Posted by fgilbert on October 19th, 2015

The Fall season often brings changes to California laws, and this year is no exception. Once again, the California Security Breach Disclosure Laws have been amended. During the first half of October, California Governor Jerry Brown signed three bills amending the State’s Security Breach Disclosure Laws. These amendments will be effective as of January 1, […]

Posted by fgilbert on October 16th, 2015

The long awaited reaction of the Working party to the ruling of the Court of Justice of the European Union (CJEU) in the Schrems and Facebook case in now public. Late on October 15, the Article 29 Working Party published a statement outlining its first response to the landmark ruling. The Working Party’s statement summarizes the group’s evaluation of […]

Posted by fgilbert on October 16th, 2015

  In a 35-page ruling, published on October 6, 2015, the Court of Justice of the European Union has declared the EU-US Safe Harbor invalid. This means that the data transfers between European companies and the 4500+ US companies that have self-certified to their adherence to the EU-US Safe Harbor principles no longer have a […]

Posted by fgilbert on April 6th, 2015

Companies that do business in Russia or with Russia residents have been struggling to understand the Federal Law No. 242-FZ (“Data Localization Law”).  The law, passed in July 2014, contains a series of amendments to Russian laws to “Specify the Procedure for Personal Data Processing by Information and Telecommunications Networks.” The need to understand the […]

Posted by fgilbert on January 2nd, 2015

The “Privacy Rights for California Minors in the Digital World Act” came into effect as of January 1, 2015. Business & Professions Code §22581 creates a “right of erasure” which has numerous similarities with the “right to be forgotten” or “right of erasure” that is written into the proposed EU Data Protection Regulation. The California […]

Posted by fgilbert on November 26th, 2014

The Article 29 Working Party (WP29) has adopted Right to Be Forgotten Guidelines, to help Data Protection Authorities in the implementation of the May 13, 2014 judgment of the Court of Justice of European Union (CJEU) in the case Google Spain SL and Google Inc. v Agencia Espanola de Proteccion de Datos (AEPD) and Mario […]

Posted by fgilbert on October 1st, 2014

I recently participated in a discussion about the difference between “privacy” and “data protection.” My response was “it depends.” It depends on the country. It may also depend on other factors. When some countries use the term “privacy,” they may mean the same thing or refer to the same principles as what other countries identify […]

Posted by fgilbert on September 17th, 2014

The Federal Trade Commission has announced a proposed settlement with Yelp, Inc. for COPPA violations. The FTC alleged that, for five years, Yelp illegally collected and used the personal information of children under 13 who registered on its mobile app service. According to the FTC complaint, Yelp collected personal information from children through the Yelp […]

Posted by fgilbert on September 8th, 2014

The Enforcement Bureau of the Federal Communication Commission (FCC) reached a $7.4 million settlement with Verizon on September 3, 2014, after an investigation into the company’s use of customers’ personal information for marketing purposes. This $7.4 million fine is the largest such payment in FCC’s history for settling an investigation related solely to the privacy […]

Posted by fgilbert on June 23rd, 2014

Security breaches affecting electronic records have taken such a preeminent place on the first page of our daily news reports that it might be easy to forget that paper records may contain information that is just as sensitive and deserves just as much attention. An HHS action against Parkview Health System, Inc., a non-profit Indiana […]