Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
In May, the California Privacy Protection Agency (CPPA or Agency) released the first draft of its much-anticipated proposed California Privacy Rights Act of 2020 (CPRA) Regulations (Regs), as well as the Agency’s Initial Statement of Reasons. Although useful for the purpose of indicating what the Agency’s priorities may be, the draft Regs are far from complete. Of note, the Regs purposely omit provisions on key topics, including automated decision-making and profiling, cybersecurity audits, and risk assessments; consequently, companies should expect the Regs to expand far beyond their current 66-page length.
*May exclude premium content
By Rita W. Garry
While the ADPPA represents compromises between Democratic and Republican leadership of the U.S. Senate and House of Representatives, particularly around the thorny issues of state law preemption and private rights of action, there are other legislative and big tech industry players pushing their own agendas for comprehensive national data privacy and security frameworks.
By John Beardwood and Shan Arora
Part One In a Series
This article, which reviews the Canadian Consumer Privacy Protection Act, first seeks to identify the delta between the Act and PIPEDA in order to allow privacy officers of organizations that are already PIPEDA compliant to identify the net new compliance requirements under the Act and second, to highlight the provisions of the Act which, if breached, could lead to the imposition of significant fines.
By Angela Matney
In light of the evolving legal and regulatory landscape, app developers and their counsel should examine developers’ privacy and security practices and take steps to safeguard sensitive data related to reproductive health.
By Rich Hale
Unstructured data comprises 80% of total data volume for legal organizations, which means that on average, only one-fifth of the entirety of the data set is properly secured and actively managed. Although some believe that ignoring unstructured data establishes plausible deniability that relinquishes them from culpability when a breach occurs, it’s an untenable position from both a regulatory and brand reputational perspective.