Perspective: The CCPA needs clarity; here's how

(Mar 22, 2019) Mary Stone Ross was one of the original proponents and co-authors of the California ballot initiative that eventually became the California Consumer Privacy Act. Like many other professionals in the privacy world, her path to privacy was not typical. She once worked as an officer at the U.S. Central Intelligence Agency and on the House Intelligence Committee. But it was her shared vision that helped lead to a paradigm-shifting privacy law in the U.S. However, as she points out in this post for P... Read More

Mary Stone Ross: The CCPA needs clarification

(Mar 22, 2019) My name is Mary Stone Ross. I was one of the original proponents and a co-author of the initiative that became the California Consumer Privacy Act, although I am no longer affiliated with Californians for Consumer Privacy. I do not have the typical privacy advocate background. Previously, I served as a Central Intelligence Agency officer and later as counsel on the House Intelligence Committee. In that role, one of our responsibilities was to provide oversight over another surveillance program ... Read More

DC attorney general proposes expansion of data breach notification law

(Mar 22, 2019) District of Columbia Attorney General Karl Racine released a proposal to expand the city’s data breach notification law to cover taxpayer identification numbers, genetic information, DNA profiles, military identification data and other types of information, Bloomberg Law reports. The Security Breach Protection Amendment Act would also give the attorney general’s office more enforcement authority over tech companies that fail to report data breaches. “Data breaches and identity theft continue to ... Read More

Lawmakers, advocates debate over Washington Privacy Act

(Mar 22, 2019) The debate over the strengths and weaknesses of the Washington Privacy Act has begun to swirl, Crosscut reports. Privacy advocates are concerned the state bill does not protect citizens on the level of the California Consumer Privacy Act and EU General Data Protection Regulation. Center for Democracy & Technology Policy Counsel Joseph Jerome, CIPP/US, expressed his issues with the bill’s take on de-identification, while others are wary of the involvement of tech companies in the creation of ... Read More

CIPL releases white paper on 10 principles for US privacy framework

(Mar 22, 2019) The Centre for Information Policy Leadership released a white paper titled the “Ten Principles for a Revised U.S. Privacy Framework,” according to a post from Hunton Andrews Kurth's Privacy & Information Security Law Blog. The CIPL offers the principles it believes should be implemented into a federal privacy framework to protect consumers and ensure the responsible use of information. The group’s principles for a U.S. framework focus on accountability, innovative and contextual transparency... Read More

UCLA Health reaches $7.5M data breach settlement

(Mar 22, 2019) HealthITSecurity reports that UCLA Health has reached a $7.5 million settlement over its May 2015 health data breach. The settlement will be divided between providing $2 million toward unreimbursed loss and preventative measure claims, while the remaining $5.5 million will fund a cybersecurity enhancement fund. As part of the settlement, UCLA Health will update its cybersecurity practices and policies, and the 4.5 million current and former patients affected by the breach can receive up to $5,00... Read More

Recapping the EDPB's GDPR enforcement overview

(Mar 22, 2019) Last month, the European Data Protection Board released its first overview of the implementation and enforcement of the General Data Protection Regulation and the roles and means of the national supervisory authorities. The report indicates that the GDPR cooperation and consistency mechanisms are working quite well in practice due to the EDPB and national supervisory authorities’ ongoing efforts to facilitate collaboration and communication. Graham Blyth, CIPP/US, recaps the EDPB release in this... Read More

Saskatchewan privacy commissioner advises ministry to manage backup tapes

(Mar 22, 2019) The Office of the Saskatchewan Information and Privacy Commissioner has advised the Ministry of Central Services to create a plan to manage the thousands of backup tapes government agencies have used to copy information, Saskatoon StarPhoenix reports. The privacy commissioner’s report centers on the “critical data” Central Services placed on the backup tapes, as well as an assessment of how the Freedom of Information and Protection of Privacy Act applies to the information. Saskatchewan Informat... Read More

Australia pairs new data protection guidelines with current laws

(Mar 21, 2019) Government agencies in Australia don’t expect to see updated data protection legislation by May’s federal elections, but the Morrison government is bridging the gap, The Mandarin reports. Human Services and Digital Transformation Minister Michael Keenan has released interim guidance for federal agencies from the Office of the National Data Commissioner. The Sharing Data Safely guidelines work with current privacy legislation and operate without the force of law. Keenan notes the data each agency... Read More

Malaysian government reviewing PDPA

(Mar 21, 2019) Malaysiakini reports the Personal Data Protection Department of Malaysia’s Communications and Multimedia Ministry is reviewing the country’s Personal Data Protection Act, which places further responsibilities and requirements on businesses as it relates to the personal data of their employees, suppliers and customers. According to Minister Gobind Singh Deo, the review focuses on “the need for effective and efficient implementation of the PDPA.” The evaluation aims to update the act and streamlin... Read More