General Privacy & Data Security News & Developments

The United Kingdom’s Information Commissioner’s Office has issued guidance for public consultation on cross-border transfers of personal data from the UK to third countries without an adequacy decision, replacing the old Standard Contractual Clauses (SCCs) which are currently in use for such transfers.

According to the ICO press release, “the new guidance has been designed

Move over sobriety checkpoints. Soon your vehicle may actually include technology that keeps people from driving impaired.

The U.S. Congress is working on a $78 billion surface transportation bill as part of the larger $1 trillion infrastructure package. The bipartisan bill includes a significant safety provision that will aim to reduce the number of impaired

What are practical lessons learned from the $85 million Zoom settlement?

  • You can have big ticket enforcement dollars even without GDPR or CCPA.
  • When you integrate a third party feature – including via a Software Development Kit (SDK) that shares information with a third party and especially when that third party can use the information

New York City has passed a bill limiting data sharing by food delivery apps and food service establishments.

What does that mean?

Here are some key takeaways:

  • A third-party food delivery service may not share customer data applicable to an online order if such customer requests that such data not be shared in relation to

We are back in the US federal privacy bill game!

Sen. Roger Wicker, a Mississippi Republican, has re-introduced the “Setting an American Framework to Ensure Data Access, Transparency, and Accountability Act,” also known as the “SAFE DATA Act.”

Here are some key takeaways:

  • Employee and publicly available data are excluded
  • The concept of “sensitive covered

I had the pleasure of speaking recently with Jamal Ahmed on the PrivacyPros Podcast about privacy enforcement and privacy career trends.

Among the questions I tried to address:

  • What does the new Network Advertising Initiative (NAI) and its opt outs of hashed email targeted advertising mean?
  • Why should everyone read George Orwell’s “1984” and Carol

Federal Trade Commission authority boost?

H.R. 2668 – The Consumer Protection and Recovery Act – has passed in the U.S. House of Representatives.

The bill amends the Federal Trade Commission Act to provide the FTC with explicit authority to require bad actors to return money earned through illegal activity and to seek both injunctive

The Ohio Personal Privacy Act, also known as House Bill 376, is being considered in the Buckeye State.

Here are a few takeaways:

  • Enforcement by Attorney General only
  • Affirmative defense for companies that maintain and comply with a written privacy program that reasonably conforms with the NIST Privacy Framework.
  • “Business” include non-profits
  • Similar to Virginia

“Nothing ever happens in privacy, the team will manage itself”

This statement, which did not survive the test of time, was shared by one of the privacy pros who  participated in this month’s International Association of Privacy Professionals’ Women Leading Privacy networking session. I co-lead the session.

Some pet peeves/needs in leadership that we discussed

As always, it was great fun speaking with Future of Privacy Forum’s lovely and knowledgeable mobility guru Chelsey Colbert during Part 2 of OneTrust DataGuidance’s connected vehicles and data protection presentation.

Here are some takeaways from our chat:

  • In the Cold War spy series “The Americans,” characters kept changing their route to and from their