General Privacy & Data Security News & Developments

Senate Bill 8450C, or An Act to Amend the Public Health Law in relation to the Confidentiality of Contact Tracing Information, passed the New York State Senate and Assembly and will be delivered to the governor’s office for signature.

The bill requires that information collected for COVID-19 contact tracing be kept confidential and not be

The New York State Senate has approved a measure that would protect the privacy of contact tracing data.

“The NY state Senate approved a measure (S.8450C/A.10500C) that would keep contact tracing information confidential and ensure it is only used for tracing efforts.”

“All private contractors hired for contact tracing would be required to

“The United States shares the values of rule of law and protection of our democracies with our partners in the European Union (EU). Therefore, we are deeply disappointed that the Court of Justice of the European Union (ECJ) has invalidated the EU-U.S. Privacy Shield framework,” said U.S. Secretary of State Mike Pompeo.

“The United States

Commentors on the final California Consumer Privacy Act regulation queried: “Are session cookies a “unique personal identifier?”

The California Attorney General replied: Maybe, depending on the context.

  • A “unique personal identifier” is a persistent identifier that can be used to recognize a consumer.
  • If a session cookie cannot be used to recognize a consumer, family

Commenters to the final California Consumer Privacy Act (CCPA) regulations asked if it is possible to provide information about, and access to the “Do not Sell” link and/or opt out opportunity in the privacy notice?

The California Attorney General’s answer: No.

  • The notice of right to opt out is a separate obligation from the CCPA’s

Commenters on the final California Consumer Privacy Act (CCPA) regulations asked if a company gives you a product without charge but in consideration for your information,  could that still be deemed a financial incentive requiring the company to calculate and disclose the value of the consumer’s data?

The California Attorney General’s answer: Yes.

  • If you

Comments to the final California Consumer Privacy Act regulations asked how franchisor/franchisee compliance with CCPA works?

  • Does CCPA apply to the franchisee for collecting data on behalf of the franchisor?
  • How is the franchisor supposed to calculate its revenues for the purpose of the $25 million applicability threshold?
The California Attorney General Responded:
  •  The regulation

Compliance takeaways from the International Association of Privacy Professionals (IAPP) California Consumer Privacy Act (CCPA) Enforcement Keynote Session:

  • It is important for businesses to understand the law. It is complex and has many nuances.
  • Your customers are looking, your competitors, your employees are looking, and the CA AG is looking at the private class actions

Per the German DSK (the Conference of Independent German Federal and State Data Protection Supervisory Authorities), emails need to be encrypted in order to meet the minimum requirements of Article 32 of the General Data Protection Regulation (GDPR).

This means:
  • TLS (transport layer encryption) at minimum
  • Additional measures like end-to-end encryption and qualified transport encryption