Federal Trade Commission Announces Settlements in Privacy Shield Enforcement Actions

The Federal Trade Commission sent an important message to companies participating in the EU-U.S. Privacy Shield when earlier this year, the agency announced that settlements had been finalized with five companies regarding separate allegations that they had falsely claimed certification under the framework. The EU-U.S. and Swiss-U.S. Privacy Shield frameworks make it possible for companies to transfer personal data lawfully from the EU and Switzerland, respectively, to the U.S. (In compliance with the EU – GDPR – General Data Protection Regulation). The FTC announcement can be found here. In individual actions the FTC had alleged that: DCR Workforce, Inc., Thru, Inc., LotaData, Inc., and 214 Technologies, Inc., each…

READ MORE

Be Prepared: New Tech Enables Floods of Subject Access Requests

In January 2020, a new data privacy startup, Mine, made headlines when it received $3 million in seed funds. Mine is an inevitable product of new data privacy laws that have been passed in Europe and California. The start-up based in Tel Aviv helps users identify all the companies that hold their personal data. It then allows users to submit automated subject access requests and subject erasure requests. They advertise as a service providing tools for consumers to “reclaim your data.”  Users of this service have already sent out thousands of requests emphasizing how easy it is to generate hundreds of requests. Achieved is already handling Mine requests on…

READ MORE

Issues Remain to Be Resolved as Congress Considers Comprehensive Privacy Protections in 2020

As 2020 begins, Congress continues on a path toward providing consumers with greater protections for their data, lawmakers have exhibited a rare willingness to work toward consensus on the issue. Bills introduced by members of Congress in 2019 often shared more in common than not. But a hearing (https://www.commerce.senate.gov/2019/12/examining-legislative-proposals-to-protect-consumer-data-privacy) held late in the year by the Senate Committee on Commerce, Science and Transportation revealed differences that remain to be resolved before any bill will pass. The Committee brought together a diverse panel of five witnesses that included former FTC Commissioners, Vice Presidents of major technology companies and a representative of a civil liberties organization. The panelists largely agreed…

READ MORE

Data Protection Conference in Tirana Forecasts an International Focus in 2020 on Converging Privacy Laws and Accountability

Last fall, the International Data Protection and Privacy Commissioners’ Conference convened in Tirana, Albania. Achieved Compliance once again participated in this annual meeting, which brings together regulators, experts, advocates and practitioners from around the globe. By attending this meeting, Achieved Compliance benefits from the opportunity to understand what concerns data protection authorities and on what issues they will focus their attention over the coming year. The theme of this year’s meeting was Convergence and Connectivity:  Raising Global Data Protection Standards in the Digital Age. The conference posed the questions – How are laws converging, and what factors are driving convergence? What are the challenges in building more convergence…

READ MORE

Achieved Chats: What the Heck is a GDPR Data Map?

What the heck is a GDPR data map? Where do I begin with processing records? Don’t worry. We’ve got answers! Achieved Compliance’s President Melise Blakeslee will demonstrate what they are, show you how to use them, cover how to properly maintain and document your processing activities, and explain why both are essential to your data compliance under all privacy regimes.

READ MORE

PrivacyMinder® Demonstration: Efficiently Comply with Both GDPR & CCPA

California Consumer Privacy Act (CCPA) compliance starts now! CCPA requires companies to be ready to respond to consumer requests for data processing disclosure dating January 1, 2020, but the law’s 12-month look-back provision means you need to be ready today. Join Achieved Compliance’s President Melise Blakeslee as she walks you through how our PrivacyMinder® software platform can get you fully compliant with both GDPR and CCPA in just days with minimal internal disruption. Our compliance management platform can help you put in place the requirements for compliance with relevant laws, including those here in the US and in the EU. PrivacyMinder® helps you conduct data analysis on your own,…

READ MORE

Achieved Chats: Takeaways: 40th International Conference of Data Protection and Privacy Commissioners

Achieved Compliance hosted the third installment in our series of “Achieved Chats” informal webinars on Tuesday, November 13, 2018. We discussed important takeaways from the 40th International Conference of Data Protection and Privacy Commissioners held recently in Brussels and touched on some of the ethical issues surrounding artificial intelligence.

READ MORE

GDPR Compliance: Special Challenges for Small and Medium-Sized Organizations

The EU’s General Data Protection Regulations (GDPR) came into effect on May 25, and companies collecting and maintaining even limited data about residents of the EU must comply. A U.S.-based company conducting only 5 percent of its business with European customers is still obligated to follow GDPR rules. But GDPR requirements are challenging to meet, and because smaller companies may have limited resources they risk falling short of requirements and facing the law’s serious sanctions of up to 4% of global revenue. But there are steps small and medium-sized enterprises can take to comply and limit their exposure to regulatory sanctions. What’s the Challenge for Small and Medium-sized…

READ MORE

Achieved Chats: You’ve Been Appointed to Lead GDPR Compliance. Now What?

Achieved Compliance’s second installment in our “Achieved Chats” series took place on Wednesday, May 9, 2018, where President Melise Blakeslee and Senior Director of Global Privacy Policy Paula Bruening discussed what companies of all sizes need to know as the May 25 compliance deadline for the General Data Protection Regulation approaches, and demonstrated Achieved Compliance’s PrivacyMinder software platform.

READ MORE