Why Organizations Need to Start Implementing Data Minimization

When the European Union (EU) enacted the General Data Protection Regulation (GDPR) on May 2, 2018, the world was introduced to the concept of data minimization. According to Article 5 of the GDPR, data minimization means “personal data shall be…

Read More
PIPL

China’s Personal Information Protection Law: Key Takeaways

On August 20, 2021, China’s first comprehensive Personal Information Protection Law (“PIPL”) was passed into law. The Cybersecurity Law, the Data Security Law, and the PIPL of China are the three pillars of China’s data protection framework, which govern cybersecurity, data security, and personal information protection respectively. The Cybersecurity Law largely governs cybersecurity requirements for Critical Information Infrastructure operators…
Read More
UK

UK Proposes Reforms to Data Protection Laws

On 10 September 2021, the UK Government’s Department for Digital, Culture, Media, and Sport (DCMS) published its long-awaited proposals for reform of the country’s data protection laws. The consultation paper includes a detailed and comprehensive set of suggested amendments to the UK GDPR, Data Protection Act 2018, and Privacy and Electronic Communications Regulations (PECR), with…
Read More
Cookies

French Regulator Cracks Down on Cookies

In June, the CNIL–France’s regulatory body for data privacy and protection–issued notices of noncompliance to approximately 40 companies that had failed to align with the CNIL’s guidelines on cookies, which were adopted October 1, 2020. In a followup report issued this week, September 14, the CNIL reported that 80 percent of noncompliant companies have since…
Read More
Privacy Law

Colorado Privacy Act: Another Piece to the Data Privacy Puzzle

Introduction Privacy laws have entered the compliance world by storm and are quickly changing data privacy practices. The most recent state, Colorado, passed the Colorado Privacy Act (CPA) into law on July 7, 2021. This new act follows California’s Consumer Privacy Act (CCPA) but calls out several additional rights, actions, and policies. The CPA pulls…
Read More
Cybersecurity

The 3 Biggest Mistakes the Board can Make around Cybersecurity

Although the topic of cybersecurity is now definitely on the board’s agenda in most organizations, it is rarely a fixed item. More often than not, it makes appearances at the request of the Audit & Risk Committee or after a question from a non-executive director, or – worse – in response to a security incident…
Read More
Securities Exchange Commission

Switzerland and United Kingdom Issue Guidance for Data Transfers to SEC 

Businesses and organizations registered with the U.S. Securities and Exchange Commission are often required to share personally identifiable information (PII) with the regulatory body.  But for entities that have operations outside of the U.S., complying with SEC requests has created a legal conundrum since the European Court of Justice’s Schrems 2.0 ruling–which invalidated the EU-U.S.…
Read More
Consumer Data

Deleting Data: A Guide

Of the many consumer rights established by the ever-expanding crop of data privacy legislation, the right to deletion is one of the ones you’ll see the most. Although different laws may have slightly different variations of the right, the general sentiment remains consistent – consumers have the right to have their personal data deleted from…
Read More
Back To Top