Privacy Compliance & Data Security
The Latest Developments in Global Data Privacy Law, and Data Breach Prevention and Response
Blog Authors
Latest from Privacy Compliance & Data Security
Employees Are People Too — And Not Just in California
I recently had the pleasure of speaking with the Atlantic County Bar Association. Here are some of the key takeaways from my presentation:
Employees are “consumers” under the California Consumer Privacy Act. It requires:
- Privacy notice (employee and applicant) is required (and a good idea) for all jurisdictions.
- Privacy rights like access, deletion (which are
…
All Pixels Are Not Created Equal
To paraphrase Animal Farm, all pixels are not created equal, but some pixels are more privacy invasive than others.
Here are some recent points I made during a presentation to some of my firm’s litigators:
- Litigation on tracking pixels is spreading like wildfire. The claims are under various laws, causes of action and states.
- Many
…
CPPA and Data Brokers: What You Need to Know
The California Privacy Protection Agency is going after data brokers.
The CPPA board voted earlier this month to adopt new regulations regarding data broker registration requirements. If approved, the regulations will become effective by Jan. 1, 2025.
Key issues that we are discussing with clients that buy and sell data:
- A business is still a
…
Tracking Pixels, Australia and What It Means for the U.S.
The Office of the Australian Information Commissioner recently issued practical guidance on how to deploy tracking technologies (pixels) in a privacy compliant manner under the Australian Privacy Law.
This can serve as a helpful guide for our U.S.-based clients too.
Before entering into a contract with a third-party pixel provider:
- Conduct a privacy impact assessment
…
Web Scraping: 16 Data Protection Authorities Say Controllers Need to Protect Their Properties
Sixteen data protection authorities recently confirmed that controllers must protect their properties from web scraping. And that includes web scraping for the purpose of training AI.
Here are some takeaways from the latest statement, which is a follow up to a previous statement 12 data protection authorities issued last year.
- All companies, not just social
…
The Ethical Use of AI and the DOL: What You Need to Know
The U.S. Department of Labor recently released new principles on the ethical use of artificial intelligence.
Here are some of the things we are working on with employers and other clients, including tech developers.
Employers:
- Involve employees early and regularly in the adoption and use of AI.
- Bargain in good faith with employee unions
…
Chatbot Do’s and Don’ts for Restaurants (and Beyond)
I recently sat down with the Restaurant Technology Network to discuss some of the many concerns people have regarding chatbots, and the legislation that governs them.
Here are some of the key points we talked about:
- Know your bot: If you are using a bot/AI bot, you need to tell people that they are not
…
Quantum Data Protection Challenges Are Coming
The United Kingdom’s Information Commissioner’s Office recently issued a report on Quantum technologies and data protection.
What are we discussing with clients?
- From an information security perspective: Companies should be adopting post-quantum cryptography technologies to address the new risks.
- From a privacy perspective: Organizations should continue ensuring that their data privacy teams have a solid
…
Generative AI and California Health Care Facilities: What You Need to Know About AB 3030
Governor Gavin Newsom recently signed AB 3030, a California bill intended to regulate the use of generative AI by health care facilities in the state.
This is some of what we are discussing with our healthcare clients:
Who is in scope?
A health facility, clinic, physician’s office or group practice office that uses generative artificial…