China set to expand data localization and security review requirements

(Apr 25, 2017) A draft regulation released on April 11, by the Cyberspace Administration of China could have a significant effect on foreign companies with operations in China that store or transfer data overseas. The draft rules, entitled the Measures for the Security Assessment of Personal Information and Critical Data Leaving the Country, are intended to assist in the implementation of China’s new Cybersecurity Law, which takes effect on June 1. The draft security measures appear to expand the scope of Ch... Read More

Prudence the Privacy Pro Vol. 4, No. 4

(Apr 24, 2017) Think robo-calling is in your company's future? Well Prudence and Opt-Out have a not-so-subtle reminder for you U.S. businesses. If you would like to download a high-resolution pdf to print and hang somewhere in your office, click here. ... Read More

Privacy Bar attendees meet George Jepsen

(Apr 24, 2017) “Call me soft-hearted, but my definition of harm goes well beyond the purely financial.” Such was the kind of candid talk elicited from Connecticut Attorney General George Jepsen as part of a wide-ranging keynote conversation Friday at the second-annual IAPP Privacy Bar Section Forum in Washington. Jepsen’s conversational partner, Maryland law professor Danielle Citron, recently published a piece in the Notre Dame Law Review examining “The Privacy Policymaking of State Attorneys General,” and ... Read More

Roundup: India, Australia, US and more

(Apr 24, 2017) India’s attorney general says the government is mulling over a comprehensive data protection law expected to be released by August. Australia’s metadata-retention law has hit the end of its implementation period with critics continuing to say it misses the point. In the U.S., at least 10 states are considering bills prohibiting ISPs, and in some cases other internet companies, from selling customer data — with one city council passing a resolution in the same vein. New Mexico became the 48th sta... Read More

Global News Roundup — April 17 - 24, 2017

(Apr 24, 2017) India’s attorney general says the government is mulling over a comprehensive data protection law expected to be released by August. Australia’s metadata-retention law has hit the end of its implementation period with critics continuing to say it misses the point. In the U.S., at least 10 states are considering bills prohibiting ISPs, and in some cases other internet companies, to sell customer data — with one city council passing a resolution in the same vein. New Mexico became the 48th state wi... Read More

NY Supreme Court rules organ donor records not liable to HIPAA

(Apr 21, 2017) The New York Supreme Court has ruled patient records from the New York Organ Donor Network are not liable to HIPAA regulations, HealthITSecurity reports. A former official from the network had claimed they were because four patients had not been declared legally dead before their organs were harvested. Plaintiff Patrick McMahon also argued he had been fired for whistleblowing on the incidents. Manhattan Supreme Court Justice Arlene Bluth ruled the network is not a HIPAA covered entity and, hence... Read More

Va. updates breach notification law for payroll data

(Apr 21, 2017) Virginia recently updated its data breach notification law to require notification when payroll data is compromised, HealthITSecurity reports. The amendment applies to employers or payroll service providers when there is unauthorized access and personal information is acquired, including unencrypted data containing taxpayer identification numbers in combination with income tax withholding information. The amendment also stated: "Good faith acquisition of personal information by an employee or ag... Read More

Class-action filed against encryption app used by White House officials

(Apr 21, 2017) Reuters reports encryption messaging app Confide faces a privacy class-action because it allegedly does not meet its own promises to maintain the confidentiality of users' messages. Confide, which is said to be used by White House officials, cannot assure users of the "unequivocal confidentiality" it advertises because messages can be captured by a screen shot and do not self-destruct after being read. Plaintiff Jeremy Auman said he paid a subscription to the company because it promised "message... Read More

Edelson announces three new privacy lawsuits

(Apr 20, 2017) If you ask Jay Edelson, he'll tell you things are about to get significantly better for class-action litigants on the plaintiffs' side. He sees a shift in the way courts are willing or not willing to handle settlements. He's feeling good enough about the future of such cases, in fact, that he announced Wednesday three new filings on behalf of Edelson PC, his Chicago-based law firm, recently put forth or with plans to officially file, including one against Bose, for sharing its consumers' listeni... Read More

A regulatory update on contractual clauses and Privacy Shield

(Apr 20, 2017) Just weeks after the Irish High Court heard arguments from select parties in a case that could affect the future of private trans-Atlantic data flows, Irish Data Protection Commissioner Helen Dixon shared her thoughts about the case and questions the court must consider. "These hearings were positive," she said during a panel session at the IAPP Global Privacy Summit in Washington. "It was an extremely comprehensive hearing on complex issues. This wasn't a case where the judge will rush to judge... Read More