Tag Archives for " US "

The California Consumer Privacy Act of 2018 is not at all like the GDPR

There seems to be a rise in fearmongering about the next big potential privacy legislation on the horizon after GDPR – the California Consumer Privacy Act of 2018. Consultants, bloggers, and, sadly, some well-respected law firms, have hyped the initiative as “very similar to the GDPR,” and a “sweeping, GDPR-like privacy regime.”

However,California Consumer Privacy Act of 2018 is not like GDPR. The Act is not an “act” at all – it is an initiative that may appear on the ballot in California during the November elections. And while the ballot initiative proposes some interesting, and arguably misguided, privacy requirements, few of those requirements have any analog within the GDPR. Furthermore equating the California initiative to the GDPR masks its real aim, purpose, and danger.

Read full article: Bryan Cave – Stop the hype! The California Consumer Privacy Act of 2018 is not at all like the GDPR

LIBE votes for Privacy Shield’s suspension: What does it mean?

On June 11 EU Parliament’s Civil Liberties Committee (LIBE) voted on the current international data-transfer agreement between the EU and U.S. passed its resolution, 29 to 25, to ask the European Commission to suspend Privacy Shield until the U.S. authorities comply with its terms in full.

Parliament is likely to vote on resolution in July and the question is whether it will agree with LIBE’s position.

Source: LIBE votes for Privacy Shield’s suspension: What does it mean?

White House says its federal agencies can’t keep track of their own data

Most federal agencies have no way of effectively detecting when data is stolen, found a new, 22-page report published by the White House Office of Management and Budget last week. 73 percent of federal agency programs simply can’t detect when large amounts of information leave their networks.

The report says there were more than 30,000 cyber attacks on the federal government in 2016 that resulted in lost information and compromised systems, but in 38 percent of those attacks (nearly 12,000 of the incidents), the government had no idea where the attacks came from or how they got into the systems.

Source: White House says its federal agencies can’t keep track of their own data

NIST updates its Risk Management Framework

US National Institute of Standards and Technology (NIST) has published draft update to its Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. The update to NIST Special Publication 800-37 (Revision 2) responds to the call by the Defense Science Board, Executive Order 13800, and OMB Memorandum M-17-25 to develop the next-generation Risk Management Framework (RMF) for information systems, organizations, and individuals. A public comment period for this draft document is open until June 22, 2018.

Source: SP 800-37 Rev. 2 (DRAFT), RMF: A System Life Cycle Approach for Security and Privacy | CSRC

GDPR lacks clarity and threatens transatlantic trade

A lack of clarity around how new EU data protection laws apply poses a threat to EU-US trade, the US secretary of commerce has said.

“GDPR creates serious, unclear legal obligations for both private and public sector entities, including the US government. We do not have a clear understanding of what is required to comply. That could disrupt transatlantic co-operation on financial regulation, medical research, emergency management co-ordination, and important commerce,” he said.

Source: GDPR lacks clarity and threatens transatlantic trade, says Ross

Facebook accused of conducting mass surveillance through its apps

Facebook used its apps to gather information about users and their friends, including some who had not signed up to the social network, reading their text messages, tracking their locations and accessing photos on their phones, a court case in California alleges.

Source: Facebook accused of conducting mass surveillance through its apps | Technology | The Guardian

Jourova to press for EU-US data sharing deal

EU justice chief Vera Jourova will push for a new data access agreement with the United States when she meets with her American counterpart next week, amid growing transatlantic tensions over issues including the Iran nuclear agreement and trade.

Source: Jourova to press for EU-US data sharing deal next week – EURACTIV.com

US court cases reflects ‘social shift’ in how data is viewed

Two recent decisions in two different federal appeals courts regarding who has the right to sue over data breaches reflect a “social shift” in how “we view our data,” according to an attorney specializing in privacy law.

Source: Recent decisions to grant standing in data breach cases reflects ‘social shift’ in how data is viewed | Cook County Record

Why the ‘encryption exception’ may be over used

EU General Data Protection Regulation and some U.S. state laws provides the “encryption exception” – it can be used to exempt a company from breach reporting and notification obligations if data was encrypted and the key had not also been compromised.

The reasoning is that encryption preserves confidentiality – even for stolen data – by rendering it unreadable. But it’s not really true.

Source: Why the ‘encryption exception’ may be over used

1 2 3 27
>