“Sorry, We Don’t Accept MasterCard Here” India’s Ban On Credit Card Companies Over Data Localization

A two-horse buggy is pulling the movement for data localization. The first horse is a need for national privacy and security; the second horse is data monetization. With large-scale data breaches filling the newsfeed, people have become concerned about their data getting into the hands of the wrong people. Data localization can help countries and companies secure and protect collected data as localization allows for easier data monitoring. The other side of the coin is commerce from data sales. Data brokers generate revenue from the sale of personal information, and data localization can be a method for countries and companies to regulate who has access to their data and prevent people from selling the data. As countries start to require data localization, companies must be mindful of the practice and how to implement it, or possibly face a ban.

Read more

A Privacy Guide for Businesses to Comply with Singapore’s Personal Data Protection Act (PDPA)

Singapore’s Personal Data Protection Act (PDPA) regulates the collection, use, and disclosure of personal data. Personal data under the PDPA is data, whether true or not, that can be used to identify an individual. The PDPA creates rights for individuals in the handling of their personal information while also requiring organizations to safeguard the data…

Read more

Privacy Beyond Compliance: A Business Driver to Gain Consumer Trust and Increase Sales

“Organizations with more mature privacy practices are getting higher business benefits than average and are much better equipped to handle new and evolving privacy regulations around the world”  – Cisco Consumer Privacy Survey, 2021 Data is the new gold rush, but not at the cost of consumer privacy The greatest modern commodity is no longer…

Read more

A Quick Guide To Consumer Privacy Laws (CCPA/CDPA/CPA) and HIPAA Exemptions For Healthcare Providers

Primer on U.S. Healthcare Laws: HIPAA: The Health Insurance Portability and Accountability Act (HIPAA) establishes national standards to protect individual’s medical records and other personal health information. HIPAA lays out the appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures that may be made of…

Read more

Is Traceability a Privacy Concern? Dissecting the India-WhatsApp Feud

Earlier this year, India’s Ministry of Electronics & IT (MEITY) announced new guidelines for popular social media companies such as Facebook, Twitter, and Google. The new policy dictates, among other things, that the companies will be required to acknowledge and comply with India’s takedown requests of “unlawful, misinformation, and violent content within 24 hours.” India…

Read more

Swipe on, Swipe off: Key Fobs are Gathering Your Data and How the New York Tenant Data Privacy Act Looks to Help

A New York City law will regulate how landlords may gather and use their tenants’ data. This law is the first of its kind to create duties and responsibilities for building owners in how they must manage data and information gathered through smart access devices. Convenience vs Privacy In the ongoing tug-of-war between personal convenience…

Read more
Data minimization

More Data, More Problems:Why Data Minimization should be a first step before De-identification,Anonymization or similar methods.

Data minimization can shrink a company’s data footprint which lessens the impact of a data breach on businesses and consumers alike. Data minimization is a practice business must put in place, even if they are already using another strategy to prevent identification of stored personal data. Minimization is more than a best practice; it is a standard that allows companies to show due diligence and a commitment to protecting consumer data.

Read more
Data Governanace and minimization

The Barbarians are Already Through the Gate: Why Data Governance and Data Minimization are Necessary to Protect Consumer Data

The Colonial Pipeline ransomware attack, the Solarwinds Breach, and other recent attacks have made one thing abundantly clear; threats from malware, ransomware, and phishing are an inevitability. So long as hackers can make money from cyber attacks, there will be a palpable threat to every company, school, and government system. The response to cyber attacks…

Read more

Action or No Action: Data Privacy “Private Right of Action” Debate in Washington and Florida, Explained

For the third year in a row Washington’s State Legislature has failed to pass a comprehensive consumer data privacy law. During this year’s legislative session, versions of the Washington Privacy Act were finally passed in both the house and the senate. As in 2019 and 2020, however, these bills failed to become law after the…

Read more

How Accurate Is Your Record of Processing Activities (RoPA)? The First Step for Your Data Privacy Program, Explained

Article 30, on Processing Record keeping, is one of the most important GDPR obligations companies need to understand. Article 30 requires companies to keep a detailed record of all activities related to the processing of personal data, also known as a Record of Processing Activities (RoPA). While a RoPA is only required under GDPR, it…

Read more

Are fines enough? FTC Disgorgement penalties for privacy violations, explained

On January 11, 2021 the Federal Trade Commission (FTC) issued a Consent Order that has major implications for data privacy enforcement. In the Matter of Everalbum, Inc. involved misrepresentations made by operators of a photo storage application. After an FTC investigation, the agency and Everalbum came to an agreement which would require deletion of misused…

Read more

Virginia is for Privacy Lovers: Comparing Virginia’s CDPA to California’s CCPA

In the absence of comprehensive federal legislation on the topic, states have taken it upon themselves to protect consumer’s information in our increasingly data driven world. On February 5, 2021, the Virginia Senate passed the Virginia Consumer Data Protection Act (“CDPA”). If signed by Governor Northam, CDPA would be the second comprehensive state-level consumer data…

Read more

The Kids Are (Not) Alright in Pandemic: Children’s Online Privacy under COPPA, FERPA, and More

The Kids Are (Not) Alright in Pandemic: Children’s Online Privacy under COPPA, FERPA, and MoreChildren born in the 21st Century have never experienced a world without the internet. The world wide web is ubiquitous in most young people’s lives. Ninety-two percent of US children now have an online presence before they turn 2 years old.…

Read more
Storage Wars: The Pros and Cons of Data Localization

Storage Wars: The Pros and Cons of Data Localization/Nationalization

Countries are pushing towards data localization to protect their citizens’ data in the connected world. Also known as data nationalization, the interest stems from countries wanting to ensure the cybersecurity and privacy of their citizens’ personal information from global companies and foreign governments, especially adversaries. Nations seek to establish virtual borders and retain legal control…

Read more

Staying in the Clear: Employee and B2B Data Obligations in CCPA

Focus and Context The California Consumer Privacy Act (“CCPA”) and the potential amendment California Privacy Rights Act (“CPRA”) are consumer-focused legislations. CCPA provides for two exemptions, one for employee personal information and another for business-to-business organizations (“B2B exemption”) thus, leaving holes to be filled by a future employee and B2B focused legislation. The exemptions were…

Read more

NYCRR 500: New York’s Cybersecurity Requirements for Financial Services

  Introduction In the aftermath of the multiple data breaches, the New York Department of Financial Services (DFS) created 23 NYCRR 500 establishing cybersecurity requirements for financial services companies. Effective March 1, 2017, this regulation is designed to promote the protection of customer information as well as the information technology systems of regulated entities. The…

Read more

Delaware Insurance Data Security Act Summary

Delaware’s Insurance Data Security Act (the “Act”) requires all regulated insurance companies licensed in Delaware to follow new data security and notification requirements. This article summarizes Delaware’s adaptation of the NAIC Insurance Data Security Model Law. Mission: To protect Delaware residents and insurance companies licensed to do business in Delaware from data breaches. The law requires…

Read more

Indiana Insurance Data Security Amendment to State Insurance Code

Effective July 1, Indiana added a new section to the Indiana Insurance Code (the “Act”) that covers Insurance Data Security. The changes require all regulated insurance companies licensed in Indiana to follow new data security and notification requirements. This article summarizes Indiana’s adaptation of the NAIC Insurance Data Security Model Law into the state insurance code.…

Read more

Virginia Insurance Data Security Act Summary

  Effective July 1, Virginia’s Insurance Data Security Act (the “Act”) requires all regulated insurance companies licensed in Virginia to follow new data security and notification requirements. This article summarizes Virginia’s adaptation of the NAIC Insurance Data Security Model Law. Basic Requirements: Maintain the security of information systems and non-public information Promptly Investigate cybersecurity events Notify Individuals of cybersecurity events Notify the Commissioner of…

Read more

Fill out the form below to download our Data Sheet and Data Minimization Article