EU Releases Guidance About the Requirements for Obtaining Valid Consent Under GDPR

Last month, companies working toward compliance with the European Union’s General Data Protection Regulation (GDPR) received guidance about the new law’s consent requirement. The Article 29 Working Party, the advisory body that oversees data protection in the EU, issued a paper that provides practical advice about steps companies must take to ensure the consents for data processing they obtain from consumers are valid under the GDPR. The GDPR provides that for consent to be valid, it must be freely given, specific to the stated purpose for the processing, informed, and based on a clear, affirmative indication given by the data subject. The document provides advice about how regulators interpret…

READ MORE

Uber Breach Highlights Data Security Risks that Exist for All Companies and the Steps Needed To Address Them

In November, Uber disclosed a security breach that occurred in October 2016, when hackers stole from a third-party server data about 57 million Uber drivers and riders. The company also revealed that they took affirmative steps to keep the data breach secret. The New York Attorney General’s office is opening an investigation of the incident, and members of Congress have sent letters to Uber demanding additional details about the breach. This case highlights the importance of having in place appropriate data security, and a plan to respond to security breaches –  to any company. Data security is critical to a company’s brand, reputation and market trust. A company’s…

READ MORE

Australia Joins Asia Pacific Data Privacy Compliance System

Australia’s plan to participate in the APEC Cross Border Privacy Rules System signals growing importance of accountability-based data practices Companies planning to expand their market into the Asia Pacific region should pay close attention to Australia’s recent announcement that it intends to participate in the APEC Cross-Border Privacy Rules (CBPR) system. It signals that accountability and effective data governance now form the basis for lawful data use and transfer across the globe and should serve as the backbone of all companies’ information governance practices. The APEC CBPR system was developed by participating Asia Pacific Economic Cooperation countries (referred to in this context as “economies”) and designed to build consumer, business and regulator trust…

READ MORE

The Five Essential Elements of Accountability Under the GDPR Every Business Should Know

The General Data Protection Regulation (GDPR), which comes into effect in May 2018 (only six months from now) has been the subject of countless conference discussions, press stories, and company meetings about the challenges of compliance. The GDPR is a lengthy and complex read, and its requirements – ranging from detailed consent requirements to the need to conduct data protection impact assessments – can seem daunting. What is often lost in the concern about specifics is that the most important change the GDPR represents is the shift in thinking it requires. The GDPR provides that companies change their mindset from one of “check-box” compliance to accountability. It requires…

READ MORE