Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Update John L. Wood – Egerton, McAfee, Armistead & Davis, P.C.

Published byΔιδώ Κολιάτσος Modified over 5 years ago

Similar presentations

Presentation on theme: "Privacy Update John L. Wood – Egerton, McAfee, Armistead & Davis, P.C."— Presentation transcript:

1 Privacy Update John L. Wood – Egerton, McAfee, Armistead & Davis, P.C.
TSCPA – August 20, 2019 Copyright 2019 John L. Wood

2 Overview European Legal Requirements – Comprehensive
What are you protecting? United States Legal Requirements - Sectional HIPAA Graham, Leach, Bliley State notification laws FTC enforcement New State laws – California (Effective January 1, 2020) European Legal Requirements – Comprehensive GDPR (Effective May 25, 2018) Copyright 2019 John L. Wood

3 Facebook fined $5 billion for Cambridge Analytica leak
FTC fines Facebook Facebook fined $5 billion for Cambridge Analytica leak Biggest fine in FTC history Copyright 2019 John L. Wood

4 All 50 States have notification laws
California was first - September 25, 2002 Copyright 2019 John L. Wood

5 Uber’s Failed to Notify 148 Million
September 2018 – Uber settled with all 50 states for failure to notify Uber paid 148 Million Tennessee received 1.7 million Copyright 2019 John L. Wood

6 Uber’s problem Uber stored personal information on Amazon Web Services
A hacker downloaded the personal information of over 47 million individuals What did Uber do wrong? stored personal information in clear text Allowed users to reuse credentials Did not require multi-factor authentication. Copyright 2019 John L. Wood

7 Uber paid the hacker’s $100,000
Uber’s Fix Uber paid the hacker’s $100,000 Uber was assured the data was never leaked There is no indication that the data was ever leaked Uber failed to follow the notification laws Copyright 2019 John L. Wood

8 California Consumer Privacy Act (CCPA)
Signed into law on June 28, 2018 Takes affect January 1, 2020 Key Principle – Users have control over their data Copyright 2019 John L. Wood

9 CCPA Private Information
Names Addresses Address IP address Cookies Etc. Copyright 2019 John L. Wood

10 CCPA Applicaton Notice (1798.130) Right to Access(1798.100)
Privacy Notice Right to Access( ) Use of information must be disclosed ( (c)(3)) Information must be provided in portable format Right to be forgotten ( ) Right to opt out ( ) Cannot discriminate if rights are exercised ( ) Provide a link titled “Do Not Sell My Personal Information” ( ) Allows the consumer to opt-out Copyright 2019 John L. Wood

11 CCPA Threshhold CCPA applies to businesses that have:
Annual gross revenues in excess of $25,000,000; Buys, receives, sells or shares the personal information of 50,000 or more consumers; or Derives 50 percent or more of its annual revenues from selling consumers’ personal information. Copyright 2019 John L. Wood

12 Disclosures Statutory damages $100 - $750 per consumer per incident
Private right of action Class actions are allowed 30 day right to cure in some situations Copyright 2019 John L. Wood

13 Violations Actions brought by the California Attorney General
Up to $7,500 for each violation Copyright 2019 John L. Wood

14 CCPA Amendments California legislature is currently considering amendments to CCPA Bill 561 – Sought to expand private right of action beyond breaches Did not pass Bill 753 – Would exclude advertising cookies from definition of sale Bill 846 – Would exclude customer loyalty programs Copyright 2019 John L. Wood

15 What should a business do?
Change Your Approach to Personal Information The Consumer owns their data Build in consumer rights Right to opt-out Right to be forgotten Right to Access/Portability Consider Do Not Sell My Information link Copyright 2019 John L. Wood

16 GDPR affects United States companies
GDPR applies to any processor or controller that processes personal data of individuals who are in the European Union. May 25, 2018 Implementation Copyright 2019 John L. Wood

17 GDPR – Users control their data
Right to rectification – right to correct personal data. Article 16 Right to be forgotten – right to delete personal data. Article 17 Right to restriction of processing. Article 18 Right to be informed. Article 19 Right to data portability. Article 20 Right to object. Article 21 Right not to be subject to automatic decision making. Article 22 Copyright 2019 John L. Wood

18 GDPR – Users Consent Must have a legal basis to use personal data
Consent is a legal basis Consent has to be separately given for each type of processing Consent cannot be required Copyright 2019 John L. Wood

19 GDPR lawsuits January 21, 2019 – Google fined $57 million
Consent was not sufficiently informed Google received consent for all actions But, consent must be specifically given Copyright 2019 John L. Wood

20 Questions? Copyright 2019 John L. Wood

Download ppt "Privacy Update John L. Wood – Egerton, McAfee, Armistead & Davis, P.C."

Similar presentations

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
Children's Online Privacy Protection Act and the Video Privacy Protection Act By: Alana Rushing.

Children's Online Privacy Protection Act and the Video Privacy Protection Act By: Alana Rushing.
Presented by: Dan Landsberg August 12, 2011. Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.

Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.
Per Anders Eriksson

Per Anders Eriksson
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Privacy and Security Prof Sunil Wattal. Consumer Analytics  Analytics with consumer data to derive meaningful insights on actions and behaviors.

Data Privacy and Security Prof Sunil Wattal. Consumer Analytics  Analytics with consumer data to derive meaningful insights on actions and behaviors.
STANDARD 5.3 Objective 3 Students will explain and understand the need for confidentiality.

STANDARD 5.3 Objective 3 Students will explain and understand the need for confidentiality.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.

C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
1 Copyright © 1999-2008 International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.

1 Copyright © International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.
Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?

Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?
Profile & Privacy Management Dashboard

Profile & Privacy Management Dashboard
Incident Response Comes of Age

Incident Response Comes of Age
Key changes with the GDPR

Key changes with the GDPR
The future of data protection: General Data Protection Regulation

The future of data protection: General Data Protection Regulation
Enforcement, Business Associates and Breach Notification. Oh my!

Enforcement, Business Associates and Breach Notification. Oh my!
Prepared by Kris Twomey Law Office of Kristopher E. Twomey, P.C.

Prepared by Kris Twomey Law Office of Kristopher E. Twomey, P.C.
Overview General Data Protection Regulation (GDPR)

Overview General Data Protection Regulation (GDPR)
Module 3 Consumer Privacy.

Module 3 Consumer Privacy.
Data protection headaches: GDPR, brexit AND perimeter risk

Data protection headaches: GDPR, brexit AND perimeter risk
General Data Protection Regulations and the IoT

General Data Protection Regulations and the IoT

Similar presentations

Ads by Google