algorithmic Accountability Act of 2022, introduced by Senator Ron Wyden...more
Let’s say you are an EU company. You engage a processor. Data is processed in the EU. There is no transfer.
But in the processor-sub-processor data processing agreement, the data processor reserves the right to disclose...more
Datatilsynet Norway has issued a helpful guide on the data protection aspects of employee monitoring, which are helpful for GDPR, but also for California employers with CPRA bringing employee rights into play in 2023....more
The European Commission has issued a public call for evidence in connection with access to vehicle data, functions and resources pursuant to the proposal for the Data Act....more
What can we learn about disclosures and how to draft privacy notices from the Sweden IMY decision and why is it important for both GDPR companies and CPRA, CDPA, CPA and UCPA companies:...
...more
Here are five things you should know about Google Analytics, transfers and Schrems II.
1. Down to Middle Earth We Go Brush up on your J.R.R. Tolkien because Datatilsynet in its new guidance on cloud providers, says you...more
The Federal Trade Commission has reached a settlement in the matter of CafePress.
Here are some things you should know:
Data minimization:
•Storing information indefinitely on your network without a business need creates...more
3/21/2022
/ CafePress ,
California Privacy Rights Act (CPRA) ,
Corporate Counsel ,
Cyber Incident Reporting ,
Data Breach ,
Employee Training ,
Encryption ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
Information Systems Security Program (ISSP) ,
Mergers ,
Social Security Numbers ,
Third-Party ,
Transparency
Your rights of access under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) include inferences derived from the your personal information, California Attorney General Rob Bonta said in...more
What does the United Kingdom's Information Commissioner's Office's draft guidance say about governance and anonymization? Why is it important for GDPR and for the host of new US Privacy laws, including CPRA, CDPA and CPA? ...more
Many EU companies have their own ideas on what US Privacy laws mean for the, Here are three of the more common myths out there, busted.
Myth 1:
I don’t have physical presence in the US so the laws don’t apply to me....more
Hey hospitals, retirement homes and clinics! If you are using biometrics to control medication dispensing systems, then Illinois’ Biometric Information Privacy Act then (BIPA) has news for you....more
Maine is stepping into the privacy mix with a possible biometric law, and a possible CCPA-like law.
The biometric law, proposed by State Representative Maggie O’Neil, is generally similar to Illinois’ BIPA, even...more
Texas Attorney General Ken Paxton has filed a claim against Meta, Facebook’s parent company, under his state’s Capture or Use of Biometric Identifier Act (CUBI) in connection with the company’s facial recognition practices....more