Rather than trying to institute changes to comply with every new privacy law as it emerges, a better approach is to view data privacy as an overall framework and adopt a holistic response to compliance with the built-in flexibility to constantly adapt to an ever-changing legal landscape.
Although no company was hit with the maximum GDPR fine of 4% of the company's worldwide annual revenue, GDPR fines issued in 2019 were still a force to be reckoned with.
Part Two of a Two-Part Article
All companies face cybersecurity threats, but the legalized cannabis industry's storage of personally identifiable information and reliance on seed-to-sale tracking software can place it firmly within hackers' crosshairs.
The BIPA compliance lag has led companies using or collecting biometric information to consider how far back their liability may extend. The Illinois General Assembly, however, did not include an explicit statute of limitations period in BIPA. As a result, the statute of limitations has become one of BIPA's primary battlegrounds as litigants argue about potential class sizes and damages awards.
Part Two of a Two-Part Article Part One of this article, last issue, covered how the CCPA applies to businesses — both in and outside California, the revenue threshold, proposed amendments and other open issues. Part Two continues with the rights that CCPA grants to Californians, the CCPA's impact on company privacy policies, how other states' privacy laws compare to the CCPA, exceptions and penalties for violating the Act.
General counsel who navigate the mishmash of state privacy laws may relate to a new study showing that individual U.S. states' privacy statutes are spread across a broad spectrum.
Part One of a Two-Part Article The California Consumer Privacy Act (CCPA) is a comprehensive new consumer protection law set to take effect on Jan. 1, 2020. In the wake of the CCPA's passage, approximately 15 other states introduced their own CCPA-like privacy legislation, and similar proposals are being considered at the federal level. Part One of this article covers how the CCPA applies to businesses — both in and outside California, the revenue threshold, proposed amendments and other open issues.
Part One of a Two-Part Article Responses to questions businesses frequently ask about the impacts of the CCPA. Implementation challenges inevitably will arise as a company works to apply these new requirements to its business practices. The time is now to start preparing for the CCPA, as well as for other new U.S. privacy laws that are likely to follow.
Including a managed document review vendor in your incident response plan is critical.
