Data Protection Law Compliance

The Federal Trade Commission (FTC) has entered into a settlement with a provider of management software for car dealerships that held personal information, including SSN’s and payroll information, in cleartext, holding its practices to be in violation of the FTC Act’s prohibition against unfair practices and GLBA’s Safeguards Rule, which requires financial institutions to develop,

The Lithuanian data protection inspectorate issued a 61,500 EUR fine against a payment services provider for violations of the data minimization, adequate security measures and data breach reporting requirements of GDPR.

Key takeaways:

  • Data minimization:
    • Collect only the information you need. If you only need name, identification code, bank account number, currency, balance, purpose of

Privacy compliance as a competitive differentiator: 97% of 3,200 companies surveyed say they are receiving auxiliary benefits today from their data privacy investments, beyond just meeting compliance requirements.

Benefits cited include:

  • greater agility and innovation
  • competitive advantage versus competition
  • operational efficiency
  • investor appeal
  • less costly data breaches
  • for companies that had undergone GDPR compliance work,

The Illinois Supreme Court’s Ruling

On January 25, 2019, the Illinois Supreme Court issued its long awaited opinion in Rosenbach v. Six Flags Entertainment Corp, ruling that the Illinois Biometric Privacy Act, 740 ILCS 14/1 et seq. (“BIPA”) does not require an actual injury for a plaintiff to be considered “aggrieved” under the Act. The

Keep your passwords close…and complex, and encrypted and unique, and ever-changing.

In the wake of recent data breaches involving passwords, the French data protection authority, the CNIL, has published guidelines for adequate passwords.

Some highlights include:

  • If you use a password as your sole method of authentication, it needs to be at least 12 characters

Don’t store users’ passwords in cleartext. Really.

It’s not a good idea. Also, it may be deemed a ‘knowing violation’ of the EU General Data Protection Regulation (GDPR) requirement to adequately protect personal data.

That is one key takeaway from the GDPR enforcement action by the State Commissioner for Data Protection and Freedom of Information

Enforcement actions under the EU General Data Protection Regulation (GDPR) are coming to a theater near you in 2019.

At the IAPP Data Protection Congress, CNIL Director of Rights Protection and Sanctions Directorate Mathias Moulin, warns that the time for the GDPR’s transition “is coming to an end,” and that it’s “time for action” and

Registration for the Privacy Summit is open.

Fox Rothschild’s Minneapolis Privacy Summit on November 8 will explore key cybersecurity issues and compliance questions facing company decision-makers. This free event will feature an impressive array of panelists drawn from cybersecurity leaders in major industries, experienced regulatory and compliance professionals and the Chief

Jeffrey L. Widman writes:

Fingerprint scanner, illustrating concept of biometricsIn 2008, the Illinois legislature enacted the Illinois Biometric Privacy Act, 740 ILCS 14/1 et seq. (“BIPA”) to provide standards of conduct for private entities in connection with the collection and possession of “biometric identifiers and information.” BIPA regulates the collection, use, safeguarding, handling, storage, retention and destruction of such biometric

Data-rich companies like Facebook have a unique opportunity to capitalize on the recent surge in regulatory scrutiny and turn it to their advantage.

Savvy tech companies are attuned to public opinion and won’t allow others to control the narrative. They are already taking steps to regain the upper hand in the privacy debate.

Facebook demonstrated