On March 12, 2019, the Department of Justice (“DOJ”) announced revisions of the Corporate Enforcement Policy in the Foreign Corrupt Practices Act. The changes now require company oversight of ephemeral messaging apps used by any employee, stock holder, or agent who discusses business records via the messaging platform. Publicly traded companies must now establish internal compliance policies to review use of ephemeral messaging services, provide ongoing oversight of the messaging services, and may want to completely prohibit the use of such messaging apps for business purposes.
Every day, thousands of gigabytes of data flow around the world. Transfers between consumers and producers make up a large portion of that data. There has been talk recently of the commercialization of said data, such as Facebook and Google selling their users’ data to third parties. These third parties are more than willing to pay large sums for this information, as it provides actionable data on consumer trends, such as their likes and dislikes. This data can be used by companies to shift their marketing strategies to capture a greater market share. For the e-commerce retailer, whether large or small, this data can be valuable as a resource and a commodity. As such, knowing what you can and can not do with the data is important. Here, we will be discussing Data Management risks when it comes to the collection of consumer data.
In the last month, multiple large-scale data breaches were reported by various entities, with 3 breaches reported in the past week alone. Unfortunately, even the most well-known entities do not stand a chance against increasing technological abilities of bad actors. Since the Equifax breach in early September, Whole Foods, Sonic, Deloitte and the Securities Exchange Commission, among others, had similar large-scale breaches affecting consumers across the country.
Illinois’ Personal Information Protection Act (“PIPA”) became effective on January 1, 2017. Illinois is just one of many states that recently strengthened their data breach notification systems and created data security laws to enhance protection of personal information. Like other state provisions, Illinois created stronger safeguards for personal information transmitted electronically. This act requires that all personal information provided electronically must be encrypted or redacted. The amendments to PIPA (1) broadened the statute’s definition of personal information; (2) clarified the safe harbor for encryption; (3) addressed required notification to residents after a breach; and (4) established limited exemptions.
Amanda Bogle Executive Editor Loyola University Chicago School of Law, JD 2017 When a data breach occurs in an organization, determining whether there is a duty to notify can get complicated quickly. In investigating a breach, the specific facts of the incident become extremely important, as not every breach will require notification. The residency …