Showing 17 posts in Data Privacy.
2021 may be the year that privacy legislation explodes across the US. Already, several states including New York, Virginia, and Washington have introduced some form of privacy legislation (many are re-introducing bills that did not pass in 2020).
Many businesses devoted substantial resources to privacy compliance in 2020, thanks to the California Consumer Privacy Act (CCPA). They will be rewarded for that effort: during the fall election, Californians approved a ballot initiative that will strengthen the CCPA, dedicate billions of state dollars to privacy enforcement, and create a new enforcement agency for personal privacy rights.
News emerged this week that the Irish data authority will order Facebook to stop use in the US of data and information about Irish residents. This development is part of a long-running saga between the EU and the US about what constitutes “adequate” protection of personal data about European individuals. If your company has employees, customers, or suppliers in Europe and relies on contracts, government certification, or other formal mechanisms to allow you to use data about those individuals on systems located in the US, the Facebook news and related issues may be relevant.
The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning regarding a new “voice phishing” scam arising from the massive shift to teleworking during the pandemic. Under the new scheme, threat actors posing as the company IT department call workers and request usernames and passwords for the company’s systems in order to log into a new VPN link. The “bad guys” then have access to the company’s existing VPN and log in as if they are legitimate employees.
The Covid -19 pandemic has brought into focus issues relating to workplace health and safety and their interplay with employee privacy. An employer is required to maintain a safe workplace pursuant to the Occupational Safety and Health Act (“OSH Act”).
The temperature is rising in the data breach arena. Clearview AI, which produces facial recognition technology widely used by law enforcement, suffered a massive data breach last month.
The California Attorney General, complying with the terms of the California Consumer Privacy Act (“CCPA”), has released a new draft version of implementing regulations for that Act.
Every crisis is an opportunity for bad guys, it seems. The FTC issued a warning yesterday that can be found here.
It is a good idea to remind employees that they may see an upsurge in scam activity due to current events and remind them about personal and professional vigilance.
The spread of corona virus is making headlines for economic, health, and political reasons. Business-focused news also makes note of the impact of corona on international corporate travel planning. One other aspect of corona is worth noting for companies with international operations, however: data privacy. Many companies abroad are asking employees to declare whether they have been tested for corona, and/or what the test results show.
With the EU’s new privacy rules (GDPR) that took effect earlier this year, the California Consumer Privacy Act that takes effect January 1st, 2020, and the clamor for a federal data privacy law in the United States, it is increasingly clear that privacy will not, in the future, be an optional part of business operations.