When GDPR became effective three years ago, companies took notice of the fines and penalties attached to violations of the stringent privacy law—4 percent of global annual sales. The fines have been racking up, including the most recent one by the Irish Data Protection Commission against WhatsApp—$266 million. WhatsApp is owned by Facebook.

The fine

The Irish Data Protection Commission (DPC) fined Twitter 450,000 euros (about US$546,000) for failing to timely notify the Irish DPC within the required 72 hours of discovering a Q4 2018 breach involving a bug in its Android app, and also for failing to adequately document that breach.  The bug caused some 88,726 European Twitter users’

Proposition 24 is known as the California Privacy Rights Act of 2020 (CPRA). It is on the ballot in California on November 3, and if it passes it will amend and expand certain provisions of the California Consumer Privacy Act (CCPA). Some say it’s CCPA 2.0, however, there are some provisions that make the CPRA

Washington legislators recently introduced the Washington Privacy Act (WPA). This legislation is a consumer-focused privacy law similar to the California Consumer Privacy Act (CCPA) but it also has some European Union General Data Protection Regulation (GDPR)-like concepts. The WPA protects personal data in much the same way as the CCPA, but with some significant differences.

I don’t know much about dating apps. I met my husband decades ago, long before the Internet, and the old-fashioned way—in college. But I know people who have used them, have been happy with them, have found their life partner through them, have funny stories about using them and the people they met through them.

U.S. Senator Ron Wyden, D-Oregon, recently introduced comprehensive privacy legislation, known as the “Mind Your Own Business Act” (MYOB Act), to provide protections for the private data of Americans and to hold corporate executives accountable if they abuse such information. While this isn’t the first such legislation introduced in Congress and is unlikely

After all of the GDPR compliance assessments, implementation and hullaballoo in the last year or so, many companies chose to certify that they are compliant with the EU-U.S. Privacy Shield framework rather than implementing a full-blown GDPR compliance program.

To attain Privacy Shield certification, companies must submit an application and certify that when consumer data

One of the first questions we ask our clients when they call about a security incident is whether they have insurance that may cover the costs associated with investigating the incident, potential forensic analysis, and coverage for a data breach. Sometimes the client will say “Yes, we have cyber coverage.” However, when reviewing the coverage

The Ponemon Institute recently completed research, sponsored by IBM Resilient, entitled “The 2019 Cyber Resilient Organization,” which surveyed more than 3,600 security and IT professionals around the world to determine organizations’ ability to maintain their core purpose and integrity in the face of cyber-attacks.

According to IBM, the research found that “a vast majority of