On the heels of working with clients on compliance with the European Union’s General Data Privacy Regulation (GDPR) and the rapidly evolving landscape of data privacy and security laws and regulations, the next hurdle to set compliance sights on for organizations is the California Consumer Privacy Act (CCPA).

We have previously outlined the requirements of

This was a busy week for activity and discussions on the federal level regarding existing privacy laws – namely the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). But the real question is, could a federal privacy law actually happen in 2019? Cybersecurity issues and the possibility of a

France’s data protection authority (DPA) (CNIL) recently announced that it has fined Google $57 million for violations of the General Data Protection Regulation (GDPR). This is the first fine by a European DPA of an American company for alleged violations of the sweeping EU privacy law.

According to the CNIL, Google did not tell consumers

The “security principle” under the General Data Protection Regulation (GDPR) requires that organizations process personal data securely by means of “appropriate” technical and organizational measures. This month, the United Kingdom’s Information Commissioner’s Office (ICO) issued new guidance focused on two specific measures the ICO recommends that companies consider in complying with the GDPR security requirements: encryption and passwords.
Continue Reading UK Information Commissioner’s Office Issues Guidance on Use of Encryption and Passwords in Connection with GDPR

Last month, the French data protection authority (the CNIL) issued initial guidance addressing issues that applications utilizing blockchain technology should consider in order to comply with the European General Data Protection Regulation (GDPR).

As recognized by the CNIL, there are certain natural conflicts between GDPR and blockchain technology. A critical feature of the blockchain is its immutability – the fact that once information is entered into the public ledger regarding a transaction, that information cannot be changed or removed from the ledger. The benefits of providing a transparent and permanent public ledger will have to be reconciled with the data subject rights granted by GDPR, including the right to be forgotten and principles of data minimization. Blockchain applications also raise thorny questions about whether participants in the network are acting as data controllers or processors, subject to the GDPR’s requirements. Additionally, how can a worldwide network of computers involved in data processing activities comply with GDPR requirements related to cross-border data transfers outside of the EU?
Continue Reading French Data Protection Authority Issues Guidance on Interaction of Blockchain Technology with GDPR

Tim Cook, Apple CEO, recently delivered the keynote address for a privacy conference, attended by policy experts and European Union (EU) lawmakers in Brussels, Belgium, where he advocated for new data privacy laws in the United States, similar to the EU’s General Data Protection Regulation (GDPR).

Cook said that modern technology has led to the creation of a “data-industrial complex” in which personal data is “weaponized against us with military efficiency.” According to Cook, this problem doesn’t just affect individuals, but whole societies.
Continue Reading Apple CEO Calls for Comprehensive US Privacy Laws

As we previously noted, Facebook originally announced a breach late last month, in which hackers took advantage of a code vulnerability in the website’s “View As” feature, to access user’s data. However, on October 12, 2018, Facebook stepped back the number of affected accounts from 50 to roughly 30 million, and it acknowledged that hackers were able to view varying levels of information for different accounts. 
Continue Reading Facebook Acknowledges Breach of Sensitive Data for Nearly 30 Million Users

As many of our readers know, the General Data Protection Regulation (GDPR) imposes significant obligations and responsibilities on entities with regard to data protection and privacy for all individuals within the European Union and the European Economic Area. Violations of GDPR can result in fines up to €20 million, or up to 4 percent of

The United Kingdom data privacy watchdog reports that the number of complaints received since the EU’s General Data Protection Regulation (GDPR) took effect three months ago has almost doubled.  Under GDPR, anyone who believes their personal data has been misused can file a complaint with the Information Commissioner’s Office, or ICO.

Legal Experts say GDPR

It is clear that the health care industry continues to be targeted with cyber-attacks. In 2018, the 10 largest health care breaches, outlined here, include unauthorized access to protected health information (PHI) through a vendor offering claims processing, ransomware incidents, successful phishing schemes, mailing PHI to wrong addressees, hacking, a misdirected email, and a