Data collection, Examples and Exercises - Information Management Today

Big California Privacy News: Legislative and Enforcement Updates

Data Matters

SEPTEMBER 6, 2022

As a provider subject to CMIA, mental health apps would be subject to HIPAA-like constraints on their ability to use and share data collected and will have increased litigation exposure, as CMIA includes a private right of action. New CCPA Enforcement Case Examples – Opt Outs, GPC, Clarity & Functionality Are Top of Mind.

Privacy

Privacy B2B Sales Compliance

Colorado AG Publishes Draft Colorado Privacy Act Rules

Hunton Privacy

NOVEMBER 1, 2022

Below are key examples of topics addressed by the proposed regulations. Right to Request to Exercise Personal Data Rights (Rule 4.02 – Rule 4.07; 6.11). of the proposed regulation requires “controllers” to establish “reasonable methods” to authenticate consumers who submit data rights requests.

Privacy

Privacy Personal data Data collection Compliance

Off to the Races: Comment Period for CPRA Proposed Regulations Begins

Data Matters

AUGUST 9, 2022

They include several real world examples informed by the California Office of the Attorney General’s (OAG) enforcement experiences over the last two years; indeed two of the most senior attorneys in charge of CCPA enforcement at the OAG—Stacey Schesser and Lisa Kim—played a significant role in drafting these regulations. 11 CCR § 7012(e)(6).

Privacy

Privacy Sales Analytics Compliance

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

ICO Releases COVID-19 Guidance for Re-Opening Workplaces

Hunton Privacy

JUNE 24, 2020

If the same result could be achieved without collecting personal information, further collection should be avoided. Data collection should be kept to a minimum and permanent records should not be created unless necessary. Employers should be transparent with staff as to how the data is going to be used.

Data collection

Data collection Privacy Security Personal data

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The GDPR applies to any organization that processes the personal data of European residents, regardless of where that organization is based. First, knowing what data the company has and how it is processed helps the organization better understand its compliance burdens. Consents cannot be bundled, either.

GDPR

GDPR Compliance Personal data Privacy

Belgian Data Protection Authority Releases Direct Marketing Recommendation

Hunton Privacy

FEBRUARY 25, 2020

With this Recommendation, the Belgian DPA aims to clarify the complex rules relating to the processing of personal data for direct marketing purposes, including by providing practical examples and guidelines to the different stakeholders involved in direct marketing activities. Purchase , Rental and Enrichment of Personal Data.

Marketing

Marketing Personal data GDPR Communications

How to prepare for the California Consumer Privacy Act

Thales Cloud Protection & Licensing

AUGUST 15, 2019

For example, data collected by an entity may not be associated with an individual but could identify a household. Also, entities under the CCPA must post a “Do Not Sell My Personal Information” link on their websites allowing consumers to easily exercise their right of opting-out. (4)

Privacy

Privacy GDPR Digital transformation Sales

Update of Japan’s Privacy Law Approved by Cabinet

HL Chronicle of Data Protection

MARCH 31, 2020

On Tuesday, March 10, the Japanese Cabinet approved a bill to revise the Act on the Protection of Personal Information (“APPI”), which would require companies to take certain additional measures to protect personal data of data subjects. This may apply to, for example, data collected through Internet cookies.

Privacy

Privacy Personal data Big data Data collection

Not every DNS traffic spike is a DDoS attack

IBM Big Data Hub

FEBRUARY 6, 2024

Here are a few examples of what we’ve seen and heard from DNS Insights users: “We’re being DDoS-ed by our own equipment” A company with over 90,000 remote workers was experiencing an extraordinarily high percentage of NXDOMAIN responses. “Which IP has been causing those high QPS records?”

Data collection

Data collection Access IT Security

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

A data controller is any organization, group or person that obtains personal data and determines how it is used. Returning to a previous example, a company collecting phone numbers for marketing purposes would be a controller. Data processing is any action done to data, including collecting, storing or analyzing it.

GDPR

GDPR Compliance Personal data Privacy

Italian Garante Fines Telecom Company 27.8 Million Euros for Unlawful Marketing Practices

Hunton Privacy

FEBRUARY 4, 2020

Furthermore, TIM’s data breach management and data processing system management were also considered insufficient by the Garante, in light of the Privacy by Design principle of the EU General Data Protection Regulation. Order to implement appropriate measures to facilitate the exercise of data subjects rights.

Marketing

Marketing Communications Data collection Data breaches

CHINA: important new developments in PRC data privacy regulations

DLA Piper Privacy Matters

OCTOBER 31, 2019

staff, data subjects, business partners etc.). Promotion of online mechanisms for users to exercise data subject rights (deletion, de-registration, access, correction, revoke consent etc.). Clarity that data controllers are liable for their data processors’ acts and omissions.

Data Privacy

Data Privacy Privacy Data collection Data breaches

Navigating China: The digital journey

DLA Piper Privacy Matters

NOVEMBER 5, 2019

staff, data subjects, business partners etc.). Promotion of online mechanisms for users to exercise data subject rights (deletion, de-registration, access, correction, revoke consent etc.). Clarity that data controllers are liable for their data processors’ acts and omissions. avoid excessive data collection).

Data collection

Data collection Data breaches Privacy Information Security

Convenience and Catastrophes of Self-Collection

eDiscovery Daily

NOVEMBER 5, 2020

As the number of employees working remotely has dramatically increased during the COVID-19 Pandemic, attorneys are looking to alternative solutions for data collection amid challenges of reduced budgets and limited access to workplace assets and staff.

Metadata

Metadata Data collection Risk Access

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Privacy and Cybersecurity Law

JULY 26, 2021

It is worth noting that, among other things, the Garante pointed out that the information notice was not dated and that the personal data processed were listed only on a ‘by way of example’ basis. The Garante also assessed the infringement of Article 5(1)(e) with respect to the retention of personal data. Retention period.

Personal data

Personal data GDPR e-Delivery Communications

ENISA Publishes Report on the Right to Be Forgotten

Hunton Privacy

DECEMBER 4, 2012

The report complements two earlier papers which focused on data collection and storage and online behavioral advertising , and focuses on the technical implications of the proposed General Data Protection Regulation’s new right to be forgotten.

Personal data

Personal data Information Security Data collection Paper

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Hunton Privacy

MARCH 17, 2017

verifying the data security measures implemented. The third step will be completed once organizations have implemented measures to protect data subjects concerned with their data processing activities and have identified those data processing activities that involve a privacy risk.

GDPR

GDPR Personal data Compliance Privacy

New Research Shows Why and How Zoom Could Become an Advertising Driven Business

John Battelle's Searchblog

APRIL 19, 2020

Until March of this year, Yuan was held up as an example of the best that global capitalism can offer – an ingenious immigrant who bootstrapped his way to America and leveraged hard work, smarts, and venture financing into a multi-billion dollar fortune. Figure 1 – Zoom’s Data Collection visualized.

Privacy

Privacy Data collection Marketing Communications

Article 29 Working Party Publishes Final Guidance on Data Protection Impact Assessments

Data Matters

OCTOBER 20, 2017

Systematic monitoring: for example an employee monitoring program. The risk is increased where: (i) the individual may not be aware who is collecting their data or how it will be used; or (ii) where it is difficult for the individual to avoid being subject to such processing if the monitoring is in a public space.

GDPR

GDPR Personal data Risk Data collection

Takeaways From CCPA Public Forums

Data Matters

FEBRUARY 12, 2019

Updating as needed additional categories of personal information to those enumerated in the bill in order to address changes in technology, data collection practices, obstacles to implementation, and privacy concerns. Code § 1798.185(a): Categories of Personal Information. Definition of Unique Identifiers. Exceptions.

Sales

Sales Privacy Data Privacy Compliance

Here’s the “eDisclosure” Systems Buyers Guide for 2019: eDiscovery Trends

eDiscovery Daily

MAY 5, 2019

Andrew says that Chapter 6 (the procurement Chapter) provides the “meat” of the document with example requirements for scanning, coding, data collection and litigation support services. So, for example, CloudNine (shameless plug warning!)

Data collection

Data collection Education Marketing IT

California Consumer Privacy Act: The Challenge Ahead – The Impact of the CCPA on Data-Driven Marketing and Business Models

HL Chronicle of Data Protection

NOVEMBER 30, 2018

For example, a website might only need 137 unique visitors from California per day to reach the threshold of 50,000 consumers. That website’s collection of data through cookies may be captured by the CCPA’s broad definition of personal information.

Marketing

Marketing Privacy Sales Compliance

Essential guidance for employers implementing COVID-19 measures at the workplace

Data Protection Report

SEPTEMBER 16, 2021

Examples of such additional costs include the costs of Stay-Home Notice accommodation that are incurred over and above those for vaccinated employees, the additional delays arising from prolonged SHN to be taken from existing leave entitlements etc.

Personal data

Personal data Data collection Risk Access

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

The terms “infer” and “inference” are defined as the derivation of information, data, assumptions or conclusions from facts, evidence or another source of information or data. As such, this could affect not only data used for profiling but the profiles derived as well. Right to Equal Service and Price.

GDPR

GDPR Privacy Sales Data breaches

GDPR is upon us: are you ready for what comes next?

Data Protection Report

MAY 23, 2018

These data subject rights are not new as similar rights were already in place before the GDPR in Europe (and most frequently exercised in the UK), but for organizations that are based outside the EU, this procedure may have been put in place for the first time and never put to test before. In principle, this is nothing new.

GDPR

GDPR Personal data Compliance Data breaches

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

The terms “infer” and “inference” are defined as the derivation of information, data, assumptions or conclusions from facts, evidence or another source of information or data. As such, this could affect not only data used for profiling but the profiles derived as well. Right to Equal Service and Price.

GDPR

GDPR Privacy Sales Data breaches

New China Guideline for Internet Personal Information Security Protection

Data Protection Report

DECEMBER 5, 2018

The MPS has long been involved in data security through its multi-level protection system under the Multi-Level Protection Measures, but it has not to date exercised a great deal of power over matters of personal information protection. The draft Guideline therefore represents the MPS’s most recent major foray into this area.

Information Security

Information Security Security Authentication Passwords

If I Go to a Protest, What Kinds of Personal Information Might Police Collect About Me? (important guest post)

Architect Security

SEPTEMBER 24, 2020

And when thousands of protesters are out on the street, the opportunity is ripe for law enforcement to not only surveil the scene but to collect personal information that it can then hold on to for a long time. We’ve seen examples here in the D.C. So your experience will depend on where you are.

Data collection

Data collection Paper Metadata Access

U.S. CLOUD Act and International Privacy

Data Protection Report

AUGUST 1, 2019

2523(b)(1)) Note that the Act expressly prohibits the executive agreement from creating “any obligation that providers be capable of decrypting data or limitation that prevents providers from decrypting data.” (18 The transfer of personal data is “necessary for the establishment, exercise or defence of legal claims.” (Art.

Cloud

Cloud Privacy e-Discovery Personal data

Fixing Data Breaches Part 2: Data Ownership & Minimisation

Troy Hunt

DECEMBER 19, 2017

I thought I'd check them out myself with my original plan being to read them and better understand what they were doing with people's data, until I discovered this: You need to absorb 21,498 words spread over 42 pages worth of Microsoft Word formatted document before using this service. Data Collection Should be Minimised, Not Maximisation.

Data breaches

Data breaches Personal data GDPR Data collection

FRANCE: THE CNIL PUBLISHES ITS DATA PRIVACY IMPACT ASSESSMENT (DPIA) GUIDELINES AND A LIST OF PROCESSING OPERATIONS SUBJECT TO A DPIA

DLA Piper Privacy Matters

NOVEMBER 19, 2018

In the continuity of this accompaniment, the CNIL published on November 6th 2018 its DPIA guidelines supplementing the G29 Working Party’s opinion on DPIA along with its DPIA list which gives concrete examples of data processing operations likely to result in a high risk. This concerns: Health data.

Data Privacy

Data Privacy IT GDPR Privacy

“Dark patterns?” EDPB draft guidance sets out its expectations on subliminal privacy eroding practices

Data Protection Report

MAY 3, 2022

The “dark patterns” highlighted in the Guidelines aim to influence users’ behaviour through content or visual presentation so that users make unintended and potentially harmful decisions regarding their personal data, for example, deciding to disclose more data than they otherwise planned or agreeing to limited protections of their data.

Privacy

Privacy IT GDPR Data collection

FTC Seeks Comments on Accountable Tech’s Petition for Rulemaking to Prohibit Surveillance Advertising

Hunton Privacy

JANUARY 6, 2022

In its petition, Accountable Tech cites President Biden’s Executive Order encouraging the FTC to use its rulemaking authority to establish rules that regulate “unfair data collection and surveillance practices that may damage competition, consumer autonomy, and consumer privacy.”

Marketing

Marketing Personal data Privacy Data collection

CCPA In-Depth Series: Draft Attorney General Regulations on Consumer Notice

Data Matters

OCTOBER 22, 2019

Of particular note, the regulations clarify that businesses generally do not have to provide notice “at or before the point of collection” if they are not collecting information directly from the consumer. This is the first introduction of a data collection prohibition in the CCPA. Right to Non-Discrimination.

Privacy

Privacy Sales Paper Compliance

One week into GDPR – what you need to know

Data Protection Report

JUNE 4, 2018

In statements, both companies defended their data collection practices, saying they fully complied with the new European regulations. In addition to these high-profile examples, we are aware that a number of data controllers saw a marked increase in requests from employees and customers seeking to exercise their new rights last week.

GDPR

GDPR Compliance Personal data Privacy

The path to embedded sustainability

IBM Big Data Hub

MARCH 26, 2024

How is sustainability managed—as an annual measuring exercise or an ongoing effort that supports business transformation? The study found companies were just “doing sustainability” or approaching sustainability as a compliance task or accounting exercise rather than a business transformation accelerator.

Energy and Utilities

Energy and Utilities Data collection Compliance Government

Sipping from the Coronavirus Domain Firehose

Krebs on Security

APRIL 16, 2020

“Looking at the data collected, the pattern of visits are highest on Monday and Friday, and the lowest visit count is on the weekend. Our data shows that there were virtually no customer hits on COVID-related domains prior to February 23.”

Phishing

Phishing Data collection Security Government

California Consumer Privacy Act: The Challenge Ahead — Data Mapping and the CCPA

HL Chronicle of Data Protection

SEPTEMBER 19, 2018

As part of our ongoing series on the CCPA and its implications, this post sets out key issues and questions to consider when contemplating a data mapping exercise. Mapping data accurately and efficiently can be challenging. But when done correctly, data mapping can deliver significant value. KEY DATA MAPPING QUESTIONS.

Privacy

Privacy Compliance GDPR Sales

California Privacy Protection Agency Officially Commences CPRA Rulemaking Process

Hunton Privacy

JULY 8, 2022

Below are key examples of topics the proposed regulations address. Data Minimization (Section 7002). Explicit consumer consent is required when a business uses PI for secondary purposes unrelated to, or incompatible with, the original purpose(s) at collection. Summary of Proposed Regulations.

Privacy

Privacy Sales Compliance Access

California Consumer Privacy Act: The Challenge Ahead – The CCPA’s Anti-Discrimination Clause

HL Chronicle of Data Protection

DECEMBER 12, 2018

Section 1798.125 of the CCPA prohibits a business from discriminating against California consumers for exercising certain rights under the law. d) suggesting that a consumer will receive a different price or quality of goods or services if the consumer exercises rights under the law. The Prohibition on Discrimination.

Privacy

Privacy Sales Compliance Data collection

California Consumer Privacy Act: The Challenge Ahead — Data Mapping and the CCPA

HL Chronicle of Data Protection

SEPTEMBER 19, 2018

As part of our ongoing series on the CCPA and its implications, this post sets out key issues and questions to consider when contemplating a data mapping exercise. Mapping data accurately and efficiently can be challenging. But when done correctly, data mapping can deliver significant value. KEY DATA MAPPING QUESTIONS.

Privacy

Privacy Compliance GDPR Sales

EU data governance regulation – A wave of digital, regulatory and antitrust reform begins – Part Two

Data Protection Report

DECEMBER 17, 2020

The DGR provides for a specific category of data intermediaries focusing exclusively on personal data and seeks to enhance individual agency and the individuals’ control over the data pertaining to them. Encouraging data altruism. What are data altruism organizations permitted to do? Is consent required?

Government

Government Personal data GDPR Access

The Burden of Privacy In Discovery

Data Matters

SEPTEMBER 29, 2021

Most of that focus has centered on data collection, storage, sharing, and, in particular, third-party transactions in which customer information is harnessed for advertising purposes. Could a party, for instance, decline to produce, review, or even collect certain types of data due to privacy concerns?

Privacy

Privacy e-Discovery Computer and Electronics e-Delivery

INTERIM EDPB GUIDANCE ON THE APPLICATION OF GDPR TO HEALTH RESEARCH

DLA Piper Privacy Matters

FEBRUARY 24, 2021

Against the backdrop of the ongoing pandemic, the EU Commission has exercised its right under Article 70 of the GDPR to request written advice from the EDPB on a number of issues relating to the application of the GDPR to health research.

GDPR

GDPR Personal data Data collection Paper

Big California Privacy News: Legislative and Enforcement Updates

Colorado AG Publishes Draft Colorado Privacy Act Rules

Webinars

Trending Sources

Off to the Races: Comment Period for CPRA Proposed Regulations Begins

Webinars

ICO Releases COVID-19 Guidance for Re-Opening Workplaces

How to implement the General Data Protection Regulation (GDPR)

Belgian Data Protection Authority Releases Direct Marketing Recommendation

How to prepare for the California Consumer Privacy Act

Update of Japan’s Privacy Law Approved by Cabinet

Not every DNS traffic spike is a DDoS attack

GDPR compliance checklist

Italian Garante Fines Telecom Company 27.8 Million Euros for Unlawful Marketing Practices

CHINA: important new developments in PRC data privacy regulations

Navigating China: The digital journey

Convenience and Catastrophes of Self-Collection

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

ENISA Publishes Report on the Right to Be Forgotten

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

New Research Shows Why and How Zoom Could Become an Advertising Driven Business

Article 29 Working Party Publishes Final Guidance on Data Protection Impact Assessments

Takeaways From CCPA Public Forums

Here’s the “eDisclosure” Systems Buyers Guide for 2019: eDiscovery Trends

California Consumer Privacy Act: The Challenge Ahead – The Impact of the CCPA on Data-Driven Marketing and Business Models

Essential guidance for employers implementing COVID-19 measures at the workplace

California Enacts Broad Privacy Laws Modeled on GDPR

GDPR is upon us: are you ready for what comes next?

California Enacts Broad Privacy Protections Modeled on GDPR

New China Guideline for Internet Personal Information Security Protection

If I Go to a Protest, What Kinds of Personal Information Might Police Collect About Me? (important guest post)

U.S. CLOUD Act and International Privacy

Fixing Data Breaches Part 2: Data Ownership & Minimisation

FRANCE: THE CNIL PUBLISHES ITS DATA PRIVACY IMPACT ASSESSMENT (DPIA) GUIDELINES AND A LIST OF PROCESSING OPERATIONS SUBJECT TO A DPIA

“Dark patterns?” EDPB draft guidance sets out its expectations on subliminal privacy eroding practices

FTC Seeks Comments on Accountable Tech’s Petition for Rulemaking to Prohibit Surveillance Advertising

CCPA In-Depth Series: Draft Attorney General Regulations on Consumer Notice

One week into GDPR – what you need to know

The path to embedded sustainability

Sipping from the Coronavirus Domain Firehose

California Consumer Privacy Act: The Challenge Ahead — Data Mapping and the CCPA

California Privacy Protection Agency Officially Commences CPRA Rulemaking Process

California Consumer Privacy Act: The Challenge Ahead – The CCPA’s Anti-Discrimination Clause

California Consumer Privacy Act: The Challenge Ahead — Data Mapping and the CCPA

EU data governance regulation – A wave of digital, regulatory and antitrust reform begins – Part Two

The Burden of Privacy In Discovery

INTERIM EDPB GUIDANCE ON THE APPLICATION OF GDPR TO HEALTH RESEARCH

Stay Connected