California Privacy Rights Act

Why is the new noyb action against websites and data brokers regarding cookie-based authentication important for compliance with the new U.S. privacy laws?

Because they set out to equivocally confirm

Continue Reading To Best Comply With US Privacy Laws, It Can Be Helpful to Look to Europe

“The times they are a-changin’,” Bob Dylan sang almost 60 years ago. And when it comes to consumers’ reasonable expectations of privacy, they are still a-changin.

I recently participated in

Continue Reading US Privacy Laws and Legislation: What You Need to Know

The California Privacy Protection Agency (CPPA) has issued a Final Statement of Reasons for amended California Consumer Privacy (CCPA) regulations.

Key Points:

The amendments were “necessary” (used 135 times), just

Continue Reading CPPA Issues Final Statement of Reasons for Amended CCPA Regulations

If you are a GDPR-compliant company, does that mean you can start doing business in the United States with no additional thoughts about privacy?

As Simon Cowell says: “It’s a

Continue Reading What Does the EU-US “Draftequacy” Decision Mean for Companies Right Now?

You need a data retention plan. No really.

And not just in the European Union. In California too.

Commission Nationale de l’Informatique et des Libertés (CNIL) has fined messaging platform

Continue Reading Make Sure You Have a Good Data Retention Plan. You Need It.

For deidentification under the traditional laws like HIPAA, removal of identifiers qualifies.

That was a key facet of what I discussed last week on an anonymization panel during the IAPP

Continue Reading Deidentification vs Anonymization: What Is Enough?

Employers should have in place a process to delete former employees’ information – including public facing information and photos – to meet their retention limitation requirements, according to the Belgian

Continue Reading Caveat Employer? In the EU and California, Employers Must Beware!