The California Consumer Privacy Act (“CCPA”), which goes into effect January 1, 2020, is the most significant data privacy legislation in the United States. It will impose onerous transparency and individual rights requirements on most companies that collect, sell, or disclose the “personal information” of California consumers. And, it provides for hefty regulatory fines and a private right of action (which means private parties, and not just the California Attorney General, can bring a lawsuit based on CCPA violations). This article covers some of the key compliance obligations for businesses that will be subject to the CCPA.
As the rock band “Europe” might say: it’s the final countdown to EU’s General Data Protection Regulation (GDPR). At least that’s how I’ve been singing their song. The GDPR is the biggest change in data privacy law in more than 20 years, and businesses around the world have been gearing up for it since it was published in May of 2016. We’re now only about 200 days away from the GDPR being enforced on May 25, 2018, and many businesses in the US that will need to comply with it still have their work cut out for them (the GDPR is over 200 pages long!).
Perhaps the easiest way for a business to find itself on a collision course with the Federal Trade Commission (FTC) is to make deceptive claims about its privacy and cybersecurity practices. Earlier this month, Uber agreed to a settlement with the FTC for doing just that.
Businesses that adhere to sound privacy principles are not only more likely to stay off the FTC’s radar, but will also be making a sound business decision. While consumer data can be valuable to your business, it is also valued by consumers. And, with today’s constant news of privacy mishaps, privacy has become a competitive differentiator upon which businesses can easily capitalize.
Earlier this month, the United States Supreme Court agreed to review whether people have a reasonable expectation of privacy in their cell phone location data that is shared with cell phone service providers. While the case, Carpenter v. United States, is a criminal case, its outcome could have a significant impact on broader privacy issues.
Over the weekend a massive ransomware cyberattack hit over 200,000 victims in more than 150 countries. As I’ve said before, I believe that the frequency of these attacks will increase, and the ransom demands will grow. Given that many experts believe that the scope of this latest attack may continue to spread on Monday as people return to work, here are some basic tips.
Star Wars is in many ways a story about a data breach of the Empire’s plans for its most valuable IP- the Death Star plans, and the Empire’s poor response to the breach. On this Star Wars Day (May the Fourth), let’s look at some of the cybersecurity lessons learned.
Last week President Trump signed a Congressional resolution that overturned internet privacy rules promulgated by the Federal Communications Commission (FCC) during the Obama administration in 2016. The rules would have made it more difficult for broadband internet service providers (ISPs) to track, use, and sell information about its customers’ online activities. This article will cover what happened, what it means, and what may happen next.
Think there’s no hacking in baseball? Just like Tom Hanks’s character in A League of Their Own was wrong about there being “no crying in baseball”, it would be wrong to believe there is no hacking in baseball. Baseball’s opening day is just around the corner. While this offseason included the usual free agent signings (thank you, New York Mets for re-signing Yoenis Cespedes), trades, and contract extensions, it also included news about what may have been the first known case of computer hacking in baseball: the St. Louis Cardinals’ former Director of Baseball Development hacked the Houston Astros. In this article, I’ll cover some of the cybersecurity lessons that all organizations, Major League Baseball or otherwise, can learn from what happened.