News

On March 23, 2018, the omnibus spending bill was signed into law; a portion contains the Clarifying Lawful Overseas Use of Data Act (CLOUD Act). The CLOUD Act’s main goal is to grant governments timely access to electronic data stored by communication-service providers (such as email service providers, certain cloud service providers and social media providers). The […]

On February 1, 2018, the Garante per la Protezione dei Dati Personali, the Italian Data Protection Authority (DPA), prohibited an Italian company to store employees’ corporate emails for an indefinite period. This would violate the principles of lawfulness, necessity, and proportionality established by the Privacy Code. The DPA explained that the company – instead of implementing […]

    UPDATE The Attorney General’s office also filed charges against the transcription service, ATA Consulting LLC, operating as Best Medical Transcription. In November 2018, Best Medical Transcription settled allegations related to a 2016 security lapse that made public — through Google web searches — the medical records of 1,654 patients treated by Virtua Medical Group […]

On March 20, 2018, the Centre for Information Policy Leadership (“CIPL”) issued a factsheet on the GDPR’s provisions that are most likely to be relevant for the negotiations of the proposed ePrivacy Regulation. The Factsheet explains key GDPR concepts relevant to the ePrivacy Regulation, including: definitions of GDPR’s terms, such as personal data, data processing and the role of […]

On March 21, 2018, South Dakota adopted a data breach notification statute. According to the South Dakota Statute, any “information holder” must comply. An “Information holder” is any person or business that conducts business in South Dakota and owns or licenses “personal information” or “protected information” of residents of South Dakota. The statute is added […]

The Federal Trade Commission (FTC) issued its 2017 Privacy & Data Security Update. The annual report summarizes the year’s privacy and data security enforcement actions, advocacy, workshops and guidance. Among the FTC’s 2017 privacy and security actions announced, is the first actions enforcing the EU-U.S. Privacy Shield framework.   The 2017 Privacy & Data Security update […]

On March 22, 2018, the Information Commissioner Officer (ICO) – the U.K. Data Protection Authority – published a detailed guidance for UK organizations on data protection impact assessments (DPIAs) under the GDPR to help companies identify and minimize the data protection risks of projects. The content of this detailed guidance is subject to public consultation, […]

Finalised GDPR Guidelines – Guidelines on Data Protection Officers (DPO), more here; – Guidelines on the right to data portability, more here; – Guidelines for identifying a controller or processor’s Lead Supervisory Authority, more here; – Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk”, […]

The Italian Council of Ministers preliminarily approved a legislative decree (in furtherance of Parliament’s delegation Law October 25 2017, no. 163), containing provisions to amend domestic law in compliance with the GDPR. In fact, effective May 25, 2018, Legislative Decree June 30, 2003 no. 196 will be abrogated and the GDPR will be immediately into […]

On February 27, 2018, the Federal Trade Commission (FTC) announced that it reached a settlement with PayPal, Inc. over allegations that the company failed to make adequate disclosures regarding its Venmo peer-to-peer payment service. According to the FTC’s complaint, Venmo misled consumers about the extent to which they could control the privacy of their transactions. By […]