General Privacy & Data Security News & Developments

Canada’s Office of the Privacy Commissioner weighs in on data processing under COVID-19:

“There are some circumstances under which organizations may collect, use or disclose personal information without consent, including:

  • Collection in the interests of the individual and consent cannot be obtained in a timely way, e.g. critical illness.
  • Collection and use for making a

Coronavirus and Data Protection: New York Department of Financial Services had extended the deadline for compliance with its cybersecurity requirements.

  • The Superintendent of Financial Services of the State of New York recognizes that COVID-19 may present compliance challenges for certain regulated entities and persons in meeting their legal obligations.
  • Therefore the deadline for submission of

Iceland’s data protection authority offers advice on GDPR compliance during the COVID-19 outbreak.

Key takeaways

  • Information that a person is quarantined is generally not considered to be sensitive personal information, but it is appropriate to pay particular attention to the principles of the Data Protection Act on data minimization and fairness.
  • Maintain only the minimum

First privacy, then profit.

“[B]usinesses are beginning to recognize that they must reform their operations to prioritize data trust by centralizing consumer privacy, data evaluations and the risks of compromising breaches. According to a recently released PwC Digital Trust Insights survey, 60% of American businesses would sacrifice profit to strengthen their privacy protections. Companies that

“The U.S. must embrace technology such as artificial intelligence to improve the provision and efficiency of government services to the American people and ensure its application shows due respect for our Nation’s values, including privacy, civil rights, and civil liberties.” says the White House Office of Science and Technology Policy in its inaugural report on

“Data synthesis is an emerging privacy-enhancing technology that can enable access to realistic data, which is information that may be synthetic, but has the properties of an original dataset. It also simultaneously ensures that such information can be used and disclosed with reduced obligations under contemporary privacy statutes. Synthetic data retains the statistical properties of

Don’t miss our annual Privacy Summit, scheduled for April 16. This information-packed, daylong event will bring you fully up to date on the latest, emerging issues in cybersecurity and data privacy.  The program kicks off with keynote speaker Leslie Ireland — former Assistant Secretary for Intelligence and Analysis, U.S. Department of the Treasury, and National

If it’s not broker(ed) why fix it?

A new data broker bill has been submitted to the Washington State House of Representatives, following in the footsteps of Vermont and California.

Per the bill, a broker will be required to register in a central registry and indicate:
  • Name and address
  • If it permits an opt out

Bang for your privacy compliance spend buck.

For every $1 an organization spends on privacy compliance, they receive a $2.70 return on investment, finds a recent survey conducted by Cisco.

The study also found that the more mature privacy programs were seeing much better ROI. Companies that had scores above four on a scale of