The guidelines on Transparency under Regulation 2016/679 provide practical guidance and interpretative assistance from the Article 29 Working Party (WP29) on the new obligation of transparency concerning the processing of personal data under the General Data Protection Regulation (GDPR). Transparency is an overarching obligation under the GDPR applying to three central areas: (1) the provision […]
The Guidelines on consent under Regulation 2016/679 provide a thorough analysis of the notion of consent. Controllers must always consider which one is the appropriate lawful ground for the processing. Consent remains one of six lawful bases to process personal data, as listed in Article 6, GDPR. The data subject shall have a genuine choice […]
EPTL Article 13-A was enacted in September of 2016 and directly addresses the ability of a fiduciary (i.e., executor, agent, trustee, guardian) to access digital asset Article 13-A – ADMINISTRATION OF DIGITAL ASSETS SUMMARY OF ARTICLE Part 1 – (13-A-1) DEFINTIONS Part 2 – (13-A-2.1 – 13-A-2.4) APPLICABILITY, PROCEDURE FOR DICLOSURE, USER DIRECTIONS Part 3 – (13-A-3.1 – […]
Tags: DATA PROTECTION
The Computer Fraud and Abuse Act (CFAA) is a United States cybersecurity bill that was enacted in 1986 as an amendment to existing computer fraud law (18 U.S.C. § 1030), which had been included in the Comprehensive Crime Control Act of 1984. The law prohibits accessing a computer without authorization, or in excess of authorization.
Tags: US PRIVACY
The Stored Communication Act (SCA), codified at 18 U.S.C. Chapter 121 §§ 2701–2712 is a law that addresses voluntary and compelled disclosure of “stored wire and electronic communications and transactional records” held by third-party internet service providers (ISPs). Below a list of the relevant sections 2701 – Unlawful access to stored communications 2702 – Voluntary […]
Tags: US PRIVACY
On March 21, 2018, South Dakota adopted a data breach notification statute. According to the South Dakota Statute, any “information holder” must comply. An “Information holder” is any person or business that conducts business in South Dakota and owns or licenses “personal information” or “protected information” of residents of South Dakota. The statute is added […]
Tags: DATA PROTECTION
The Italian Council of Ministers preliminarily approved a legislative decree (in furtherance of Parliament’s delegation Law October 25 2017, no. 163), containing provisions to amend domestic law in compliance with the GDPR. In fact, effective May 25, 2018, Legislative Decree June 30, 2003 no. 196 will be abrogated and the GDPR will be immediately into […]
The Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679, wp248rev.01, are available at here. The GDPR requires controllers to implement appropriate measures to be able to demonstrate compliance with the GDPR itself, taking into account among others […]
On July 21, 2017, New Jersey adopted the “Personal Information and Privacy Protection Act.” According to the law, retailers may scan an ID card only under certain circumstances. By “scanning” the law means to access the barcode or any other machine-readable section of the card “with an electronic device capable of deciphering, in an electronically […]
Tags: DATA PROTECTION, US PRIVACY
On May 11, 2017, the Administration Trump issued an executive order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The executive order contains three sections. The first section deals with cybersecurity of federal networks. Agencies shall implement the NIST framework for risk management and risk reduction, federal IT for shared services shall use the […]
Tags: DATA PROTECTION