Privacy Guidelines

New Privacy Guidance From NIST and ISO

National Institute of Standards and Technology, ISO Release Privacy Guidance Companies seeking guidance about how to understand privacy risks and to implement measures to address them should be aware of two new resources – The National Institute of Standards and Technology’s (“NIST”) draft Privacy Framework and the International Organization for Standardization’s (“ISO”) International Standard for privacy information management. These tools are designed to work alongside existing guidelines for cybersecurity and the requirements of emerging law such as the General Data Protection Regulation and the California Consumer Privacy Act. The NIST Privacy Framework   In September, NIST, an agency of the U.S. Department of Commerce, released a preliminary draft of…

READ MORE

U.S. Senate Commerce Committee To Hold Hearings on Privacy February 27, 2019

On February 27, 2019, the U.S. Senate Committee on Commerce, Science and Transportation will convene a hearing titled “Privacy Principles for a Federal Data Privacy Framework in the United States.” Committee members will focus on potential Congressional action to “address risks to consumers and implement data privacy protections for all Americans.” Committee Chairman Sen. Roger Wicker of Mississippi described the hearing as an opportunity to “help set the stage for meaningful bipartisan legislation.” The hearing comes in the midst of calls from policymakers, advocates and industry for law that would protect individuals, foster trust, and promote innovation. Several lawmakers introduced legislation in the last Congress, and bills are expected…

READ MORE

French Data Protection Authorities Fine Google Nearly $57 Million for Violations of the General Data Protection Regulation’s Notice and Consent Requirements

French regulators have fined Google nearly $57 million for violations of the General Data Protection Regulation (GDPR). This fine was the first major penalty levied against a large U.S. technology company since the regulation took effect in May 2018. France’s data protection authority, known as the CNIL, said that Google failed to fully disclose to users how their personal information is collected and what happens to it. Significantly, regulators said that Google also did not properly obtain users’ consent to use the data to serve them personalized advertisements. The CNIL said in a statement that the violations “deprive the users of essentially guarantees regarding processing operations that can…

READ MORE

Singapore Joins the Accountability-based APEC System

While companies work to comply with the General Data Protection Regulation (GDPR), the European law that takes effect on May 25, it is important to remember that countries in other parts of the world also are adopting new approaches to information privacy protection. Companies that plan to do business in new markets should take note of these and understand that the steps they take to comply with the GDPR – particularly with respect to accountability – can lay the groundwork for compliance in other regions. On March 6, 2018, Singapore’s Ministry of Communications and Information announced that Singapore has joined the APEC Cross-border Privacy Rules (CBPR). The APEC CBPR system…

READ MORE

New Guidance about Transparency: Notices Must Be Accurate, Clear and Easy To Locate

Important guidance about the General Data Protection Regulation’s (GDPR) transparency requirements has been released from Europe. The Article 29 Working Party, an advisory body that oversees data protection in the EU, issued a paper that provides practical guidance and clarity about the obligations of data controllers with respect to informing individuals about the collection, use and protection of their data. The GDPR requires that notices must: be concise, transparent, intelligible and easily accessible (Article 12.1); use clear and plain language (Article 12.1); the requirement for clear and plain language is of particular importance when providing information to children (Article 12.1); be provided in writing “or by other means, including where…

READ MORE