Depiction of cyber network around America, lock in the middle of the country, with California Consumer Privacy Act written on side.

Implementing California Consumer Privacy Act (CCPA): Part 1

This is the first in a series of posts about the implementation of the California Consumer Privacy Act (CCPA).

As someone who works in cybersecurity and privacy and who lives in California, I’ve been closely tracking CCPA since it was passed. The state statute, protecting consumers’ rights to access, request deletion of, and opt out of the sale of their personal information, went live in January. At the time, I conducted what I thought of as an initial experiment, to see what would happen when I requested my own data—which companies were prepared to send it, how much they would send, and how promptly they would respond. I approached Verizon, Facebook, Comcast, Google, LinkedIn, Ring, Amazon, YouTube, and Intuit, as well as some data brokers that are registered with the state, among others. 

Continue Reading

FCC’s Privacy Protections for Telecommunications Carriers

A Q&A with Sara Hutchins Jodka of McDonald Hopkins

The Federal Communications Commission alerted telecommunications and interconnected VolP service providers that the annual privacy certification for Customer Proprietary Network Information (CPNI) was due on March 1, 2016, and also warned that similar obligations would soon be required of broadband providers. I spoke with Sara Hutchins Jodka, senior counsel at McDonald Hopkins, about the implications for the telecommunications industry, and what companies can do to shore up their privacy protections.

Continue Reading

What Does the Neiman Marcus Ruling Mean for Data Security Law?

A Q&A with Ben Barnow of Barnow Associates PC
The decision in the recent Neiman Marcus case was a game changer for the swiftly evolving legal climate around data breach events. By establishing the theory of “likely future fraud or injury” the court recognized that plaintiffs no longer have to prove the “impending certainty” of potential injury (as was previously established by the 2013 decision in Clapper v. Amnesty International). To find out more about its impact we talked to Ben Barnow of Barnow Associates PC.

Continue Reading

Recent Developments in Canadian Privacy and Cybersecurity Law

Q&A with Alex Cameron
In Canada, litigation and regulatory activity regarding privacy and data breaches have increased dramatically. I spoke with Alex Cameron of Fasken Martineau, a leading attorney in this area in Canada, about the factors contributing to the increasing risk and potential liability for organizations doing business in Canada. With the recent landmark changes to Canadian privacy law, discussed here, including mandatory breach notification, record keeping for all breaches, and fines, the trends identified below are sure to continue.

Continue Reading

Data Breach Events: A Plaintiff Perspective

Email Computer Key For Emailing Or ContactingA Q&A with John Yanchunis of Morgan & Morgan
The legal landscape around data loss is rapidly evolving, and with major events such as the Anthem breach changing the game on a daily basis, it can be a challenge to keep up with the courts’ current thinking. I spoke with plaintiff attorney John Yanchunis of Morgan & Morgan about some of the most recent developments he’s observed.

Continue Reading

Digging Into the President’s Data Breach Notification Bill

Personal Data & Protection ActA Q&A with Dominic Paluzzi McDonald Hopkins
In late January 2015, the White House introduced the Personal Data Notification and Protection Act (PDNPA), a data breach notification bill, intended to improve national cybersecurity. I asked attorney and breach coach Dominic Paluzzi of McDonald Hopkins about how this bill differs from the existing laws and its potential implications for risk managers.

Continue Reading

Microsoft on the Frontier for Legal Privacy Protections

Privacy button on keyboardA Q&A with Geff Brown of Microsoft
“Privacy is without a doubt the most exciting area of the law to be involved in right now,” says Geff Brown, assistant general counsel in regulatory affairs at Microsoft. I asked him about the current legal climate for consumers and tech companies around privacy issues and what Microsoft is doing to proactively protect user information.

Continue Reading

The Right to Be Forgotten: Complying with New European Privacy Law

EuropeCyberA Q&A with Claire Bernier, Bersay & associés
Part of the future General Data Protection Regulation currently under discussion between European State Members, Europe’s Right to be Forgotten regulation will apply to any company that does business in the European Union (EU). I asked Paris-based attorney Claire Bernier of Bersay & Associés about this pending law and what implications it might have for organizations around the world.

Continue Reading

No more posts.