You’ve Heard About the GDPR, but What About the CCPA?
On June 28, 2018 California took a page out of the European Union’s (EU) book and signed the California Consumer Privacy Act (CCPA) into law. The CCPA is a landmark privacy bill that will come into effect on January 1st, 2020 and it is being closely compared to the General Data Protection Act (GDPR).
What does this mean for California businesses and residents? In short, more privacy and more control over data. Key aspects include allowing consumers to request what data an organization has collected about them, allowing consumers the right to fully erase data, protecting children’s data, and making verification processes more stringent for businesses.
Facial Recognition Technology: How Much Can State Law Protect Users?
Sei Unno Associate Editor Loyola University Chicago School of Law, JD 2019 Facial recognition has become mainstream, whether the laws are ready or not. Video games are using facial recognition to check the ages of their users and cars are being equipped with technology to identify drivers who are fatigued or distracted. In the U.S., states …
GDPR, Data, & Blockchain: The New Wonders of the Digital World
In a world where our reliance on technology and the cloud is increasing exponentially, data security’s growth has stagnated. The European Union (EU) passed the General Data Protection Regulation (GDPR) in hopes of ensuring that consumer data is protected and not harbored by businesses. The effects of the GDPR, however, have passed the borders of the European Union. In a world where our actions extend internationally with just the click of a button, the GDPR’s impact circles the globe as well. The GDPR has pushed for a shift in data privacy and regulation for companies within and outside of the EU as it holds to protect European citizens, no matter where they are in the world. This international reach has not only created forces to drive U.S. companies to comply, but states within the U.S. are now creating GDPR-inspired laws to protect their own citizens. The GDPR has started a trend that will soon become the norm and finally push compliance to keep up with the exponential growth of technology.
GDPR and HIPAA: Next Steps in the U.S. Healthcare Industry
The EU General Data Protection Regulation (“GDPR”) is now in effect as of May 25, 2018, and has been a prominent topic of international debate across multiple sectors as companies look to adjust to new stringent regulations in data management. With a wide scope (the GDPR now applies to all organizations possessing personal data of individuals based in the EU) and steep penalties for companies that fail to comply, companies across the globe are spending millions of dollars in preparation.
Enforcing Foreign Compliance with U.S. Regulations
Compliance standards in the United States come from the laws and policies enacted by the government and its related agencies. Administering U.S. standards on foreign institutions, public or private, poses a unique challenge. Our public and private companies are held accountable by federal, state, local, or agency rules, as well as the guidelines providedby the United States Sentencing Commission. But foreign organizations, in theory, have no real obligation to follow our lead. There have been several notable attempts in recent years to enact legislation on foreign organizations and impose sanctions for noncompliance, and it is likely a continuing trend as the compliance industry grows.
Handling a Data Breach: Equifax v Google
Google answered Amazon’s Echo Dot by recently launching their own pint-sized smart speaker, the Google Home Mini. Recently, Google was forced to disable one of the features on the Home Mini after it was discovered that a technical glitch led to near 24/7 audio recording. Google responded quickly and appropriately, investigating the cause and quickly releasing an update to disable the hardware responsible for the glitch. The Equifax hack – a breach of personal data including social security numbers, driver’s license information, and other credit details – exposed nearly half the country and waited months to respond. Upcoming European legislation that can significantly impact American companies with European Union clients may be part of the reason for their drastically different responses.
Brexit & Privacy Compliance
Ryan Meade Editor-in-Chief Director of Regulatory Compliance Studies at Loyola University Chicago School of Law Now that the UK referendum has expressed the voters’ preference to leave the European Union, there are some fascinating questions regarding how compliance programs deal with the unwinding. There is still considerable time to wrestle with these matters since both major …