Data Retention

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Privacy World’s Kristin Bryan talks to Bloomberg Law on the Supreme Court’s In re Grand Jury Dismissal | Privacy World

Privacy World has been talking about the importance of data inventories for years. Why? Because it is next to impossible to build a compliant privacy and data security program without first doing a data inventory. A data inventory will serve as a roadmap to help a company meet various privacy and security compliance milestones. Yet, completing a data inventory is one of the hardest and most daunting parts to building a privacy program. At least it was for Katy when she was in-house as a Global Data Protection Officer. The alternative to proactively creating a data inventory is trying to hastily create one during the middle of an incident response or responding to a regulatory demand, which Katy and Shea have seen numerous times helping clients during a crisis. Indeed, building a data inventory during a time of turmoil is the worst time to confirm a company’s data processing practices, and we want to help you avoid this worst-case scenario as you work to build out your 2023 privacy and data security compliance action plan.
Continue Reading Kick Start Your Data Inventory Project in 7-Steps

In a decision on October 27, 2022, the European Court of Justice has clarified the operators’ obligations regarding consent and the right to object in relation to public directories and information services.

Legal Context

The ePrivacy Directive contains several provisions relating to public directories and information services of telecommunications operators.

In particular, EU Member States

Biometric privacy suits brought under the Illinois Biometric Information Privacy Act (“BIPA”) continue to remain one of the hottest areas of class action litigation today, which can be attributed primarily to the fact that high statutory damages awards can be recovered by large classes of employees, consumers, and similar groups of individuals for mere technical violations of the law. To further compliance matters, many BIPA decisions issued to date have skewed heavily in favor of plaintiffs, which has resulted in a significant expansion of potential litigation risk under the statute. 

In Mora v. J&M Plating, Inc., No. 2-21-0692, 2022 IL App (2d) 210692 (Ill. App. Ct. 2d Dist. Nov. 30, 2022), the Illinois Second District Court of Appeals continued the trend of plaintiff-favorable BIPA decisions in 2022, holding that private entities run afoul of BIPA’s Section 15(a) data retention and destruction disclosure requirements where they fail to have in place a BIPA-compliant data retention/destruction disclosure at the time biometric data is initially possessed, and that subsequent disclosures cannot serve retroactively to remedy prior violations of this component of the law. Importantly, Mora underscores the need for companies to ensure they have satisfied all of the applicable requirements of BIPA prior to the time any biometric data is collected or possessed in order to mitigate the sizeable legal risks associated with legal non-compliance.  

Continue Reading Illinois Appellate Court Issues Key, Plaintiff-Favorable Opinion On BIPA Data Retention Disclosure Requirements 

Welcome to the 2022 Q3 edition of the Artificial Intelligence & Biometric Privacy Report, your go-to source for keeping you in the know on all recent major artificial intelligence (“AI”) and biometric privacy developments that have taken place over the course of the last three months. We invite you to share this resource with your colleagues and visit Squire Patton Boggs’ Data Privacy, Cybersecurity & Digital Assets and Privacy & Data Breach Litigation homepages for more information about our capabilities and team.

Also, we are extremely pleased to announce that our own Kristin Bryan was named as a 2022 Law360 Cybersecurity & Privacy MVP. As Law360 notes, “[t]he attorneys chosen as Law360’s 2022 MVPs have distinguished themselves from their peers by securing hard-earned successes in high-stakes litigation, complex global matters and record-breaking deals.” You can read more about Kristin’s Law360 award here: Law360 MVP Awards Go to 188 Attorneys From 78 Firms.

Continue Reading 2022 Q3 Artificial Intelligence & Biometric Privacy Report

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

WEBINAR Federal Privacy Legislation: Within Reach After a Decade of Debate. If So, What Next?

Federal Court Dismisses Biometric

A federal court recently sanctioned defendants for spoilation of evidence in litigation. In doing so, the Court rejected the Defendant’s argument that they changed their data settings in good faith to align with the California Consumer Privacy Act of 2018 (“CCPA”) and the International Standard of Operation Compliance (“ISO”). 2022 U.S. Dist. LEXIS 178233 (N.D. Ohio Sep. 29, 2022). Read on to learn more.

Continue Reading Federal Court Sanctions Company for Spoilation of Evidence Over Arguments Data Settings Changed to Comply with CCPA and ISO Requirements

Burn After Reading is a black comedy spy movie by the Coen brothers. It could also be an extreme encapsulation of the core of data retention rules applicable to communications providers: data should only be kept for as long as:

  • There is an administrative need to keep it to carry out your business or support functions (e.g. billing); or
  • It is required to demonstrate compliance for audit purposes or for legislative requirements (e.g. in case of an order to intercept communications for law enforcement).


Continue Reading Burn After Reading… Data Retention Compliance

CPW’s Kristin Bryan was recently interviewed about “BIPA and Forthcoming Changes to Biometric Privacy Laws” on the LexisNexis Practical Guidance Podcast’s third episode of the Data Privacy Series. During her interview with Kevin Hylton, who hosts the podcast, Kristin sets the stage for the rise in BIPA class action claims in areas such

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Profiling and Automated Decision-Making: How to Prepare in the Absence of Draft CPRA Regulations | Consumer Privacy World

Protecting