Although the California Consumer Privacy Act (CCPA) does not explicitly require that businesses engage in data mapping or relationship mapping, they probably won’t be able to develop effective CCPA compliance strategies without having both. Businesses that have engaged in data mapping in preparation for GDPR compliance will be able to leverage some of that work.
Singapore’s Personal Data Protection Commission (PDPC) issued a statement on March 1 announcing its plan to introduce mandatory breach notifications as part of a set of proposed amendments to the country’s Personal Data Protection Act (PDPA). The proposed amendments come in response to the PDPC’s recent review of the PDPA in order “to ensure that it keeps pace with the evolving needs of businesses and individuals, and balances safeguarding individuals’ interests and enables the legitimate use of personal data by organisations.” The details of the mandatory breach notification have not yet been made public, but the amendment will likely require organizations to notify the PDPC and affected data subjects when a certain level of breach has occurred.
Continue reading “Coming Soon to Singapore: Mandatory Data Breach Notifications”
A spotlight has been placed on the need for a chief data officer (CDO) in public sector agencies through both recent legislation and recommendations made in other recent reports and initiatives.
The end of February marked the beginning of Drinker Biddle’s nine-part webinar series on the new California Consumer Privacy Act of 2018 (CCPA) — one of the most significant data privacy laws in the United States.
Compliance with the new law will require considerable knowledge and effort. Our webinar series delves into the complex details and strategies that companies doing business in the state need to know. The series will feature a panel of CCPA professionals from Drinker Biddle’s Information Privacy, Security and Governance team, including Peter Blenkinsop, Jeremiah Posedel, Reed Abrahamson, and others.
The first webinar held on February 27 provided a comprehensive overview of the CCPA, including the obligations and limitations imposed on businesses that collect and process personal data of California residents, the rights of such residents, and the enforcement mechanisms and potential penalties available under the act. The DBR team also highlighted some key open issues that will hopefully be addressed or clarified by California regulators before the law becomes operative on January 1, 2020. For those who were unable to attend, a recording of the webinar and a copy of the presentation materials are available here.
The Federal Trade Commission has opened up public comments for their upcoming Hearings on Competition and Consumer Protection in the 21st Century.
The hearings will take place during the fall and winter 2018 and will examine “whether broad-based changes in the economy, evolving business practices, new technologies, or international developments might require adjustments to competition and consumer protection enforcement law, enforcement priorities, and policy,” according to the FTC website. FTC Chairman Joe Simons said in a statement that the hearings are modeled after former Chairman Bob Pitofsky’s 1995 Global Competition and Innovation Hearings, which at the time “re-energized one of the FTC’s most valuable functions – to gather leaders in business, economics, law, and related disciplines to discuss tough, emerging problems and prepare public reports on the facts, issues, governing law, and the need, as appropriate, for change.”
In March 2018, the Consumer Product Safety Commission (CPSC) issued a Notice of Public Hearing and Request for Written comments on The Internet of Things on Consumer Product Hazards. The CPSC expressed interest regarding existing safety standards on existing IoT devices, how to prevent hazards, and the role of government in the effort to promote IoT safety.
