Tag Archives: GDPR

ECJ Invalidated the EU-US Privacy Shield Framework

On July 7, the Court of Justice of the European Union (ECJ) invalidated the EU-US Privacy Shield framework in its ruling in Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems (Case C-311/18). More than 5,000 organizations in the United States have certified their adherence to this framework, and have relied on it to receive personal data from organizations in the EU in compliance with the General Data Protection Regulation (GDPR) since 2016. The framework was a joint effort between the US Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. The Department of Commerce released the following statement:

Read full article

Harden Your Organization’s Domain Name System (DNS) Security To Protect Against Damaging Data Loss and Insider Threat

The importance of the Domain Name System (DNS) to your organization’s cybersecurity cannot be understated. Communications between computers on the Internet depend on DNS to get to their intended destination. Network communications begin with a query to DNS to resolve the human readable domain name to a numeric Internet Protocol (IP) address required by computers to route the transmission. A malicious party who is able to exploit a weakness in DNS can re-route sensitive traffic, including Protected Health Information (PHI), Personally Identifiable Information (PII) and other valuable information from the intended recipient to the malicious actor. Indeed, as recent attacks on DNS indicate, even encrypting the communication may not be an effective countermeasure because the transmission can be decrypted after interception. Malicious employees and other insiders may also abuse DNS as a side channel to covertly exfiltrate the organization’s most sensitive proprietary information avoiding Data Loss Prevention (DLP) countermeasures that may operate at different layers of the communication process. The recent attacks reported by the Department of Homeland Security reinforce the need to protect DNS functionality as a fundamental component of your organization’s overall cybersecurity and compliance strategy.

Read more

Read full article

Washington State Considers Comprehensive Data Privacy Act to Protect Personal Information

Washington State is considering sweeping legislation (SB 5376) to govern the security and privacy of personal data similar to the requirements of the European Union’s General Data Protection Regulation (“GDPR”). Under the proposed legislation, Washington residents will gain comprehensive rights in their personal data. Residents will have the right, subject to certain exceptions, to request that data errors be corrected, to withdraw consent to continued processing and to deletion of their data. Residents may require an organization to confirm whether it is processing their personal information and to receive a copy of their personal data in electronic form.

Read more

Read full article

Take 5 Newsletter – The Present-Future of Work: 2018 Trends and 2019 Predictions

There is a visceral and palpable dynamic emerging in global workplaces: tension.

Tension between what is potentially knowable—and what is actually known.   Tension between the present and the future state of work.  Tension between what was, is, and what might become (and when).  Tension between the nature, function, and limits of data and technology.

Read more

Read full article

Data breaches and the GDPR – the new frontier of privacy regulation in Australia

In Australia, as well as internationally, this year has brought significant developments in the area of privacy regulation that may affect your business. Two areas of privacy compliance in particular that Australian businesses need to understand and respond to are:

Read more

Read full article

How Will the New California Consumer Privacy Act of 2018 Will Affect Your Business?

On June 28, 2018, California legislated into law A.B. 375, otherwise known as the California Consumer Privacy Act of 2018 (“California Privacy Act”).  Effective January 1, 2020, among other requirements, the law will expand privacy rights of California consumers as well as require businesses to disclose the what, why, and how consumers’ personal information are being used.  Failure to comply with these new laws could be costly to businesses with civil penalties resulting from an action by the state attorney general of up to $7,500 per violation.  In addition, in the event of a breach of personal information, the California Privacy Act provides consumers with statutory damages of no less than $100 and no more than $750 per consumer per incident, or actual damages, whichever is greater.  Therefore, the California Privacy Act will have a significant impact on businesses, including the healthcare sector.

Read more

Read full article
ILN Today Post

NEWS FLASH – GDPR

Dear All, 

The European Data Protection Board (hereinafter “EDPB”) is a key player in data protection and privacy.

Read more

Read full article
ILN Today Post

GDPR is coming – Is your business prepared?

Christine N. Czuprynski, a Detroit attorney in the firm’s national Data Privacy and Cybersecurity Practice Group, sits down with host Mike Witzke to discuss GDPR, the European Union’s new data protection regulation, which takes effect on May 25, 2018. Christine informs listeners why U.S. businesses must have the GDPR on their radar and steps they can take to prepare to be compliant.

Read more

Read full article

The GDPR Soon Will Go Into Effect, and U.S. Companies Have to Prepare

The European Union’s (“EU’s”) General Data Protection Regulations (“GDPR”) go into effect on May 25, 2018, and they clearly apply to U.S. companies doing business in Europe or offering goods and services online that EU residents can purchase. Given that many U.S. companies, particularly in the health care space, increasingly are establishing operations and commercial relationships outside the United States generally, and in Europe particularly, many may be asking questions akin to the following recent inquiries that I have fielded concerning the reach of the GDPR:

Read more

Read full article
ILN Today Post

Digital Media, Technology & Privacy Alert >> With GDPR Deadline Looming, Ad Tech Community Proposes Collaborative Industry Solution

With only a few months to go before the European Union’s General Data Protection Regulation becomes enforceable, the Interactive Advertising Bureau’s Technology Laboratory (IAB Tech Lab) has published an advisory that seeks to explain how ad tech companies can comply with the new rules through a collaborative information sharing process.

Read more

Read full article