The Electronic Privacy Information Center has asked U.S. Senate Committee on Commerce, Science, and Transportation to establish an independent Data Protection Agency in the United States.

Key points from the EPIC letter:
  • Many of the privacy bills before this Committee propose an expansion of the Federal Trade Commission’s (FTC) authority. But before giving more authority

I was lucky enough to participate in an excellent panel of healthcare professionals discussing how COVID-19 has impacted medical technology, methods of treatment and research, and patient privacy rights. If you are concerned with contract tracing applications, or what governments, employers, or private companies may be doing with data from contact tracing applications, we also had a terrific discussion on those topics.
Continue Reading Villanovans in Healthcare VIRTUAL Spring Speaker Series – DATA PRIVACY AND DIGITAL TRANSFORMATION

First privacy, then profit.

“[B]usinesses are beginning to recognize that they must reform their operations to prioritize data trust by centralizing consumer privacy, data evaluations and the risks of compromising breaches. According to a recently released PwC Digital Trust Insights survey, 60% of American businesses would sacrifice profit to strengthen their privacy protections. Companies that

It’s not a sprint. It’s a marathon.

“That is the crux of the problem with compliance: Privacy requires business commitment as data travels and accumulates. Keeping track of data, wherever it migrates to, will keep companies compliant — not a privacy policy hidden at the bottom of a website.”

“Whether in a cut-and-paste scenario or

“Learning from recent breaches and the need for a greater understanding of privacy in the enterprise, it’s time for companies to take a new, proactive approach to data management. Making data privacy decisions in a silo is no longer enough. Organizations must now implement robust data privacy practices that also involve their board members on

CISO members of the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) published a white paper to help cybersecurity leaders in retail and hospitality prepare for compliance with the California Consumer Privacy Act (CCPA).

Key recommendations from the white paper:

  • Consider contract language that prevents third-parties from selling personal information sold to them unless

The International Organization for Standardization (ISO) published a standard for company’s to implement personal information management systems (PIMS). The ISO’s guidance aims to assist businesses with compliance goals and further the emphasis on personal data protection.

In the wake of the detailed privacy framework requirements of the recent FTC Facebook settlement and the California Consumer

A web developer study shows that when a cookie banner allows users to refuse cookies, 50 percent of users choose this option and subsequently refuse all third-party services.

However, when this choice is not available, we end up with a cookie acceptance rate between 90 and 98 percent via site users clicking the “I accept”

“Of the 24 states that considered data privacy legislation this year, only Illinois, Maine and Nevada enacted new laws.”

“Despite enthusiasm for more privacy rules by legislators and their constituents, many states found themselves bogged down this year in both the details of high tech operations and industry complaints.”

“In Connecticut, Hawaii, Louisiana, North Dakota

The $5 billion fine levied against Facebook by the Federal Trade Commission is certainly headline news, but it also contains detailed requirements for privacy and information security governance and accountability that all companies can learn from and implement.

Big Picture Takeaways:

  • Facebook faces many detailed requirements for internal and external governance and oversight with