Electronic Data Security

The Canadian Office of the Privacy Commissioner has issued a “consultation on cross border transfers,” detailing its policy and seeking comments from stakeholders.

Key points on which consultation is sought:

  • Individuals would reasonably expect to be notified if their information was to be disclosed outside of Canada and be subject to the legal regime of

Despite their distrust in tech giants and lack of confidence in their privacy practices, people aren’t likely to go out of their way to safeguard their information, shows a survey of nearly 4,000 people across generations.

Per the survey:

  • 33 percent of respondents claim to read end user license agreements
  • 66 percent either skim through

Changes to the Safeguards Rule and the Privacy Rule applicable to financial institutions under the Gramm Leach Bliley Act are in the works.

The FTC is proposing changes to the Safeguards Rule to add more detailed requirements for what should be included in the comprehensive information security program mandated by the Rule. This will include:

Under a proposed amendment to the California Consumer Privacy Act (CCPA) filed Feb. 22, companies that amass user data could be the target of class-action litigation from state consumers if they’re accused of violating the CCPA.

This expands the existing private right of action under CCPA which currently applies only to data breaches. Other proposals

Several initiatives signal big changes for the regulation of privacy in China in 2019 reports the International Association of Privacy Professionals (IAPP).

  • End of bundled consent: Controllers are required to provide a privacy notice in intelligible, clear and concise wording and to obtain freely given consent from data subjects. The bundled consent, or “take-it-or-leave-it”

Sorta, kinda, immutable.

Turns out the blockchain CAN get hacked, and changed.

In the blockchain, a miner who somehow gains control of a majority of the network’s mining power (a so-called “51% attack”) can defraud other users by sending them payments and then creating an alternative version of the blockchain in which the payments never

Privacy compliance as a competitive differentiator: 97% of 3,200 companies surveyed say they are receiving auxiliary benefits today from their data privacy investments, beyond just meeting compliance requirements.

Benefits cited include:

  • greater agility and innovation
  • competitive advantage versus competition
  • operational efficiency
  • investor appeal
  • less costly data breaches
  • for companies that had undergone GDPR compliance work,

Data privacy bills are pending in at least eight states, reports Sara Merken at Bloomberg Law.

State lawmakers are aiming to give citizens more control over their personal data. Some of the bills largely follow the lead of California, whose Consumer Privacy Act takes effect Jan. 1, 2020. Others are more narrowly focused on

Data rights > data ownership?

That’s the position taken by Privacy International in its response to the recent editorial by artist wil.i.am in The Economist which called for tech giants to pay individuals for their data:

  • Data rights offer a system of control and protection that is much more comprehensive than ownership, and these rights