Perspective: The CCPA needs clarity; here's how

(Mar 22, 2019) Mary Stone Ross was one of the original proponents and co-authors of the California ballot initiative that eventually became the California Consumer Privacy Act. Like many other professionals in the privacy world, her path to privacy was not typical. She once worked as an officer at the U.S. Central Intelligence Agency and on the House Intelligence Committee. But it was her shared vision that helped lead to a paradigm-shifting privacy law in the U.S. However, as she points out in this post for P... Read More

Mary Stone Ross: The CCPA needs clarification

(Mar 22, 2019) My name is Mary Stone Ross. I was one of the original proponents and a co-author of the initiative that became the California Consumer Privacy Act, although I am no longer affiliated with Californians for Consumer Privacy. I do not have the typical privacy advocate background. Previously, I served as a Central Intelligence Agency officer and later as counsel on the House Intelligence Committee. In that role, one of our responsibilities was to provide oversight over another surveillance program ... Read More

DC attorney general proposes expansion of data breach notification law

(Mar 22, 2019) District of Columbia Attorney General Karl Racine released a proposal to expand the city’s data breach notification law to cover taxpayer identification numbers, genetic information, DNA profiles, military identification data and other types of information, Bloomberg Law reports. The Security Breach Protection Amendment Act would also give the attorney general’s office more enforcement authority over tech companies that fail to report data breaches. “Data breaches and identity theft continue to ... Read More

Lawmakers, advocates debate over Washington Privacy Act

(Mar 22, 2019) The debate over the strengths and weaknesses of the Washington Privacy Act has begun to swirl, Crosscut reports. Privacy advocates are concerned the state bill does not protect citizens on the level of the California Consumer Privacy Act and EU General Data Protection Regulation. Center for Democracy & Technology Policy Counsel Joseph Jerome, CIPP/US, expressed his issues with the bill’s take on de-identification, while others are wary of the involvement of tech companies in the creation of ... Read More

CIPL releases white paper on 10 principles for US privacy framework

(Mar 22, 2019) The Centre for Information Policy Leadership released a white paper titled the “Ten Principles for a Revised U.S. Privacy Framework,” according to a post from Hunton Andrews Kurth's Privacy & Information Security Law Blog. The CIPL offers the principles it believes should be implemented into a federal privacy framework to protect consumers and ensure the responsible use of information. The group’s principles for a U.S. framework focus on accountability, innovative and contextual transparency... Read More

Infographic: Data protection and transfers if 'no-deal' Brexit

(Mar 22, 2019) With the U.K. expected to leave the EU imminently, organizations must plan now for data governance within the U.K. and for data transfers into and out of other jurisdictions. To help, the IAPP has created an infographic to assist privacy pros unsure of their obligations to learn more about where to focus efforts and resources in the case of a “no-deal” Brexit. Full Story ... Read More

Recapping the EDPB's GDPR enforcement overview

(Mar 22, 2019) Last month, the European Data Protection Board released its first overview of the implementation and enforcement of the General Data Protection Regulation and the roles and means of the national supervisory authorities. The report indicates that the GDPR cooperation and consistency mechanisms are working quite well in practice due to the EDPB and national supervisory authorities’ ongoing efforts to facilitate collaboration and communication. Graham Blyth, CIPP/US, recaps the EDPB release in this... Read More

Saskatchewan privacy commissioner advises ministry to manage backup tapes

(Mar 22, 2019) The Office of the Saskatchewan Information and Privacy Commissioner has advised the Ministry of Central Services to create a plan to manage the thousands of backup tapes government agencies have used to copy information, Saskatoon StarPhoenix reports. The privacy commissioner’s report centers on the “critical data” Central Services placed on the backup tapes, as well as an assessment of how the Freedom of Information and Protection of Privacy Act applies to the information. Saskatchewan Informat... Read More

Quebec privacy law remains intact despite Concordia harassment allegations

(Mar 22, 2019) Following sexual harassment claims against Concordia University professors, Quebec's Education Ministry will uphold a provision in Bill 151 that prohibits accusers from learning the outcome of investigations into the allegations due to privacy and confidentiality considerations, CBC News reports. After the allegations surfaced, Concordia produced a "climate review" where it recommended students should be allowed to know what happens to their alleged harassers. Former Education Minister Hélène Da... Read More

Data breach notification and data portability expected for future PDPA amendments

(Mar 21, 2019) Sidley Austin Partner Yuet Ming Tham reports on important changes to Singapore’s Data Privacy Regime. With the Personal Data Protection Commission issuing a statement confirming its intent to introduce mandatory data breach notification requirements and a discussion paper on the benefits of data portability, both are expected to be introduced in future Personal Data Protection Act amendments. The notification mandate would require organizations to notify affected individuals and the PDPC when a ... Read More