Last month, Senators introduced two bills aimed at increasing privacy protections for consumers. The Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act would authorize the Federal Trade Commission (FTC) to promulgate regulations that improve consumer control over how data is collected and used. The second piece of legislation, known as the Social Media… Continue reading New Privacy Legislation Introduced in the U.S. Senate
Recently passed amendments to Oregon’s Consumer Identity Theft Protection Act take effect on June 2, 2018. One of the most significant changes is to require notice to consumers, and Oregon’s Attorney General if the breach impacts more than 250 consumers, “not later than 45 days after discovering or receiving notification of the breach of security.”… Continue reading Oregon’s New Breach Notification Deadline
One of the most talked-about provisions in the GDPR is a new 72-hour breach notification requirement. Article 33 of the GPDR mandates that “in the case of a personal data breach, data controllers shall without undue delay” notify the supervisory authority “not later than 72 hours after having become aware of” the breach. The Article… Continue reading 72-Hour Breach Notification Rule
The GDPR generally prohibits data transfers to non-EU countries unless the data can expect an “adequate level of protection” abroad. The GDPR provides various mechanisms for permitting data transfers and establishes a clear hierarchy among those mechanisms. The first is whether there is an adequate level of protection in place. If there is no adequate… Continue reading Cross-Border Transfers under the GDPR
Assuming your business activities fall within the territorial scope of the GDPR, you may be required to designate a Data Protection Officer (DPO). A DPO may be an employee or designated outside service provider who has expert knowledge of data protection law and practices. The DPO’s job is to inform and advise the company of… Continue reading Do You Need A DPO?
This month, Tracking Data will be covering the EU’s General Data Protection Regulation (GDPR), which was adopted on April 27, 2016 and goes into effect on May 25, 2018. The GDPR defines a broad set of rights and principles governing the protection of EU data subjects. These rights include the right to access one’s personal… Continue reading March Is GDPR Awareness Month
Last week the U.S. Securities and Exchange Commission (SEC) published new cybersecurity guidance for public companies. The guidance reinforces and expands upon a 2011 SEC publication, and highlights two additional topics: (1) the importance of robust cybersecurity disclosure policies and procedures and (2) the application of insider trading prohibitions in the cybersecurity context. Disclosure Controls and… Continue reading SEC Issues Interpretive Guidance on Cybersecurity Disclosures