The entertainment industry is intensely focused on data collection and analytics as it seeks to maximize the exploitation of digital content. Just as those of us in the privacy field had begun to have a slight breather as much of the heavy lifting on the GDPR was finally behind us, lawmakers in California have passed the California Consumer Privacy Act of 2018 (CCPA).
Ostensibly, GDPR's mission is to strengthen and unify the EU's protection of online privacy rights and promote data protection for citizens of the 28 countries currently in the EU. In the global economy, however, GDPR serves as an alarm to all countries with business flowing across Europe and well beyond. Where business flows, data follow.
Colorado recently adopted a new law expanding companies' obligations in the event of a cybersecurity incident, and establishing new data security and disposal obligations. Recent announcements by the SEC likewise emphasize important responsive points for both companies and their personnel in the wake of an incident. Five key takeaways from these developments are highlighted in this article.
Emerging technologies and regulations have the power to create, shape or kill businesses. For the entertainment industry, the European Union's (EU) General Data Protection Regulation (GDPR) and blockchain technology each embody forces that have the potential for profound impact. Taken in tandem, the GDPR and blockchain highlight the possibilities and pitfalls of disruption and the importance of cross-organizational collaboration in compliance and innovation initiatives.
In a nutshell, GDPR mandates that individuals have access and control over the use and maintenance of their data in certain circumstances, while the foundation of blockchain relies on the immutability of data. On the surface, these concepts seem in direct conflict with each other. This article discusses the points where GDPR and blockchain share common ground, where conflicts may exist and possible approaches for mitigating those conflicts.
At both a personal and corporate level, there are huge gains to be made in protecting against data breaches. The fact is that well-implemented client-side encryption — where the corporate user keeps their own key rather than entrusting a third party to guard their sensitive information — is the only sure way to guarantee data privacy when storing data on other people's servers.
Part Two of a Two-Part Article
In Part One of this article last month, we began a discussion designed to demystify the hesitations behind cloud security and analyzed the fast-growing transformation to a range of newer technical approaches with important consequences for legal practice. This month we continue the discussion by tackling the security and legal implications of the mass transformation of enterprise IT to cloud services from leading providers such as AWS and Azure.
As rapid technological changes in the 21st century continue to expand the types and volume of private electronic information, the Fourth Amendment's privacy protections are evolving. The critical question in Fourth Amendment cases is whether a person has a “reasonable expectation of privacy in the information or event.”
Building an Intelligence-Led Program
With reports of major breaches surfacing with alarming frequency, boards and C-Level management are now looking to counsel to implement programs that help the corporation prepare for, quickly recover and reduce fallout from, inevitable cyber incidents. In-house counsel is facing growing responsibility to minimize damage to the corporate reputation, loss of key data, and legal and regulatory penalties. And many worry their organization is stuck in a game of catch-up.
If the U.S. cannot come to an understanding with the European Parliament by September 1, companies that already participate in Privacy Shield may find themselves in limbo. But there are options.
