Privacy Update John L. Wood – Egerton, McAfee, Armistead & Davis, P.C.

Slides:

Advertisements

Similar presentations

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

Advertisements

Children's Online Privacy Protection Act and the Video Privacy Protection Act By: Alana Rushing.

Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.

Per Anders Eriksson

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Privacy and Security Prof Sunil Wattal. Consumer Analytics  Analytics with consumer data to derive meaningful insights on actions and behaviors.

STANDARD 5.3 Objective 3 Students will explain and understand the need for confidentiality.

C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.

1 Copyright © International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.

Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?

Profile & Privacy Management Dashboard

Incident Response Comes of Age

Key changes with the GDPR

The future of data protection: General Data Protection Regulation

Enforcement, Business Associates and Breach Notification. Oh my!

Prepared by Kris Twomey Law Office of Kristopher E. Twomey, P.C.

Overview General Data Protection Regulation (GDPR)

Module 3 Consumer Privacy.

Data protection headaches: GDPR, brexit AND perimeter risk

General Data Protection Regulations and the IoT

Microsoft 365 Get help with regulatory compliance

Presentation to GTMC on GDPR

GDPR – What’s it all about???

General Data Protection Regulation (GDPR

By: Eamon Callahan and Wilston Johnston

The European Union General Data Protection Regulation (GDPR)

Data protection reform:

Bob Siegel President Privacy Ref, Inc.

Iain McDonald Information Commissioner

Vikas Dewangan (Senior Technology Architect)

Introduction to GDPR 09/11/2018.

State of the privacy union

Current Privacy Issues That May Affect Your Credit Union

From DPA to GDPR: the key elements

General Data Protection Regulations

GDPR Overview and Use Cases.

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

Mathew Norman, Policy & Public Affairs Officer, RLA Wales

GDPR How does it apply to me?.

Health Care: Privacy in a Digital Age

GDPR For The Voluntary Sector

IMPLICATIONS OF GDPR ROBERT BELL.

Individual Rights and Federal Preemption of State Privacy Laws

General Data Protection Regulations (GDPR) Training

GDPR enforcement begins

 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:

NCHER 2018 Fall Legal Meeting October 5, 2018

GDPR, PCS UG 15th May 2018, Vienna.

 GDPR Readiness Quiz Quick Insight: Quick Insight: Quick Insight:

The General Data Protection Regulation: Are You Ready?

The title: The implementation of Data Protection

General Data Protection regulation (GDPR)

Data Protection in Law Enforcement Area Chapter 9a of the draft law

General Date Protection Regulation

Francoise Gilbert Cybersecurity & Privacy

Non-HIPAA Governmental Regulation of Healthcare Privacy and Security

Legal Issues in Podcasting: What Broadcasters Need to Know

General Data Protection Regulation (GDPR)

Recent Developments in Consumer Privacy

The European Union’s General Data Protection Regulation (GDPR): Overview and Guidance SUNY Office of General Counsel Spring 2019.

General Data Protection Regulation

Colorado “Protections For Consumer Data Privacy” Law

Presented by: Steve Gerdes 26 January 2019

u.s. privacy law RICK JEFFRIES, CIPP/US

The Regulatory Ripple Effect – GDPR & Beyond

and the New General Data Protection Regulation (GDPR) Requirements

Getting Ready For GDPR Simon Marks Director

EU Data Privacy: What US Orgs Need to Do Now to Prepare for the GDPR

School of Medicine Orientation Information Security Training

Presentation transcript:

Privacy Update John L. Wood – Egerton, McAfee, Armistead & Davis, P.C. jlw@emlaw.com TSCPA – August 20, 2019 Copyright 2019 John L. Wood

Overview European Legal Requirements – Comprehensive What are you protecting? United States Legal Requirements - Sectional HIPAA Graham, Leach, Bliley State notification laws FTC enforcement New State laws – California (Effective January 1, 2020) European Legal Requirements – Comprehensive GDPR (Effective May 25, 2018) Copyright 2019 John L. Wood

Facebook fined $5 billion for Cambridge Analytica leak FTC fines Facebook Facebook fined $5 billion for Cambridge Analytica leak Biggest fine in FTC history Copyright 2019 John L. Wood

All 50 States have notification laws California was first - September 25, 2002 Copyright 2019 John L. Wood

Uber’s Failed to Notify 148 Million September 2018 – Uber settled with all 50 states for failure to notify Uber paid 148 Million Tennessee received 1.7 million Copyright 2019 John L. Wood

Uber’s problem Uber stored personal information on Amazon Web Services A hacker downloaded the personal information of over 47 million individuals What did Uber do wrong? stored personal information in clear text Allowed users to reuse credentials Did not require multi-factor authentication. Copyright 2019 John L. Wood

Uber paid the hacker’s $100,000 Uber’s Fix Uber paid the hacker’s $100,000 Uber was assured the data was never leaked There is no indication that the data was ever leaked Uber failed to follow the notification laws Copyright 2019 John L. Wood

California Consumer Privacy Act (CCPA) Signed into law on June 28, 2018 Takes affect January 1, 2020 Key Principle – Users have control over their data Copyright 2019 John L. Wood

CCPA Private Information Names Addresses Email Address IP address Cookies Etc. Copyright 2019 John L. Wood

CCPA Applicaton Notice (1798.130) Right to Access(1798.100) Privacy Notice Right to Access(1798.100) Use of information must be disclosed (1798.110(c)(3)) Information must be provided in portable format Right to be forgotten (1798.105) Right to opt out (1798.120) Cannot discriminate if rights are exercised (1798.125) Provide a link titled “Do Not Sell My Personal Information” (1798.135) Allows the consumer to opt-out Copyright 2019 John L. Wood

CCPA Threshhold CCPA applies to businesses that have: Annual gross revenues in excess of $25,000,000; Buys, receives, sells or shares the personal information of 50,000 or more consumers; or Derives 50 percent or more of its annual revenues from selling consumers’ personal information. Copyright 2019 John L. Wood

Disclosures Statutory damages $100 - $750 per consumer per incident Private right of action Class actions are allowed 30 day right to cure in some situations Copyright 2019 John L. Wood

Violations Actions brought by the California Attorney General Up to $7,500 for each violation Copyright 2019 John L. Wood

CCPA Amendments California legislature is currently considering amendments to CCPA Bill 561 – Sought to expand private right of action beyond breaches Did not pass Bill 753 – Would exclude advertising cookies from definition of sale Bill 846 – Would exclude customer loyalty programs Copyright 2019 John L. Wood

What should a business do? Change Your Approach to Personal Information The Consumer owns their data Build in consumer rights Right to opt-out Right to be forgotten Right to Access/Portability Consider Do Not Sell My Information link Copyright 2019 John L. Wood

GDPR affects United States companies GDPR applies to any processor or controller that processes personal data of individuals who are in the European Union. May 25, 2018 Implementation Copyright 2019 John L. Wood

GDPR – Users control their data Right to rectification – right to correct personal data. Article 16 Right to be forgotten – right to delete personal data. Article 17 Right to restriction of processing. Article 18 Right to be informed. Article 19 Right to data portability. Article 20 Right to object. Article 21 Right not to be subject to automatic decision making. Article 22 Copyright 2019 John L. Wood

GDPR – Users Consent Must have a legal basis to use personal data Consent is a legal basis Consent has to be separately given for each type of processing Consent cannot be required Copyright 2019 John L. Wood

GDPR lawsuits January 21, 2019 – Google fined $57 million Consent was not sufficiently informed Google received consent for all actions But, consent must be specifically given Copyright 2019 John L. Wood

Questions? Copyright 2019 John L. Wood