Exercises, Information Security, Privacy and Security

Colorado AG Publishes Guidance on Data Security Practices and Announces Upcoming Rulemaking Under the Colorado Privacy Act

Hunton Privacy

FEBRUARY 2, 2022

On January 28, 2022, in celebration of Data Privacy Day, the Colorado Attorney General’s Office issued prepared remarks from Colorado Attorney General Phil Weiser and published guidance on data security best practices. Regularly reviewing and updating security policies.

Privacy

Privacy Security Data breaches Ransomware

CHINA: Draft Rules on Privacy Policies Released – Is Your Privacy Policy Compliant?

DLA Piper Privacy Matters

AUGUST 8, 2022

On 26 May 2022, the TC260 released the Draft Requirements on Privacy Agreements for Internet Platforms, Products and Services (“ Draft Requirements ”) for public consultation. If passed, the Draft Requirements will likely be referred to by regulatory authorities and third party agencies in evaluating organisations’ privacy policies.

Privacy

Privacy Personal data Data collection Access

Data Protection: Where’s the Brexit Privacy Dividend?

Data Protector

AUGUST 17, 2020

No longer might UK privacy pros feel obliged to wait for the publication of weirdly worded EDPB opinions. Enormous amounts of money have been spent in a belated acknowledgement of, in many cases, decades of under investment on privacy issues. The GDPR has had a profound impact on many organisations. Was such a fine really appropriate?

Privacy

Privacy GDPR Personal data Computer and Electronics

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

A guide to cyber security for marketing agencies

IT Governance

FEBRUARY 9, 2021

If your marketing agency is under the impression that cyber security is strictly an IT issue, you should think again. Effective security is a company-wide commitment, and marketers play one of the most crucial roles. The system helps organisations manage, monitor and improve their security practices in one place.

Marketing

Marketing Security GDPR Privacy

California Attorney General Reminds Health App Providers of Obligations to Protect Reproductive Health Information

Hunton Privacy

JUNE 7, 2022

It also urges mobile app providers to adopt robust security and privacy measures to protect reproductive health information.

Privacy

Privacy Authentication Information Security Risk

CIPL Releases Report on Effective Data Privacy Accountability

Hunton Privacy

JUNE 8, 2020

On June 3, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP published its report, What Good and Effective Data Privacy Accountability Looks Like: Mapping Organizations’ Practices to the CIPL Accountability Framework (“Report”). Canada, Europe, Asia-Pacific and Latin America.

Data Privacy

Data Privacy Privacy Compliance Risk

New York City Council Passes Tenant Data Privacy Act

Hunton Privacy

MAY 13, 2021

On April 29, 2021, the New York City Council passed the Tenant Data Privacy Act (“TDPA”), which would regulate the collection, use, safeguarding and retention of tenant data by owners of “smart access” buildings. Privacy policy. Security safeguards. The TDPA has been sent to the New York City Mayor’s desk for signature.

Data Privacy

Data Privacy Privacy Authentication Passwords

Florida Comprehensive State Privacy Law Sent to Governor for Signature

Hunton Privacy

MAY 17, 2023

Unlike the other comprehensive state privacy laws that have been enacted, the FDBR applies to a much narrower subset of entities. 262 ) to Governor Ron DeSantis for signature. Consumer” means an individual resident or domiciled in Florida and does not include an individual acting in a commercial or employment context.

Privacy

Privacy Personal data Sales Government

What you should do now in light of the Privacy Reform bill

Data Protection Report

OCTOBER 26, 2022

Major privacy law reform in Australia gathered pace this week, with newly tabled legislation proposing to significantly increase penalties for privacy breaches, among other reforms. Do we have an effective information classification process? Information Sharing and Public Interest Disclosure. The reforms at a glance.

Privacy

Privacy Data breaches Risk Compliance

California Privacy Law Overhaul – Proposition 24 Passes

Data Matters

NOVEMBER 4, 2020

The results are in, and California voters have approved the California Privacy Rights Act (CPRA) which was listed on the ballot as Proposition 24. Consumers will also have opt-out rights relating to the use of their personal information in automated decision-making, including consumer profiling.

Privacy

Privacy B2B Sales Data breaches

C-11 – The act to enact the Consumer Privacy Protection Act: Five top measures to get ready

Privacy and Cybersecurity Law

DECEMBER 10, 2020

Chantal Bernier, National Practice Leader, Privacy and Cybersecurity, Dentons Canada LLP Former Interim Privacy Commissioner of Canada. It will apply to all businesses across Canada, except to provincial businesses in Alberta, British Columbia and Québec where provincial privacy laws apply to the private sector. .

Privacy

Privacy Compliance Artificial Intelligence Risk

New China Guideline for Internet Personal Information Security Protection

Data Protection Report

DECEMBER 5, 2018

On 30 November 2018 the Cyber Security Protection Bureau, under the auspices of the PRC Ministry of Public Security (the “MPS”), issued a draft Guideline for Internet Personal Information Security Protection (the “Guideline”) along with a request for public comments. Introduction. technical measures; and.

Information Security

Information Security Security Authentication Passwords

UK ICO issues largest ever GDPR privacy fine of £183m ($228m)

Data Matters

JULY 8, 2019

Ensuring that a company is properly prepared for and responds to privacy and cyber security threats is a key corporate governance responsibility for directors and senior officers. Maintain an asset inventory of key information and data systems to assess how the business can be impacted by cyber threats.

GDPR

GDPR Privacy Data breaches Risk

Strengthening Privacy Rights with Privacy Enhancing Technologies

AIIM

NOVEMBER 5, 2018

Moreover, there seems to be momentum developing for a more comprehensive US Federal Privacy initiative consistent with GDPR. The current US data privacy regime is somewhat fragmented and sectoral in nature and is perceived to be an impediment to competing in the digital economy. Content Analytics (Privacy Information Management).

Privacy

Privacy Artificial Intelligence GDPR Analytics

California Legislature Passes Bill to Establish the Genetic Information Privacy Act, Pending Governor’s Signature

Hunton Privacy

SEPTEMBER 1, 2020

Not disclosing, subject to specified exceptions, a consumer’s genetic data to certain entities ( e.g. , those responsible for making decisions regarding health insurance, life insurance or employment). Department of Health and Human Services pursuant to HIPAA and the HITECH Act.

Privacy

Privacy Insurance Marketing Information governance

European Data Protection Board Issues Privacy Shield Report

Hunton Privacy

JANUARY 28, 2019

Privacy Shield (the “Report”). authorities, the Report provides guidance to regulators in both jurisdictions regarding implementation of the Privacy Shield and highlights the EDPB’s ongoing concerns with regard to the Privacy Shield. businesses to clarify the requirements of the Privacy Shield ( g. , authorities.

Privacy

Privacy Compliance IT Information Security

Dangerous permissions detected in top Android health apps

Security Affairs

SEPTEMBER 15, 2023

Behind the sleek interfaces and promising functionalities lurks a hidden concern that has captured the attention of security researchers and users alike – dangerous Android app permissions. Android permissions The Android operating system has a comprehensive permission system designed to protect a user’s privacy and security.

Privacy

Privacy Access IT Security

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

FEBRUARY 6, 2019

The stolen information allegedly included names and identifying information, hashed passwords, security questions and answers, family information, Social Security numbers, lab results, health insurance information, doctor’s names, and medical conditions, among other things.

Data breaches

Data breaches Computer and Electronics Security Insurance

CPPA Board Holds Meeting on Revised Draft Regulations for Risk Assessment and Automated Decisionmaking Technology

Hunton Privacy

MARCH 15, 2024

Elements of Risk Assessments Clarify the operational elements of the processing that the business must identify in a risk assessment, which include, e.g. , the business’s planned method for collecting, using, disclosing, retaining or otherwise processing personal information, and the sources of the personal information.

Risk

Risk Artificial Intelligence Compliance Privacy

CHINA: important new developments in PRC data privacy regulations

DLA Piper Privacy Matters

OCTOBER 31, 2019

An updated draft of China’s Amended Personal Information Security Specification (“Amended PIS Specification”) and proposed new amendments to the privacy specification for mobile apps (“App Privacy Specification”) were published this week, alongside brand new draft privacy regulations for the banking sector.

Data Privacy

Data Privacy Privacy Data collection Data breaches

Comments Submitted on California Consumer Privacy Act of 2020—Initiative 19-0021

Data Matters

NOVEMBER 12, 2019

Mactaggart, As privacy practitioners, we share your passion and dedication to the development of information privacy and data protection law in the United States. Your commitment to these issues is clear, and we commend the seriousness of your work in addressing privacy rights in accordance with your vision.

Privacy

Privacy Data breaches Compliance Personal data

Ways to Develop a Cybersecurity Training Program for Employees

Security Affairs

APRIL 15, 2022

Cybersecurity experts would have you believe that your organization’s employees have a crucial role in bolstering or damaging your company’s security initiatives. Now is the moment to train your personnel on security best practices, if you haven’t already. Customize Your Security Training.

Cybersecurity

Cybersecurity Data Privacy Data breaches Privacy

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. The only processing operations exempt from the GDPR are national security and law enforcement activities and purely personal uses of data. Privacy policies should use plain language that anyone can understand.

GDPR

GDPR Compliance Personal data Privacy

ICO Publishes Its Accountability Framework

Hunton Privacy

SEPTEMBER 14, 2020

The ICO states that its Accountability Framework “supports the foundations of an effective privacy management programme.”. The structure of the Framework is broad and flexible so that organizations may exercise judgment as to which of the articulated expectations are most relevant to their business.

IT

IT Compliance Records Management GDPR

The risk of pasting confidential company data into ChatGPT

Security Affairs

MARCH 12, 2023

The experts also warn that enterprise security software cannot monitor the use of ChatGPT by employees and prevent the leak of sensitive/confidential company data. In general, it’s always important to exercise due diligence when discussing sensitive information online. “Since ChatGPT launched publicly, 5.6%

Risk

Risk Artificial Intelligence Privacy Personal data

IRELAND: First GDPR fine issued in Ireland

DLA Piper Privacy Matters

MAY 19, 2020

Organisations must ensure they have robust access controls and security measures in place to prevent against unauthorised disclosure. It will act as a reminder to organisations of the powers of the regulator when considering their obligations in relation to privacy, data protection and information security governance.

GDPR

GDPR Personal data Government Paper

California Consumer Privacy Act Signed, Introduces Key Privacy Requirements for Businesses

Hunton Privacy

JUNE 29, 2018

On June 28, 2018, the Governor of California signed AB 375 , the California Consumer Privacy Act of 2018 (the “Act”). The Act introduces key privacy requirements for businesses, and was passed quickly by California lawmakers in an effort to remove a ballot initiative of the same name from the November 6, 2018, statewide ballot.

Privacy

Privacy Sales Personal data Communications

OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands

Security Affairs

APRIL 28, 2023

OpenAI restored access to ChatGPT in Italy after the company met the demands of the Italian Data Protection Authority, Garante Privacy. At the time the privacy watchdog said that there is no legal basis underpinning the massive collection and processing of personal data to ‘train’ the algorithms on which the platform relies. .

Personal data

Personal data Privacy Access Education

EU hits Meta with $1.3 billion fine for transferring European user data to the US

Security Affairs

MAY 22, 2023

The battle had roots in the past, precisely in 2013 when the privacy activist and NOYB founder, Max Schrems, filed a complaint about Facebook’s handling of his data following the revelations of Edward Snowden about the global surveillance program operated by the US. Data Privacy Framework on December 13, 2022. The EU-U.S.

GDPR

GDPR Personal data Privacy Data Privacy

California Legislature Passes Bill Regulating Data Brokers

Hunton Privacy

SEPTEMBER 21, 2023

The Act aims to close a loophole in the California Consumer Privacy Act (“CCPA”) that allows consumers to request that data brokers delete personal information obtained directly from the consumer, but does not require data brokers to delete personal information obtained from other sources.

Insurance

Insurance Personal data Sales Compliance

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Hunton Privacy

JULY 12, 2021

With respect to ransomware prevention, the Department expects regulated companies to implement the following controls whenever possible: Email filtering and anti-phishing training for employees, including regular exercises and blocking malicious attachments and links; Vulnerability and patch management, including a documented program to identify, assess, (..)

Ransomware

Ransomware Security Financial Services Cybersecurity

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. Create, Maintain, and Exercise a Cyber Incident Response, Resilience, and Continuity of Operations Plan. The post U.S.

Cybersecurity

Cybersecurity Financial Services Authentication Government

European Commission Presents EU-U.S. Privacy Shield

Hunton Privacy

FEBRUARY 29, 2016

Privacy Shield. Privacy Shield, was reached on February 2, 2016, between the U.S. Privacy Shield are equivalent to the EU data protection standards. Privacy Shield. The four most important aspects of the Privacy Shield are: Enhanced obligations on companies and robust enforcement. The EU-U.S.

Privacy

Privacy Personal data Access Government

CIPL Responds to NTIA Request for Comment on Developing the Administration’s Approach to Consumer Privacy

Hunton Privacy

NOVEMBER 26, 2018

Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) in response to its request for public comments on developing the administration’s approach to consumer privacy. privacy framework: Privacy Outcomes.

Privacy

Privacy Risk Personal data GDPR

EDPB Releases Guidelines on Virtual Voice Assistants

Hunton Privacy

MARCH 13, 2021

These activities raise compliance issues under both the General Data Protection Regulation (“GDPR”) and the e-Privacy Directive. In addition, VVAs require a terminal device equipped with a microphone and transfer data to remote service.

Personal data

Personal data Compliance GDPR Privacy

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

This is the eighth post in a series on privacy by Andrew Pery. You might also be interested in: Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. Privacy by Design: The Intersection of Law and Technology. What Do the GDPR and new Privacy Laws Mean for U.S.

GDPR

GDPR Compliance Data collection Privacy

Movement on Section 702 of the Foreign Intelligence Surveillance Act (FISA)

Data Matters

JANUARY 22, 2018

person query in certain circumstances—specifically, if the query was in connection with a criminal investigation unrelated to national security and not designed to find foreign intelligence information. Privacy Shield. Whistleblower Protection. Classification Study.

Privacy

Privacy Encryption Communications Information Security

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

Security Measures Automated Password Blocker : NYDFS clarified that the requirement for Class A companies to implement “an automated method of blocking commonly used passwords” applies only to accounts on information systems “owned or controlled by a Class A company” and for all other accounts only where “feasible.”

Cybersecurity

Cybersecurity IT Compliance Financial Services

Article 29 Working Party Releases Opinion on EU-U.S. Privacy Shield

Hunton Privacy

APRIL 13, 2016

Privacy Shield (the “ Privacy Shield ”) draft adequacy decision. The Privacy Shield was created to replace the previous Safe Harbor framework invalidated by the Court of Justice of the European Union (“CJEU”) in the Schrems decision. Commercial Aspect of the Privacy Shield. Background. Purpose Limitation.

Privacy

Privacy Personal data Healthcare GDPR

What is data protection by design and default

IT Governance

JUNE 13, 2019

This essentially means that you must consider privacy and information security risks at the outset of all projects that involve personal data. With cyber attacks on the rise, a growing public interest in data privacy and the strengthened penalties introduced by the GDPR, it makes sense to prioritise information security.

GDPR

GDPR Personal data Compliance Privacy

New Dubai International Financial Centre Data Protection Law Comes into Effect

Hunton Privacy

JULY 9, 2020

Data Breach Notification: Controllers are required to notify the Commissioner of Data Protection of any personal data breach that compromises a data subject’s confidentiality, security or privacy. Data subjects also must be notified if the breach is likely to result in a high risk to their security or rights.

Personal data

Personal data GDPR Data breaches Compliance

Navigating China: The digital journey

DLA Piper Privacy Matters

NOVEMBER 5, 2019

Episode 6: Further developments in PRC data privacy regulations. On the other hand, contact lists on personal mobile devices are now deemed sensitive personal information. Helpful clarification is provided as to when and how Personal Information Security Impact Assessments (PIIAs) must be conducted.

Data collection

Data collection Data breaches Privacy Information Security

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

The DPO must be invited to strategic meetings and requested to provide advice on all processing where his/her intervention or presence must be systematic, notably in case of evolution of processing, conduct of a data protection impact assessment(“DPIA”), revision of existing privacy policies or drafting of new policies, data breaches etc.

GDPR

GDPR Compliance Personal data Communications

UPDATE: FTC Announces Record-Breaking Facebook Settlement Order

Hunton Privacy

JULY 25, 2019

As previously reported on July 12, 2019, Facebook will pay a $5 billion penalty to the Federal Trade Commission to resolve a privacy probe into whether Facebook violated a prior FTC consent decree requiring the company to better protect user privacy. In addition to the penalty, the settlement order, finalized by the U.S.

Privacy

Privacy Passwords Compliance Encryption

Colorado AG Publishes Guidance on Data Security Practices and Announces Upcoming Rulemaking Under the Colorado Privacy Act

CHINA: Draft Rules on Privacy Policies Released – Is Your Privacy Policy Compliant?

Webinars

Trending Sources

Data Protection: Where’s the Brexit Privacy Dividend?

Webinars

A guide to cyber security for marketing agencies

California Attorney General Reminds Health App Providers of Obligations to Protect Reproductive Health Information

CIPL Releases Report on Effective Data Privacy Accountability

New York City Council Passes Tenant Data Privacy Act

Florida Comprehensive State Privacy Law Sent to Governor for Signature

What you should do now in light of the Privacy Reform bill

California Privacy Law Overhaul – Proposition 24 Passes

C-11 – The act to enact the Consumer Privacy Protection Act: Five top measures to get ready

New China Guideline for Internet Personal Information Security Protection

UK ICO issues largest ever GDPR privacy fine of £183m ($228m)

Strengthening Privacy Rights with Privacy Enhancing Technologies

California Legislature Passes Bill to Establish the Genetic Information Privacy Act, Pending Governor’s Signature

European Data Protection Board Issues Privacy Shield Report

Dangerous permissions detected in top Android health apps

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

CPPA Board Holds Meeting on Revised Draft Regulations for Risk Assessment and Automated Decisionmaking Technology

CHINA: important new developments in PRC data privacy regulations

Comments Submitted on California Consumer Privacy Act of 2020—Initiative 19-0021

Ways to Develop a Cybersecurity Training Program for Employees

How to implement the General Data Protection Regulation (GDPR)

ICO Publishes Its Accountability Framework

The risk of pasting confidential company data into ChatGPT

IRELAND: First GDPR fine issued in Ireland

California Consumer Privacy Act Signed, Introduces Key Privacy Requirements for Businesses

OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands

EU hits Meta with $1.3 billion fine for transferring European user data to the US

California Legislature Passes Bill Regulating Data Brokers

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

European Commission Presents EU-U.S. Privacy Shield

CIPL Responds to NTIA Request for Comment on Developing the Administration’s Approach to Consumer Privacy

EDPB Releases Guidelines on Virtual Voice Assistants

Guest Post - Three Critical Steps for GDPR Compliance

Movement on Section 702 of the Foreign Intelligence Surveillance Act (FISA)

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Article 29 Working Party Releases Opinion on EU-U.S. Privacy Shield

What is data protection by design and default

New Dubai International Financial Centre Data Protection Law Comes into Effect

Navigating China: The digital journey

France: The CNIL publishes a practical guide on Data Protection Officers

UPDATE: FTC Announces Record-Breaking Facebook Settlement Order

Stay Connected