DBR ON DATA

Security, Privacy and Information Governance

Category: Privacy



Page 2 of 16

Is There a “Tech” Bureau in the FTC’s Future?

Share

The Federal Trade Commission has focused some of its recent public statements on technology issues and related enforcement challenges. In this blog post, I provide a recap of those statements, including one before the House Energy and Commerce Subcommittee on Digital Commerce and Consumer Protection.

Continue reading

New Report Finds Health Care Industry Bears Highest Data Breach Costs

Share

Health care data breaches cost health care entities an average $408 per record– the highest of any industry for the eighth straight year, according to IBM and the Ponemon Institute’s 2018 Cost of a Data Breach Report, and three times higher than the cross-industry average of $148 per record. The cost for a health care data breach increased from last year’s reported average of $380 per record. Contributing factors to the high costs include compliance with laws and regulations and abnormally high churn rates due to consumer mistrust.

Continue reading

EU-US Privacy Shield Updates: Parliament Criticizes US Actions, and FTC Settlement with ReadyTech

Share

There were two recent noteworthy developments related to Privacy Shield from both sides of the Atlantic.

Continue reading

California Enacts Consumer Privacy Act

Share

The California Consumer Privacy Act’s swift passage is the result of a compromise reached between the backers of a ballot initiative and California legislators. There are similarities and differences between the Privacy Act and the European Union’s General Data Protection Regulation (GDPR) regime, but one thing that is common to both is the need for covered entities that collect or process the personal data of data subjects to understand what personal data is collected, why it is collected, how it is used, and with whom it is shared – in other words, core information governance principles.

The new law is the most comprehensive state privacy law passed to date. It will go into effect January 1, 2020 and comes on the heels of the GDPR which became effective on May 25, 2018.

Continue reading

Final Report on U.S. Government Policies and Public-Private Frameworks to Address Botnets, Security and Resiliency Challenges Released

Share

This post is part of a continuing DBR on Data series on Executive Order 13800 and updates on its implementation a year after passage.

The U.S. Department of Commerce and the Department of Homeland Security, through the National Telecommunications and Information Administration (NTIA), has released the final report on enhancing the resilience of the Internet and communications ecosystem against botnets and automated distributed threats.

Continue reading

Singapore Taekwondo Federation Fined by Personal Data Protection Commission for Unauthorized Disclosure of Minors’ Information

Share

Singapore’s Personal Data Protection Commission recently found that the Singapore Taekwondo Federation violated Singapore’s Personal Data Protection Act (PDPA) by failing to protect minors’ personal data on its website.  The PDPA was enacted in 2012 to “govern the collection, use and disclosure of personal data by organisations in a manner that recognizes both the right of individuals to protect their personal data and the need of organisations to collect, use or disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances.”

Continue reading

« Older posts Newer posts »

© 2018 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy