- “Data principal” means a data subject.
- “Data fiduciary” means
Privacy World Week in Review
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
The French CNIL’s New Guidance on Whistleblowing | Privacy World
SEC Adopts Final Cybersecurity Risk Management and Incident Disclosure Regulations
Privacy World Week in Review
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
The French CNIL’s New Guidance on Whistleblowing | Privacy World
SEC Adopts Final Cybersecurity Risk Management and Incident Disclosure Regulations
The French CNIL’s New Guidance on Whistleblowing
The French National Commission on Informatics and Liberty (CNIL) – the French data-protection authority – finally updated its standard of best practice on whistleblowing in July 2023, to accompany the significant changes introduced to the whistleblower protection regulation in the second half of 2022.Continue Reading The French CNIL’s New Guidance on Whistleblowing
Singapore Consults on Personal Data Guidelines for AI
On 18 July 2023, Singapore’s Personal Data Protection Commission (PDPC) issued a proposed set of advisory guidelines (Guidelines), to offer clarification on how Singapore’s comprehensive data protection law, the Personal Data Protection Act (PDPA), would apply to the processing of personal data in the design, development and deployment of AI systems.
The Guidelines are intended to be advisory in nature, i.e. not legally binding, and will instead govern how the PDPC will interpret, apply and enforce the PDPA in the contexts where personal data is used in or for AI systems that embed machine learning models to make decisions, recommendations or predictions.Continue Reading Singapore Consults on Personal Data Guidelines for AI
Illinois Supreme Court Refuses to Reconsider Decision That BIPA Claims Accrue Individually with Each Violation
Earlier this week, the Illinois Supreme Court denied a petition for rehearing of its decision in Cothron v. White Castle, a case which has tremendous implications on the effect of Illinois’s Biometric Information Privacy Act (“BIPA”). As previously covered here on PW, the Court’s decision in February concluded that that each separate incident which is a violation of BIPA constitutes a distinct and separately actionable violation of the statute. In other words, plaintiffs may seek to collect liquidated damages per violation—$1,000 per violation, $5,000 per intentional/reckless violation—instead of per plaintiff, even if a plaintiff alleges daily violations over the course of years. This week’s ruling leaves in place the Cothron decision and its exponential expansion of the scope of damages that may be sought by an individual plaintiff.Continue Reading Illinois Supreme Court Refuses to Reconsider Decision That BIPA Claims Accrue Individually with Each Violation
The Close of the Javier Saga
Last month, a district court in the Northern District of California delivered a fatal blow to the Javier saga, dismissing his claim with prejudice. Javier v. Assurance IQ, LLC, No. 20-CV-02860-CRB, 2023 WL 3933070 (N.D. Cal. June 9, 2023). As we previously reported, the court’s holding concludes a drawn-out dispute on a website
Privacy World Week in Review
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.Continue Reading Privacy World Week in Review
NYDFS Revises Its Proposed Amendments to Cybersecurity Regulations
As we reported in a previous blog post, the New York Department of Financial Services (“NYDFS”) proposed a raft of amendments to its landmark Cybersecurity Regulations (the “Regulations”) in 2022 (the “2022 Proposed Amendment”), adding substantial complexity to covered entities’ compliance obligations. Now, less than a year later, the NYDFS has published a proposed revised draft of the 2022 Proposed Amendment (as revised, the “2023 Proposed Amendment”). While not as extensive as the 2022 Proposed Amendment, the 2023 Proposed Amendment will nevertheless have a significant impact on how your organization complies with the Regulations.Continue Reading NYDFS Revises Its Proposed Amendments to Cybersecurity Regulations
Texas Two-Steps into the Childrens Privacy Dance: The Securing Children Online through Parental Empowerment Act
With Gov. Abbot’s recent signing of the Securing Children Online through Parental Empowerment Act (SCOPE Act), Texas joins Arkansas and Utah (see our blogs here and here) in requiring age verification and parental consent before allowing minors to create accounts on social media platforms. Two key differences among these laws are (i) the SCOPE Act’s scope, which is broader than the other two state laws; and (ii) the duty imposed by the SCOPE Act to prevent harm to minors by preventing their exposure to “harmful material.” To define “harmful material,” the SCOPE Act borrows from a different Texas law which defines it as material that “taken as a whole” (i) appeals to the prurient interest of a minor in sex, nudity, or excretion, (ii) is patently offensive to prevailing standards in the adult community as a whole with respect to what is suitable for minors, and (iii) is utterly without redeeming social value for minors.Continue Reading Texas Two-Steps into the Childrens Privacy Dance: The Securing Children Online through Parental Empowerment Act