The California Consumer Privacy Act’s swift passage is the result of a compromise reached between the backers of a ballot initiative and California legislators. There are similarities and differences between the Privacy Act and the European Union’s General Data Protection Regulation (GDPR) regime, but one thing that is common to both is the need for covered entities that collect or process the personal data of data subjects to understand what personal data is collected, why it is collected, how it is used, and with whom it is shared – in other words, core information governance principles.
The new law is the most comprehensive state privacy law passed to date. It will go into effect January 1, 2020 and comes on the heels of the GDPR which became effective on May 25, 2018.
Singapore’s Personal Data Protection Commission recently found that the Singapore Taekwondo Federation violated Singapore’s Personal Data Protection Act (PDPA) by failing to protect minors’ personal data on its website. The PDPA was enacted in 2012 to “govern the collection, use and disclosure of personal data by organisations in a manner that recognizes both the right of individuals to protect their personal data and the need of organisations to collect, use or disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances.”
© 2019 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.