Tag:

data privacy

Working From Home and Its Data Security Implications

Remote work was something once looked at as a gift, a day to work at home in your sweatpants on your couch. But now, some are stuck working from home until further notice or maybe even until they retire. This new method of work has made it much harder for businesses to keep the information of their workers and customers safe despite additional avenues of technology being used to work from home. An average employee may never think about the challenges associated with data security, but it is important to shed some light on this subject so that more people understand its importance. It is also important to understand why the lack of data security laws in the US could be so detrimental to any company doing work here. Company and consumer information is more vulnerable than ever with people working from home all over the country and without comprehensive data security regulations in the US, there is no end in sight.

Compliance Spotlight: William Hanning, CISSP, CISO

William Hanning is a Chief Information Security Officer with Groups360 and close to twenty years of Information Security experience. Mr. Hanning has built and managed security programs in multiple industries in organizations of varying sizes, as well as within Fortune 100 companies. Here, he gives insight about the separation between data privacy and cybersecurity, the role of information security teams, and how cybersecurity relates to and supports the work of legal and compliance departments.

Should The US Implement More Federal Data Privacy Laws

While the United States does have some federal data privacy regulations in place, the most comprehensive regulations exist at the state level with a degree of variation of protection from state to state. Recently, more conversations are being had about whether the United States should implement more federal data privacy laws. Proponents say they would likely use something equivalent to the European Union’s General Data Protection Regulation (GDPR), which focuses on regulating consumer data privacy and protecting consumers from data breaches. This is especially significant because states are taking matters into their own hands by passing state data privacy regulations that all vary slightly, which could become confusing for companies trying to be compliant with more than one.

Security Awareness — Not Just an IT and Compliance Responsibility

Since the start of 2021, cyber-attacks have dominated headlines across every industry. From governments and government organizations, healthcare companies, and banks, to gaming companies and oil pipelines, ransomware has impacted organizations of all types and sizes. The scale and scope of these attacks have continued to grow and have far reaching consequences. Despite current agency attempts to strengthen cybersecurity through regulation, individual users continue to pose a serious threat due to insufficient security education.  

US Data Privacy Laws: Past, Present and Future

Despite the technology and data collection sectors rapidly growing over the past few decades, laws protecting consumers in these spaces have barely expanded, if at all. The first, and only, comprehensive federal data privacy regulation was passed in 1974, roughly ten years before the first Mac computer was invented. Since then, we’ve seen a few more federal laws put in place to protect consumer data and even some states take actions into their own hands, but we have yet to see another comprehensive law from the federal government. This begs the question, will the federal government finally enact new data privacy laws for the country as a whole to adhere to, or will they continue to let states take the reins forcing companies to comply with multiple laws at once?

2022: The Year of US Data Privacy Laws?

When you think of the most valuable commodity in the world today, you might automatically think of money, however, personal data has now become one of the most valuable forms of currency today. The vast amounts of personal data available have made it increasingly valuable to companies who know how to use it to their advantage. The means of receiving this data are sometimes questionable, and up until recently, often unregulated, leading to companies using unethical methods to get their hands on this valuable data. The US is starting to follow the rest of the world and develop extensive data privacy laws that cover more than just medical information to ensure that consumers are protected, but there’s still lots of disagreements surrounding how and what should be protected in the US.

2022: U.S. Privacy Chaos, Continued?

Conversation surrounding the hodgepodge of state data privacy legislation in the U.S. has long been a subject of frustration within the U.S. and abroad. 2021 saw a drastic uptick in awareness and a need for meaningful comprehensive consumer privacy laws. With both data privacy and cybersecurity repeatedly making front page news over the last year, and even becoming high priority within the Biden Administration, it has become one of the few issues on which people across the political spectrum can agree. But will 2022 be the year that comprehensive federal privacy legislation becomes a reality? Don’t count on it.

President Biden’s COVID-19 Data-Driven Executive Order to Promote Health Equity

President Joe Biden has issued a number of Executive Orders, many of which address the ongoing COVID-19 public health emergency. On January 21, 2021, President Biden released another pillar of his Administration’s long-term plan to direct the United States out of the throes of the pandemic. The twelfth Executive Order titled, “Ensuring a Data-Driven Response to COVID-19 and Future High-Consequence Public Health Threats” orders the Department of Health and Human Services (“HHS”) Secretary Alex Azar to conduct a nationwide review of the interoperability of public health data systems in an effort to enhance the collection, sharing, analysis, and collaboration of de-identified patient data.

Relax, After GDPR’s Schrems II, Some Companies Transferring Personal Data from the EU to the US May Actually Have Less Challenges Than You Thought

On December 12, 2020, the European Commission (the “EC”) issued a highly anticipated draft of newly revised standard contractual clauses (“new SCCs”) that may be used by European Union-based companies to safeguard data transfers of personal data to third countries, such as the US, in compliance with GDPR Art. 46(1). The release comes at a decidedly inopportune time as it follows on the heels of the Court of Justice of the European Union’s (CJEU) Data Protection Commissioner v. Facebook Ireland Limited and Maximillian Schrems (“Schrems II”) decision which casts serious doubt on the adequacy of SCCs alone to safeguard against the “high-risks” involved in EU to US data transfers. And for many data protection experts, the language of the revised SCCs only adds to the confusion, raising even more questions. But one question in particular seems to be prominent among others—for transfers to importers, directly subject to GDPR, are SCCs really necessary?

Complex Data, Creating Complex Risks for Sports Entities

Advanced data driven infrastructure is now essential for sports entities to remain competitive, yet few structures are in place to manage the risks inherent in the collection of this sometimes, highly personal information. Data is utilized for virtually every aspect involved in the game, including; to enhance player performance, improve player health, deepen fan engagement, and increase betting predictions. These developments do not come about without risks to the rights of those who the data is extracted from.