Author: Josephine Law, FIP, CIPP/US, CIPM

The EU’s General Data Protection Regulation (GDPR) protects the personal data of those living within the European Economic Area (EEA). The GDPR principles lie at the core of this regulation. The GDPR sets out seven fundamental principles: Lawfulness, fairness, and transparency Purpose limitation Data minimization Accuracy Storage limitation Integrity and confidentiality Accountability Lawfulness, Fairness, and Transparency This principle applies to how personal data is processed. The methods used to obtain personal data must be lawful. Personal data should be processed in a way consistent with how it was described to the data subject. Thirdly, data subjects must be fully informed…

It’s only a matter of time before the United States passes federal data privacy legislation, according to BDO Partner and Governance, Risk & Compliance Practice Leader Karen Schuler, CIPP/E, CIPP/US, CIPM, FIP, who writes that such a law would be beneficial for the U.S. “Uncertainty remains about some provisions of a federal privacy law, and there will be more debate on key aspects ahead,” Schuler writes. “Nevertheless, a clear and consistent U.S. framework for data privacy would have significant advantages for businesses and consumers alike.” Federal privacy laws are beneficial to organizations and consumers. Here are a few reasons: Business…

Do you want to view or change your privacy or security settings for popular devices and online services but don’t have time to find them? Do you know where to search for the GrubHub, Spotify, or Fitbit privacy settings? You don’t need to because the National Cyber Security Alliance (NCSA) and Stay Safe Online have aggregated a list of links to the most widely used apps, search engines, and online conferencing. If you don’t find what you need, you can email Stay Safe Online at info@staysafeonline.org, and they will add it to their ever-growing list. Their site provides direct links…

Key Needs for Data Privacy Define and manage governance policies Define what is sensitive, what is not, and define how that personal or sensitive data should be treated. Refer to Fordham’s Data Classification and Protection Policy. Discover, classify and understand personal and sensitive data Based on the definitions, where is this data?  What functions, people, and applications have access? Refer to Fordham’s Data Classification Guidelines. Map identities Ensure you have the ability to reference privacy data by individuals or subject names. Analyze data risk, establish protection plans Know your data privacy risks, be able to prioritize them, and simulate the…

The pandemic has created an era of uncertainty, especially surrounding the issue of student privacy. Schools now face a constant barrage of questions from administrators, teachers, parents, students, and community members requesting information pertaining to COVID-19. Before answering these inquiries, schools must decide what information can be shared, how it can be shared, and with whom any information can be shared in a way that protects the students’ privacy. Read more.

CPRA Key Takeaways As was the case with the California Consumer Privacy Act (CCPA), there are still a lot of details to be resolved in the coming months to ensure the California Privacy Rights Act (CPRA) can be fully operational in 2023. However, quite a few of the changes are already clear that organizations need to plan for. The Right to Deletion included in the CCPA will be extended Businesses may not ‘punish’ a consumer for exercising their individual rights under the CPRA if further clarified Consumers will be able to get access to more data than just the data…

The U.S. Department of Commerce published a frequently asked questions page on the current state of the EU-U.S. Privacy Shield agreement following the Court of Justice of the European Union’s “Schrems II” decision. The FAQ page includes answers on whether Privacy Shield participants can continue to rely on the framework and the possibility of a delay in enforcement by EU data protection authorities. The DOC also released an FAQ on the Swiss-U.S. Privacy Shield agreement.

Privacy issues are still very much in play during the COVID-19 outbreak and, in some cases, are heightened because of the pandemic. Count student privacy among the areas that have seen increased issues. The pandemic has forced schools into online learning, which means students of different ages being exposed to various technologies, some of which aren’t designed for educational use, children, or both. Among the privacy problems that come with online learning tech is the collection and potential use of students’ personal information, as well as employing products or platforms that are not designed for children. Such issues can bring…

Amid the escalating COVID-19 situation, one may easily overlook the fact that New York’s Stop Hacks and Improve Electronic Data Security Act entered into force March 21. What does this mean for your business? The key changes of the SHIELD Act include expanding the definitions of “private information,” what constitutes a “breach,” and requiring businesses that own or license New York residents’ private information to implement and maintain security safeguards. Read more.

According to Hunton Andrews Kurth’s Privacy & Information Security Law Blog, New York’s Stop Hacks and Improve Electronic Data Security Act, better known as the SHIELD Act, is a two-part data security-focused bill impacting all businesses that handle information belonging to New York state residents. The SHIELD Act took force on March 21, 2020. The law calls on covered organizations to implement a data security program with appropriate administrative, technical and physical safeguards for the personal information of New York residents. Companies found to be violating the SHIELD Act may be subject to a $5,000 fine for each violation. Full Story