European Data Protection Board Issues Privacy Shield Report

JANUARY I NATIONAL: A report issued by the European Data Protection Board (EDPB) provides guidance to regulators in both jurisdictions regarding implementation of the Privacy Shield.

Protecting Consumer Data Requires More Than Just Technology

FEBRUARY I NATIONAL: To minimize the risk of a successful data breach, TazWorks reveals five disciplines that are crucial to instilling a culture of security mindfulness within organizations.

Comprehensive Data Privacy Legislation Introduced in Massachusetts – Includes Private Right of Action Without a Need to Prove Harm

FEBRUARY I MASSACHUSETTS: A bill has been introduced that gives consumers the right to sue in the event that their personal information or biometric data is improperly used.

Privacy Risk Study 2018: Privacy Law Compliance and Litigation Deemed Significant Risk Factors

FEBRUARY I NATIONAL: A study of potential risk factor disclosures from publicly traded companies has revealed that concern over legal action from privacy law violations jumped 20 percent from last year.

A Closer Look at California’s New Privacy Regime: The Definition of “Personal Information”

APRIL I CALIFORNIA: Considered the most sweeping consumer privacy law in the country, the California Consumer Privacy Act, effective January 2020, defines “personal information.”

If a Data Subject Submits an Access of Deletion Request Directly to a Service Provider, Is the Service Provider Required to Respond to the Data Subject?

APRIL I CALIFORNIA: The California Consumer Privacy Act Practical Guide, published by Bryan Cave Leighton Paisner (BCLC), addresses frequently asked questions regarding the CCPA.

Re-Examining Data Privacy Under the FCRA

JUNE I NATIONAL: A Senate Banking Committee meeting focused on the structure and practices of the data broker industry and technology companies in regards to data protection and the FCRA.

Maryland Privacy Act Amendments Impact Businesses That Maintain Computerized Personal Information

JUNE I MARYLAND: A series of amendments approved by Maryland governor Larry Hogan will impact data breach obligations imposed on businesses that “maintain” computerized data containing personal information.

FTC Continues Enforcement of False Privacy Shield Claims

JUNE I NATIONAL: The Federal Trade Commission continues to take action against companies for violations of the Privacy Shield framework, including SecurTest, Inc., and 13 others.

United States’ International Data Transfer Methods Under the Magnifying Glass in the CJEU

JULY I NATIONAL: The Court of Justice (ECJ) heard arguments on whether the Standard Contractual Clauses (SCCs) are effective to provide adequate protection for personal data.

How to ‘Background Check’ Under the GDPR

OCTOBER I NATIONAL: Opinion 2/2017 on data processing at work details the limitations for using publicly available data, suggesting several steps companies can take to ensure compliance with the GDPR.

EU-U.S. Privacy Shield: Third Review Welcomes Progress While Identifying Steps for Improvement

OCTOBER I NATIONAL: A European Commission report confirms that the United States continues to ensure an adequate level of protection for personal data transferred under the EU-U.S. Privacy Shield.

FTC Pushing to Hold Companies Liable for Third Parties’ Activities

OCTOBER I NATIONAL: The Federal Trade Commission (FTC) began shifting its focus to holding companies accountable for the activities of third parties.

Wyden Introduces Mind Your Own Business Act of 2019

OCTOBER I NATIONAL: If passed, the Mind Your Own Business Act of 2019 would expand the FTC’s authority to regulate data collection and use, allowing “covered entities” to opt out of data sharing.

Can European Union Authorities Enforce Their Laws on U.S.-Based Companies?

NOVEMBER I NATIONAL: There have been inconsistent applications of the EU law by European Courts against U.S.-based companies that cause questions regarding the jurisdiction of the privacy enforcement.

State Privacy Laws have the Potential to Haunt Industry

NOVEMBER I NATIONAL: At least 18 states considered comprehensive privacy bills this year, some raising more flags than others.

Does a Processor That Is Located Only in the United States, Or That is Processing Data Only From the United States, Need to Appoint An Article 27 Representative

DECEMBER I NATIONAL: The General Data Protection Regulation (GDPR) requires some foreign companies to designate a “representative” that is present in the European Union (EU) to facilitate communication.