Tag Archives: privacy

New requirements for Singapore banks to include provisions in service contracts on protection of customer data

On 4 November 2019, Singapore’s Parliament published a draft amendment to the Banking Act. Under the amendment, all banks will be required to evaluate the ability of their service providers (whether these be a branch or office, or an external party) to: (a) safeguard the confidentiality and integrity, and ensure the availability, of the banks’ … Continue Reading

Updated draft of ePrivacy Regulation – Finnish presidency of the Council of the EU aims for final text by the end of the year

The Finnish presidency of the Council of the EU (Finnish Presidency) released an updated draft of the Regulation on Privacy and Electronic Communications (ePrivacy Regulation) on October 30, 2019 (available here). The Working Party on Telecommunications and Information Society (WP TELE) will discuss the new draft at its meeting on November 7, 2019. Amendments put … Continue Reading

ICO blogs on AI and data subject rights

On 15 October 2019, the Information Commissioner’s Office (ICO) released the latest in its series of blogs on developing its framework for auditing artificial intelligence (AI). The blog (here) focuses on AI systems and how data subjects can exercise their rights of access, rectification and erasure in relation to such systems. Below, we summarise some … Continue Reading

At odds no more: can regulatory collaboration bring innovation and data privacy closer together?

In July 2019, the UK’s Financial Conduct Authority (FCA) held a week-long Global Anti-Money Laundering and Financial Crime TechSprint (FCA TechSprint) event. The FCA TechSprint looked at ways to effectively combat financial crime and money laundering within the financial services industry. On 16 October 2019, the Information Commissioner’s Office (ICO) released a blog (here) that … Continue Reading

Courts continue to consider intersection of Fourth Amendment and technology: without a warrant, retrieval of car’s electronic data unconstitutional, but surveillance on hunting property permissible

The Fourth Amendment has received significant attention in recent court rulings involving surveillance, electronic data retrieval, and other types of technology. Two rulings issued on October 21, 2019 demonstrate how difficult it can be to anticipate the outcome of Fourth Amendment disputes relating to technology. In one, the Georgia Supreme Court found the warrantless search … Continue Reading

California attorney general issues draft CCPA regulations

On October 10, 2019, California Attorney General Xavier Becerra issued proposed regulations implementing and interpreting the California Consumer Privacy Act (CCPA). The draft regulations address privacy policies, consumer notices, practices for handling consumer requests, ways to verify consumer requests, requirements regarding minors, and rules governing nondiscrimination practices. The regulations are currently in draft form, with … Continue Reading

With latest lawsuit, New York attorney general continues to demand cybersecurity compliance

In a continued pursuit for cybersecurity compliance, New York Attorney General (AG) Letitia James has sued Dunkin’ Brands, Inc. (franchisor of Dunkin’ Donuts) over two data breaches in 2015 and 2018, accusing the company of mishandling a series of cyberattacks that together compromised more than 320,000 customer accounts. In the complaint filed last week, AG … Continue Reading

A new California privacy initiative seeks to further bolster individual privacy rights

Another potentially groundbreaking California ballot initiative has been announced, just as companies began to digest and incorporate the amendments to the California Consumer Privacy Act (CCPA) into their compliance plans and learned the draft CCPA regulations will be issued by the California Attorney General in October. Last week, the primary advocate for and co-architect of … Continue Reading

Artificial intelligence: ICO considers security risks and the need for a new legal framework

On 12 September 2019, the Committee of Ministers of the Council of Europe announced that an Ad hoc Committee on Artificial Intelligence (CAHAI) will be set up to consider the feasibility of a legal framework for the development, design and application of Artificial intelligence (AI). On the same day, the United Kingdom’s data protection supervisory … Continue Reading

Last minute amendments likely finalize CCPA language for January 1 deadline.

Late last week, the California legislature approved five bills intended to clarify the scope and required compliance obligations of the California Consumer Privacy Act (CCPA or the Act). Organizations now have just over three months to determine whether they need to comply with the newly amended CCPA, assess what their obligations are, and implement the … Continue Reading

Update on ePrivacy Regulation: “Current draft does not guarantee high level of protection and cannot be supported”, German government states

In its response dated 3 July 2019 (Response; file no. 19/11351, available in German here) to an inquiry by members of the German parliament (Inquiry), the German government took stand on the current draft Regulation on Privacy and Electronic Communications (ePrivacy Regulation), and particularly on “tracking”. The German government summarises its assessment of the ePrivacy … Continue Reading

The facial scan that launched a thousand laws: biometric privacy legislation trend continues to grow nationwide

Many states are following in the footsteps of Illinois’ Biometric Information Privacy Act (BIPA), a law that has led to an increase in the volume of class action privacy litigation and highlighted the importance of enterprise-level management of biometric data (e.g., fingerprint, voiceprint, and retina, facial, or iris image). Organizations that collect and use biometric … Continue Reading

Privacy and data protection: What you need to know in case of a no-deal Brexit

The UK’s new prime minister, Boris Johnson, has vowed that the UK will leave the EU on October 31, 2019. A unilateral (or “hard”) Brexit poses many privacy and data protection challenges for companies that operate in the UK.  Post-Brexit privacy and data protection issues that you need to consider include: how to maintain uninterrupted … Continue Reading

New York enacts new security and identity theft protection laws in response to recent data breaches

On July 25, 2019, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security (SHIELD) Act (S.5575B/A.5635), which significantly increases obligations for businesses handling private data to notify affected consumers upon experiencing a security breach. Additionally, Governor Cuomo signed the Identity Theft Prevention and Mitigating Services Act (A.2374/S.3582), requiring … Continue Reading

$5 billion Federal Trade Commission settlement with Facebook represents largest privacy enforcement penalty ever

The Federal Trade Commission’s (FTC) recent $5 billion settlement with Facebook is unprecedented in multiple respects: The $5 billion penalty represents the largest privacy and data security settlement in history – it is almost 20 times larger than the recent Equifax Inc. settlement and dwarfs recent EU data protection enforcement actions. As part of the … Continue Reading

Equifax agrees to enhanced security and privacy measures and will pay states and the Consumer Financial Protection Bureau at least $575 million to resolve multistate investigation of 2017 data breach.

The recently announced multistate settlement between credit reporting company Equifax Inc. and the Attorneys General of 48 states, Puerto Rico, and the District of Columbia (the AGs) demonstrates the increasingly active role of state regulators in policing the privacy and security practices of businesses that handle consumers’ personal information. The multistate settlement is part of … Continue Reading

U.S. Chamber of Commerce assembles key stakeholders to discuss data privacy

The U.S. Chamber of Commerce (the “Chamber”) recently hosted a data privacy summit, “#DataDoneRight”, which brought together a group of industry professionals, government stakeholders, and privacy thought leaders to talk about data privacy. The Chamber, which has proposed federal privacy legislation, engaged a wide variety of speakers, covering multiple viewpoints, to demonstrate the need for … Continue Reading

GA AG Carr talks data privacy at U.S. Chamber of Commerce

The U.S. Chamber of Commerce last week gathered a diverse, bipartisan group of policymakers, regulators, industry representatives and thought leaders to discuss all things data privacy at #DataDoneRight, its 2019 privacy summit. Topics included the California Consumer Privacy Act, the possibility of federal privacy legislation and working with privacy regulators, and the summit featured a … Continue Reading

State AGs continue to consider new ways to protect data privacy

As states’ “top cops,” one of the primary responsibilities of state attorneys general (AGs) is consumer protection, and more and more AGs are focusing on how to protect consumer data privacy. Discussions at the recent Conference of Western Attorneys General (“CWAG”) Annual Meeting in Santa Barbara reflect this focus and demonstrate that state enforcers are … Continue Reading

Nevada and Oregon expand their data privacy laws

May was a busy month for state privacy law updates and amendments. In addition to amendments made by Texas to its breach notification law, both Oregon and Nevada expanded their privacy-related laws this month, while Illinois’s CCPA-like law failed to pass after a variety of amendments related to whether the law would allow for a … Continue Reading

FTC and DC Attorney General’s office discuss federal and state privacy trends at Reed Smith

On May 21, 2019, representatives of the Federal Trade Commission (FTC) and the Office of DC Attorney General (AG) Karl Racine visited Reed Smith to discuss data privacy trends to watch at the federal and state level. In an IAPP KnowledgeNet presentation moderated by Reed Smith partner Divonne Smoyer, Maneesha Mithal (associate director of the … Continue Reading

New OCR fact sheet clarifies HIPAA liability for business associates

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released a fact sheet clarifying violations of HIPAA (Health Insurance Portability and Accountability Act of 1996) for which a business associate can be held directly liable. The fact sheet outlines 10 specific circumstances for which OCR has authority to take enforcement … Continue Reading

Data portability and other initiatives introduced in Singapore to promote innovation and strengthen accountability

On May 22, 2019, Singapore’s Personal Data Protection Commission introduced three new initiatives: a)   A public consultation on data portability. The corresponding consultation paper also proposes to introduce data innovation provisions as part of the ongoing review of the Personal Data Protection Act (PDPA). The consultation is open for six weeks and will close on … Continue Reading

California lawmakers propose new CCPA amendments that address major concerns of the business community while preserving the privacy law

Last week, the California Assembly’s Committee on Privacy and Consumer Protection, which exercises jurisdiction over privacy and personal information protection matters, approved several amendment bills intended to clarify and narrow the scope of the California Consumer Privacy Act (CCPA or the Act). In January 2020, the CCPA will impose landmark burdens and obligations on businesses … Continue Reading
LexBlog