General Privacy & Data Security News & Developments

Constantine Karbaliotis and Abigail Dubiniecki write on the topic of what Canadian companies should do after Schrems II:

  • If you are processing data as controller, or as a processor for a client with European Union personal data, and relying on onward transfers, first do a risk assessment; and then assuming the risks are addressable, put

EUobserver prints an op-ed on SchremsII:

“With this decision, Europe is sliding toward a system of data localisation in which European data must stay in Europe. Big companies can likely bear the cost of creating redundant data systems in Europe, and for cloud computing providers that already have data centres in Europe…this decision could bring

Massachusetts Attorney General Maura Healey announced the creation of the Data Privacy and Security Division within her office to protect consumers from the surge of threats to the privacy and security of their data in an ever-changing digital economy.

AG Healey has also named Sara Cable as Chief of the new Data Privacy and Security

The National Security Administration issued a white paper on location data:

  • Using a mobile device — even powering it on — exposes location data.
  • Cellular providers and commercially available rogue base stations receive real-time location information.
  • Location data is stored on the mobile device.
  • Websites use browser fingerprinting to harvest location information, and WiFi access

The Data Protection Authority for the Rhineland-Palatinate in Germany suggests there is a need for legislation limiting the use of contact tracing data.

Anyone sitting in the beer garden should not later be questioned by the police with respect to an administrative offense or minor damage to property based on the fact that their name

Canada’s privacy regulator is admitting the government’s contract tracing app can’t provide a 100% guarantee of anonymity.

“True anonymity, technically speaking, would require the complete and permanent impossibility of reversing the data processes at play, which could reveal sources of personal information and so re-identify individuals,” says Vito Pilieci, spokesman for Canada Privacy Commissioner Daniel

The Electronic Privacy Information Center has asked U.S. Senate Committee on Commerce, Science, and Transportation to establish an independent Data Protection Agency in the United States.

Key points from the EPIC letter:
  • Many of the privacy bills before this Committee propose an expansion of the Federal Trade Commission’s (FTC) authority. But before giving more authority

Senators Jeff Merkley (D-Oregon) and Bernie Sanders (I-Vermont) introduced the “National Biometric Information Privacy Act of 2020,” a bill that would prohibit private companies from collecting or profiting from  biometric data — including eye scans, voiceprints, faceprints and fingerprints — without consumers’ and employees’ consent.

The legislation limits the ability of companies to collect, buy,

New Zealand’s Government Cyber Security Centre has issued a guide on incident response, laying out key steps designed to help business leaders and cybersecurity professionals strengthen their organizations’ ability to manage and respond to cybersecurity incidents.

The guide lists five incident management steps:

  • Define Roles and Responsibilities
  • Identify Threats and Assets
  • Have a Plan
  • Logging,

Oklahoma representatives Josh West (R-Grove) and Collin Wake (D-Oklahoma City) announced on Monday an interim study on the issue of internet data privacy.

“The framers of the Constitution knew the risk to individual freedom if privacy was not protected against governmental interference, which is why they created the Fourth Amendment,” says West.

“For the first