2023 has seen a flurry of general state privacy laws, with twelve (12) such laws now on the books. The next one to “go live,” on December 31, 2023, is the Utah Consumer Privacy Act (UCPA). With no general federal privacy law in sight, the state privacy landscape continues to get more crowded and challenging
Regulators
A New Consumer Personal Data Protection Law in Oregon
Q&A about the new Oregon consumer personal data protection law.
Continue Reading A New Consumer Personal Data Protection Law in Oregon
Digital Transformation – Regulator Issues $80 Million Penalty for Not Doing It Right
Digital transformation refers to the process of leveraging technology, people and processes to innovate or stay competitive. The main driver of this process is often data. For a vivid illustration see Data Never Sleeps, an infographic released by Domo, a leading business analytics company.
While executing digital transformation the right way can lead to…
Anthem Pays OCR $16 Million in Record-Breaking HIPAA Data Breach Settlement
The Office of Civil Rights (OCR) announced in a press release this week that Anthem, Inc. (Anthem), one of the nation’s largest health benefit companies, has agreed to pay $16 million and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. This settlement…
France – CNIL
France’s Commission Nationale de l’Informatique et des Libertés (“CNIL”) provides great tools and resources as well.
- CNIL recently updated its Privacy Impact Assessment (PIA) Guides which include application to connected objects, methodology, template and knowledge bases.
- CNIL also recently updated its PIA software tool in four languages that companies can use for compliance.
- CNIL provides
…
Germany – BfDI
Germany’s Bundesbeauftragte für den Datenschutz und die Informationsfreiheit published the Federal Data Protection Act to adapt GDPR. Germany provided some extensive guidance on GDPR here. Germany also publishes the standard data protection model, SDPM, in English on its site. Also available from the site are guidance materials about GDPR from the German Data…
UK ICO
The United Kingdom’s Information Commissioner’s Office (“ICO”) is a great resource for companies looking for clear DPA guidance. The ICO has provided a Guide to the GDPR which is very targeted and comprehensive as well as resources for organizations including several guides. Getting Ready For GDPR Resources is a nice package of information prepared by…
Article 29 Working Party
The European Commission – Data Protection links to the Article 29 Working Party Guidelines which supplement our understanding of GDPR:
- Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (wp251rev.01)
- Guidelines on Personal data breach notification under Regulation 2016/679 (wp250rev.01)
- Guidelines on the application and setting of administrative fines (wp253). In
…
European Commission – Data Protection
The European Commission – Data Protection provides links to EC data protection policies, information and services. The Commission provides the official GDPR text in multiple languages, describes the European Data Protection Board and its responsibilities, provides detailed guidance and resources on data transfers outside the EU, and some focused discussion of the changes to…
CNIL’s GUIDANCE FOR PROCESSORS – ANSWERS TO YOUR MOST PRESSING QUESTIONS
See European Regulation on the Protection of Personal Data Guide Sub-Contractor Edition, September 2017.
- Are you a contractor within the meaning of European Regulation on data protection?
- Are you subject to EU regulation on data protection?
- What is the main change introduced by the European regulation for contractors?
- What are your obligations as of
…
PIAs & DETERMINATION OF RISK UNDER GDPR – THE LATEST:
The Article 29 Working Party updated the Guidelines on PIAs and evaluation of risk guidance on October 4, 2017:
CNIL created a PIA Infography to outline the main principles. Keep…