IAPP Westin Research Center

(Aug 22, 2016) If a tree falls in the woods and there’s no one around to hear it, does it make a sound? According to the Federal Trade Commission, yes it does. In its recent LabMD ruling, the FTC found that the mere fact that sensitive medical records were publicly available, without any evidence that consumers suffered any adverse effects or were even aware of the breach, was enough to support a finding of substantial consumer injury. In so finding, the LabMD decision offers the most detailed portrait yet of ... Read More

(Apr 19, 2016) The General Data Protection Regulation (GDPR) will come into effect in the spring of 2018, replacing the Data Protection Directive 95/46/EC and imposing new obligations on organizations that process the personal data of European Union residents. While the Regulation aims to bolster privacy rights, it arrives as a centerpiece of the EU Digital Single Market, an initiative designed to boost digital innovation within the EU. By harmonizing privacy legislation across the EU member states and carvin... Read More

(Mar 23, 2016) The General Data Protection Regulation (GDPR) is set to replace the Data Protection Directive 95/46/ec effective May 25, 2018. The GDPR is directly applicable in each member state and will lead to a greater degree of data protection harmonization across EU nations. Although many companies have already adopted privacy processes and procedures consistent with the Directive, the GDPR contains a number of new protections for EU data subjects and threatens significant fines and penalties for non-com... Read More

(Mar 7, 2016) The European Commission recently released details of the new Privacy Shield framework designed to heighten protections for transferring European Union residents’ personal data to the U.S. Although its approval faces procedural hurdles, Privacy Shield could provide a much-needed solution for organizations seeking to respond to Safe Harbor’s invalidation. At more than 130 pages, the Privacy Shield package is dense, and potentially daunting. But never fear, we here at the Westin Research Center hav... Read More

(Feb 24, 2016) The new General Data Protection Regulation (GDPR) is set to replace the Data Protection Directive 95/46/ec effective May 25, 2018. The GDPR is directly applicable in each member state and will lead to a greater degree of data protection harmonization across EU nations. Although many companies have already adopted privacy processes and procedures consistent with the Directive, the GDPR contains a number of new protections for EU data subjects and threatens significant fines and penalties for non... Read More

(Feb 12, 2016) The General Data Protection Regulation (GDPR) is set to replace the Data Protection Directive 95/46/ec effective May 25, 2018. The GDPR is directly applicable in each member state and will lead to a greater degree of data protection harmonization across EU nations. Although many companies have already adopted privacy processes and procedures consistent with the Directive, the GDPR contains a number of new protections for EU data subjects and threatens significant fines and penalties for non-com... Read More