Tag:data privacy
2022: U.S. Privacy Chaos, Continued?
Conversation surrounding the hodgepodge of state data privacy legislation in the U.S. has long been a subject of frustration within the U.S. and abroad. 2021 saw a drastic uptick in awareness and a need for meaningful comprehensive consumer privacy laws. With both data privacy and cybersecurity repeatedly making front page news over the last year, and even becoming high priority within the Biden Administration, it has become one of the few issues on which people across the political spectrum can agree. But will 2022 be the year that comprehensive federal privacy legislation becomes a reality? Don’t count on it.
2022: The Year of US Data Privacy Laws?
When you think of the most valuable commodity in the world today, you might automatically think of money, however, personal data has now become one of the most valuable forms of currency today. The vast amounts of personal data available have made it increasingly valuable to companies who know how to use it to their advantage. The means of receiving this data are sometimes questionable, and up until recently, often unregulated, leading to companies using unethical methods to get their hands on this valuable data. The US is starting to follow the rest of the world and develop extensive data privacy laws that cover more than just medical information to ensure that consumers are protected, but there’s still lots of disagreements surrounding how and what should be protected in the US.
Compliance Spotlight: William Hanning, CISSP, CISO
William Hanning is a Chief Information Security Officer with Groups360 and close to twenty years of Information Security experience. Mr. Hanning has built and managed security programs in multiple industries in organizations of varying sizes, as well as within Fortune 100 companies. Here, he gives insight about the separation between data privacy and cybersecurity, the role of information security teams, and how cybersecurity relates to and supports the work of legal and compliance departments.
Working From Home and Its Data Security Implications
Remote work was something once looked at as a gift, a day to work at home in your sweatpants on your couch. But now, some are stuck working from home until further notice or maybe even until they retire. This new method of work has made it much harder for businesses to keep the information of their workers and customers safe despite additional avenues of technology being used to work from home. An average employee may never think about the challenges associated with data security, but it is important to shed some light on this subject so that more people understand its importance. It is also important to understand why the lack of data security laws in the US could be so detrimental to any company doing work here. Company and consumer information is more vulnerable than ever with people working from home all over the country and without comprehensive data security regulations in the US, there is no end in sight.
Should The US Implement More Federal Data Privacy Laws
While the United States does have some federal data privacy regulations in place, the most comprehensive regulations exist at the state level with a degree of variation of protection from state to state. Recently, more conversations are being had about whether the United States should implement more federal data privacy laws. Proponents say they would likely use something equivalent to the European Union’s General Data Protection Regulation (GDPR), which focuses on regulating consumer data privacy and protecting consumers from data breaches. This is especially significant because states are taking matters into their own hands by passing state data privacy regulations that all vary slightly, which could become confusing for companies trying to be compliant with more than one.
Security Awareness — Not Just an IT and Compliance Responsibility
Since the start of 2021, cyber-attacks have dominated headlines across every industry. From governments and government organizations, healthcare companies, and banks, to gaming companies and oil pipelines, ransomware has impacted organizations of all types and sizes. The scale and scope of these attacks have continued to grow and have far reaching consequences. Despite current agency attempts to strengthen cybersecurity through regulation, individual users continue to pose a serious threat due to insufficient security education.
It’s Not Too Early to Start Worrying About Discriminatory Algorithms in Your Code: A Practical Approach to Self-Regulation
There’s no doubt that remote work, brought on by the coronavirus pandemic, will accelerate the digital revolution already underway. Consumers’ growing appetite to conduct their business online, rather than in-person, has fueled the proliferation of digitally accessible products and services. For instance, movie theaters have closed their doors while content streaming services have experienced exponential growth. And while the restaurant industry, as a whole, has suffered, ‘virtual’ kitchens and grocery delivery apps have picked up steam. A critical question that arises from these trends is “what can be done to eliminate biases in the algorithms that drive these digital transactions?”
The Supreme Court Revisits Article III Standing in TransUnion v. Ramirez
In 1993, and on the heels of the landmark Article III standing case of Lujan v. Defenders of Wildlife, John G. Roberts, Jr. wrote a law review article entitled: “Article III Limits on Statutory Standing.” Twenty-eight years later and now the Chief Justice, Roberts again found himself wrestling over the bounds of the Article III Standing requirement as he presided over this issue in the class action context. Years after the Court decided Spokeo v. Robins in 2016 and Clapper v. Amnesty International in 2013, the Court revisited the matter and listened to oral arguments on March 30, 2021, in TransUnion v. Ramirez. The decision may have enormous consequences. While Acting U.S. Solicitor General Elizabeth Prelogar filed a “friend of the court” brief agreeing that standing exists, other briefs supporting TransUnion suggest that meritless class action lawsuits against corporate defendants from class members that aren’t injured will exponentially increase.
Federal Bill May Soon Make Privacy Regulation Patchwork a Thing of the Past
Lydia Bayley Associate Editor Loyola University Chicago School of Law, JD 2022 While the COVID-19 pandemic undeniably pushed many legislative agendas to the backburner, some seem to be heating back up. With the 117th Congress now in session, data privacy is once again moving to the forefront of federal legislative debate. For decades, the United States has …
Read more
A Practical Approach to Post-Schrems II Remediation of Cross-Border Data Transfers to the U.S. and Other “High Risk” Third Countries
On July 16, 2020, the Court of Justice of the European Union (“CJEU”) issued its deafening decision that summarily and immediately invalidated the EU-US Privacy Shield. The regulatory program established between the European Council and the U.S. Dept. of Commerce allowed for the transfer of personal data of EU residents to be sent from the EU to the US without violating the data transfer restrictions of the General Data Protection Regulation (“GDPR”). The decision went on to cast serious doubt on the sufficiency of standard contractual clauses to adequately protect data transferred to any third country, not just the US. Several months later, data exporters in the EU are still sorting through the wreckage of their privacy programs and waiting for practical advice on the way forward.