Is Traceability a Privacy Concern? Dissecting the India-WhatsApp Feud

Earlier this year, India’s Ministry of Electronics & IT (MEITY) announced new guidelines for popular social media companies such as Facebook, Twitter, and Google. The new policy dictates, among other things, that the companies will be required to acknowledge and comply with India’s takedown requests of “unlawful, misinformation, and violent content within 24 hours.” India…

Read more

Swipe on, Swipe off: Key Fobs are Gathering Your Data and How the New York Tenant Data Privacy Act Looks to Help

A New York City law will regulate how landlords may gather and use their tenants’ data. This law is the first of its kind to create duties and responsibilities for building owners in how they must manage data and information gathered through smart access devices. Convenience vs Privacy In the ongoing tug-of-war between personal convenience…

Read more
Data minimization

More Data, More Problems:Why Data Minimization should be a first step before De-identification,Anonymization or similar methods.

Data minimization can shrink a company’s data footprint which lessens the impact of a data breach on businesses and consumers alike. Data minimization is a practice business must put in place, even if they are already using another strategy to prevent identification of stored personal data. Minimization is more than a best practice; it is a standard that allows companies to show due diligence and a commitment to protecting consumer data.

Read more
Data Governanace and minimization

The Barbarians Are Already though the Gate: Why Data Governance and Data Minimization are necessary to protect consumer data

The Colonial Pipeline ransomware attack, the Solarwinds Breach, and other recent attacks have made one thing abundantly clear; threats from malware, ransomware, and phishing are an inevitability. So long as hackers can make money from cyber attacks, there will be a palpable threat to every company, school, and government system. The response to cyber attacks…

Read more

Action or No Action: Data Privacy “Private Right of Action” Debate in Washington and Florida, Explained

For the third year in a row Washington’s State Legislature has failed to pass a comprehensive consumer data privacy law. During this year’s legislative session, versions of the Washington Privacy Act were finally passed in both the house and the senate. As in 2019 and 2020, however, these bills failed to become law after the…

Read more

How Accurate Is Your Record of Processing Activities (RoPA)? The First Step for Your Data Privacy Program, Explained

Article 30, on Processing Record keeping, is one of the most important GDPR obligations companies need to understand. Article 30 requires companies to keep a detailed record of all activities related to the processing of personal data, also known as a Record of Processing Activities (RoPA). While a RoPA is only required under GDPR, it…

Read more

Are fines enough? FTC Disgorgement penalties for privacy violations, explained

On January 11, 2021 the Federal Trade Commission (FTC) issued a Consent Order that has major implications for data privacy enforcement. In the Matter of Everalbum, Inc. involved misrepresentations made by operators of a photo storage application. After an FTC investigation, the agency and Everalbum came to an agreement which would require deletion of misused…

Read more

Virginia is for Privacy Lovers: Comparing Virginia’s CDPA to California’s CCPA

In the absence of comprehensive federal legislation on the topic, states have taken it upon themselves to protect consumer’s information in our increasingly data driven world. On February 5, 2021, the Virginia Senate passed the Virginia Consumer Data Protection Act (“CDPA”). If signed by Governor Northam, CDPA would be the second comprehensive state-level consumer data…

Read more

The Kids Are (Not) Alright in Pandemic: Children’s Online Privacy under COPPA, FERPA, and More

The Kids Are (Not) Alright in Pandemic: Children’s Online Privacy under COPPA, FERPA, and MoreChildren born in the 21st Century have never experienced a world without the internet. The world wide web is ubiquitous in most young people’s lives. Ninety-two percent of US children now have an online presence before they turn 2 years old.…

Read more
Storage Wars: The Pros and Cons of Data Localization

Storage Wars: The Pros and Cons of Data Localization/Nationalization

Countries are pushing towards data localization to protect their citizens’ data in the connected world. Also known as data nationalization, the interest stems from countries wanting to ensure the cybersecurity and privacy of their citizens’ personal information from global companies and foreign governments, especially adversaries. Nations seek to establish virtual borders and retain legal control…

Read more

Staying in the Clear: Employee and B2B Data Obligations in CCPA

Focus and Context The California Consumer Privacy Act (“CCPA”) and the potential amendment California Privacy Rights Act (“CPRA”) are consumer-focused legislations. CCPA provides for two exemptions, one for employee personal information and another for business-to-business organizations (“B2B exemption”) thus, leaving holes to be filled by a future employee and B2B focused legislation. The exemptions were…

Read more

NYCRR 500: New York’s Cybersecurity Requirements for Financial Services

  Introduction In the aftermath of the multiple data breaches, the New York Department of Financial Services (DFS) created 23 NYCRR 500 establishing cybersecurity requirements for financial services companies. Effective March 1, 2017, this regulation is designed to promote the protection of customer information as well as the information technology systems of regulated entities. The…

Read more

Delaware Insurance Data Security Act Summary

Delaware’s Insurance Data Security Act (the “Act”) requires all regulated insurance companies licensed in Delaware to follow new data security and notification requirements. This article summarizes Delaware’s adaptation of the NAIC Insurance Data Security Model Law. Mission: To protect Delaware residents and insurance companies licensed to do business in Delaware from data breaches. The law requires…

Read more

Indiana Insurance Data Security Amendment to State Insurance Code

Effective July 1, Indiana added a new section to the Indiana Insurance Code (the “Act”) that covers Insurance Data Security. The changes require all regulated insurance companies licensed in Indiana to follow new data security and notification requirements. This article summarizes Indiana’s adaptation of the NAIC Insurance Data Security Model Law into the state insurance code.…

Read more

Virginia Insurance Data Security Act Summary

  Effective July 1, Virginia’s Insurance Data Security Act (the “Act”) requires all regulated insurance companies licensed in Virginia to follow new data security and notification requirements. This article summarizes Virginia’s adaptation of the NAIC Insurance Data Security Model Law. Basic Requirements: Maintain the security of information systems and non-public information Promptly Investigate cybersecurity events Notify Individuals of cybersecurity events Notify the Commissioner of…

Read more

Fill out the form below to download our Data Sheet and Data Minimization Article