ccpa

2020 is the gift that keeps on giving. In this episode, Paul Breitbarth and K Royal revisit some of the issues discussed on previous episodes, but with a guest who has a unique global perspective. Our guest today is an American in Brussels. He is the Deputy Chief Privacy Officer of the US-based pharmaceutical company Merck. Chris Foreman has practiced law in London, Washington DC, Istanbul, New York and Moscow, and is currently based in Brussels. 

Merck, or MSD as it is often known, has been an active player in the international corporate privacy community, and a big advocate for interoperability and company-wide compliance programs. They are one of the few companies that has both EU Binding Corporate Rules and APEC Cross-Border Privacy Rules, trying to ensure the best possible safeguards for international data transfers. There is even a published cross-walk between the two.

Join us as we talk with Chris about his views on international data transfers. As expected, we will discuss the Schrems-II decision and its impact on data transfers, but we touch on many other topics as well that are integral to a global privacy program. These include the California Consumer Privacy Act (CCPA) and the ballot initiative, the California Privacy Rights Act (CPRA, Proposition 24), South Korea, Brazil (LGPD), clinical trials, and other twists to privacy law that we are starting to see.  

Resources

• JD Robb https://jdrobb.com/ 
• TrustArc Privacy Sheild Resources https://trustarc.com/trustarcs-privacy-shield-schrems-resource/ 

Social Media
Twitter: @privacypodcast, @EuroPaulB, @heartofprivacy, @trustarc, 
Instagram @seriousprivacy

If you have comments or questions, find us on LinkedIn, Twitter/Mastodon @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us!

Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.

#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

This past week in privacy law saw several unexpected developments. When this podcast started back in January, the intention was to record a series of conversations between K Royal and Paul Breitbarth with an occasional guest or recorded conference panel discussion. They would discuss what had happened in a week, place privacy and data protection developments around the world in context and provide insights based on their experience… And then COVID-19 happened, the podcast quickly became popular and guests became ubiquitous. 

On this episode, Paul and K return to their roots of covering privacy news and developments, because so much happened this past week or so. We’re in the middle of a privacy zone, with laws being lobbed all round us, guidance coming at us from all directions, and opinions shooting left and right - it’s like privacy officers need hazard pay. 

So much has happened in recent days, that we decided to just have the one-on-one conversation this week. You will hear about new European Data Protection Board (EDPB) guidance, next steps in the Schrems case and the fall-out from the Privacy Shield annulment, as well as on the latest actions from Brazil. Join us to catch up on the latest developments and to put them in context of current events.

Resources

• Register for TrustArc’s webinar on LGPD
  https://info.trustarc.com/WB-2020-09-16-LGPD_RegPage.html 
• Wall Street Journal Article on DPC Ireland v. Facebook
  https://www.wsj.com/articles/ireland-to-order-facebook-to-stop-sending-user-data-to-u-s-11599671980
• Facebook Response to the DPC Ireland preliminary order
  https://about.fb.com/news/2020/09/securing-the-long-term-stability-of-cross-border-data-flows/ 
• NOYB Response to the DPC Ireland preliminary order
  https://noyb.eu/en/dpc-actually-stopping-facebooks-eu-us-data-transfers-maybe-half-way 
• EDPB Draft Guidelines on Controller/Processor
  https://edpb.europa.eu/our-work-tools/public-consultations-art-704/2020/guidelines-072020-concepts-controller-and-processor_en 
• EDPB Draft Guidelines on Targeting Social Media Users
  https://edpb.europa.eu/our-work-tools/public-consultations-art-704/2020/guidelines-082020-targeting-social-media-users_en 
• Brazil LGPD Legislative Tracker
  

If you have comments or questions, find us on LinkedIn, Twitter/Mastodon @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us!

Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.

#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

Discussion around cyber security governance and compliance.  What they are, the professions that perform these roles and what they do and how they differ.  I go over key regulations including SOX, HIPAA, GDPR and others explaining what they cover and why it matters to cyber security professionals.

cybergreybeard@gmail.com

Sarbanes Oxley: https://www.soxlaw.com/
PCI-DSS: https://www.pcisecuritystandards.org/
HIPAA: https://www.hhs.gov/hipaa/index.html
GDPR: https://gdpr-info.eu/
CCPA: https://oag.ca.gov/privacy/ccpa
GDPR Enforcement and Fines: https://www.enforcementtracker.com/
HIPAA Fines: https://compliancy-group.com/hipaa-fines-directory-year/
Tennessee Diagnostic Medical Imaging Service: https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/tmi/index.html
Lifespan Health: https://www.hhs.gov/about/news/2020/07/27/lifespan-pays-1040000-ocr-settle-unencrypted-stolen-laptop-breach.html

In the fifth episode of The Privacy Podcast, Daniel Zarchy speaks with Weiss Hamid and Karl Gerner about the final Attorney General regulations for the CCPA, the Facebook Limited Data Use tool, and what business owners relying on the LDU tool need to know.

Disclaimer: This communication is not intended to create or constitute, nor does it create or constitute, an attorney-client or any other legal relationship. No statement in this communication constitutes legal advice nor should any communication herein be construed, relied upon, or interpreted as legal advice. This communication is for general information purposes only regarding recent legal developments of interest, and is not a substitute for legal counsel on any subject matter. No listener should act or refrain from acting on the basis of any information included herein without seeking appropriate legal advice on the particular facts and circumstances affecting that listener. For more information, visit www.buchalter.com.

With all the recent changes in privacy laws, it seems like a whole new world. Or perhaps not. In this episode, we connect with Travis LeBlanc, a well-seasoned professional with insight into government actions to discuss recent privacy developments through the lens of past actions. He was the chief of the Federal Communications Commission’s (FCC) Enforcement Bureau in the Obama years, worked as senior adviser to former California Attorney General - and now Vice-Presidential nominee - Kamala D. Harris and as special assistant attorney general of California. Today, he is the vice chair of Cooley’s cyber, data and privacy practice, a role he combines with the membership of the Privacy and Civil Liberties Oversight Board of the United States.

Join Paul Breitbarth and K Royal in this episode to discuss the changing world of privacy. Given the overlapping years, where Paul was with the Working Party 29 in Europe and Travis was with the FCC, Paul and Travis relived some of their shared experiences. But the conversation was not limited to regulator reminiscing. We discussed a variety of issues, from Schrems-II, the possibility of U.S. federal legislation on the horizon, and the CPRA,  which also led to social justice issues.

Resources

• TrustArc Privacy Shield Ruling Resources https://trustarc.com/trustarcs-privacy-shield-schrems-resource/
• https://oag.ca.gov/news/press-releases/attorney-general-kamala-d-harris-launches-new-tool-help-consumers-report 

If you have comments or questions, find us on LinkedIn, Twitter/Mastodon @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us!

Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.

#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

Privacy is like driving a car - lots of rules which change across borders and you need to look both ways before crossing the street. In both the US and EU, the Schrems-II decision on 16 July is a major development in data protection navigation. But we are just at the beginning of understanding all the consequences of the verdict of the EU Court of Justice. Don’t worry - also in the coming weeks, we’ve got you covered. #SeriousPrivacy will keep you posted on important developments and views. 

In this episode, Paul Breitbarth and K Royal speak with Professor Dan Solove with the George Washington University Law School, a renowned educator in both privacy and data security legislation, an internationally-known expert and a prolific writer of books and articles on these topics. He certainly has an opinion of what happens next in transatlantic data relations and intra-US with the California Privacy Rights Act (CPRA).  

Join us as we discuss the implications of Schrems-II, the CPRA, privacy legislation and enforcement, and developments in this space. For example, the CPRA now faces opposition from a coalition led by the American Civil Liberties Union (ACLU) of California. In addition, we discuss Prof. Solove’s views over the past few decades of the advance of the privacy field and what he hopes to see in the coming years.

Resources

• ACLU Announcement on Twitter: https://twitter.com/snowjake/status/1285732381387882501
• Privacy Paradox paper https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3536265
• Clapper v Amnesty https://www.supremecourt.gov/opinions/12pdf/11-1025_ihdj.pdf
• Schrems Blog Post https://teachprivacy.com/schrems-ii-reflections-on-the-decision-and-next-steps/ 
• TrustArc free resource page https://trustarc.com/trustarcs-privacy-shield-schrems-resource/
• TeachPrivacy https://teachprivacy.com/

Social Media

Twitter: @GWlaw @danielsolove @euroPaulB @heartofprivacy @podcastprivacy @trustarc @teachprivacy

If you have comments or questions, find us on LinkedIn, Twitter/Mastodon @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us!

Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.

#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

This week, our hosts sit down with Harpal Gill and Raghu Rao, to discuss how effective data governance can help firms achieve GDPR and CCPA compliance.
Watch the video version of the podcast here.

Harpal and Raghu offer their expertise in answering the following questions:

• What is GDPR? What is CCPA? What are the differences? 
• What are some of the key challenges firms face with GDPR and CCPA compliance?
• How can an effective data governance framework ensure firms meet GDPR and CCPA's regulatory requirements?
• As an active data governance and data quality tool, how can PeerNova's Cuneiform Platform help enterprises comply with these regulations?

The 1st of July has come and gone - the date that marks the beginning of the enforcement of the California Consumer Privacy Act (CCPA).  Not all companies are ready for CCPA enforcement. And many companies are confused among the many moving parts - the law and potential amendments, the regulations, the ballot initiative, and enforcement.  

California’s Attorney General Becerra describes the CCPA is a “first-of-its-kind data privacy law in America.” In his press release he encourages every Californian to know their rights to internet privacy and every business to know its responsibilities. The website of every business covered by the law must now post a link on its homepage that says ‘Do Not Sell My Personal Information’. Click on it - Becerra recommends. Remember, it’s your data. You now get to control how it’s used or sold.” 

Join Paul and K to discuss the various aspects of the CCPA, from amendments to enforcement and class actions. The pending regulations were submitted in the beginning of June to the California Office of Administrative Law, but they have not yet completed their review and at this point, may mean a delay to October. Meanwhile, the California Consumer Privacy Act (CPRA) has met the requirements to be on the November ballot. Should it succeed, it will modify the current CCPA. 

As always, should you have any questions or comments, please feel free to contact us directly via email at seriousprivacy@trustarc.com. 

Resources

• TrustArc Global Privacy Benchmarks Survey:
  https://info.trustarc.com/Web-Resource-2020-06-16-Global-Privacy-Survey_LP.html 
• CCPA and CPRA TrustArc webinar https://info.trustarc.com/WB-2020-06-17-CCPA-Update_RegPage.html
• CCPA lawsuits Article from National Law Review https://www.natlawreview.com/article/importance-ccpa-compliance-highlighted-first-round-private-actions 

If you have comments or questions, find us on LinkedIn, Twitter/Mastodon @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us!

Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.

#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

"Only K can save the world" -  from Men in Black III. This is one of K's favorite quotes, but what are her favorite topics in privacy? 

After many weeks discussing a huge variety of topics with our guests, it is time to go back to basics: a privacy conversation about our favorite topics while sitting on a sunny back porch, drink in hand. This week, it’s K’s turn to discuss her favorite privacy topic. She can only pick one - what will she go for? Individual rights? Transparency? International Transfers? Or will K reach back to her earlier career in healthcare?  As you can imagine, when asked for one favorite topic, she provided two. 

We don't want to spoil the surprise, but we will provide some hints - one topic she speaks on fairly often and has written articles and guides on the topic. The other is something she teaches about in the course at the Sandra Day O'Connor College of Law at ASU on Privacy, Big Data, and Emerging Technologies and is not an easy topic to address with law students and undergrads.

Join us as K and Paul discuss her two favorite topics in depth, both of which are global privacy concerns. As always, key resources are provided below, but spoiler alert - if you review them, you will know her two topics!

Resources:

• Your Vendor, Your Risk by Maggie Gloeckle and K Royal
• 2020 Cost of Insider Threats by the Ponemon Institite
• 2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best Practices
• Cyber Civil Rights Initiative state laws
• There are revenge porn laws on the books in 46 states, but victims say not enough is being done to protect them online by Insider 
• FBI arrests Queen Creek man accused of cyberstalking ex, posting revenge porn by 12News
• Maastricht University Law Blogs - Paparazzo photos: copyright protected works or an intrusion into the celebrity’s private life?
• Nudes - Norwegian TV Series (IMDb)

Twitter: 
@EuroPaulB
@heartofprivacy

If you have comments or questions, find us on LinkedIn, Twitter/Mastodon @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us!

Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.

#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

Personal data can often be a complicated side to critical business activities, such as mergers and acquisitions and bankruptcy. Since the beginning of the year, the world has been dealing with a global health crisis. But unfortunately, that is not the only crisis the world will be dealing with this year - by now it is clear our economy will take a serious hit as well. Companies will go under, or else may become targets for mergers and acquisitions while in a weakened state. That also may have an impact on the data holdings of organisations. Can sets of customer, employee and third-party data just be handed over from one company to the other, or sold to the highest bidder to return some money to investors?  These highly impactful business activities, that are often executed rapidly, are not the times to overlook critical data allowances and restrictions. 

In this episode, we put these tough issues to Constantine Karbaliotis, a privacy veteran who has managed these issues for companies. Join us as we discuss how companies can prepare for and manage privacy issues in M&A and bankruptcy. We also took the opportunity to ask him for a Canadian’s perspective on the new CCPA regulations that have been filed with the California Office of Administrative Law.

Resources:

• EDPB - Statement on the Data Protection Impact of Economic Concentration
• EDPB - Statement on Privacy Implications of Mergers
• Dutch DPA - Guidance on data processing in a bankruptcy situation (NL)
• CCPA Regulations filed https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/oal-sub-final-text-of-regs.pdf
• Privacy and Data Security in Mergers & Acquisitions Solutions Brief  

If you have comments or questions, find us on LinkedIn, Twitter/Mastodon @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us!

Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.

#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

The world suddenly came to a standstill when the #Coronavirus took hold of our daily lives. Fighting the virus is the first priority, but that cannot be done at the expense of the rights to #privacy and #data protection. In this double episode of #SeriousPrivacy, K and Paul talk about the virus with a number of guests, discussing employee privacy, the collection of health data and the latest regulator guidance. 

This is a two-part series, both at 40 minutes. Links are below for Spirion to follow up with Cameron and Gabe, along with links to their free offering for privacy / security and other resources we mention in the podcast.

Guests

• Gabe Gumbs - Chief Innovation Officer, Spirion
• Cameron Ivey - Senior Marketing/BDR, Spirion
• Lindsay Palmer - Research Specialist, TrustArc
• Prof. Ulrich Kelber - German Federal Commissioner for Data Protection and Freedom of Information

References

• TrustArc COVID-19 Blog
• Top 10 Tips for Companies with (new) Remote Workers  
• Top 10 Tips for Enabling (new) Remote Workers
• COVID-19 German DPA Guidance (🇩🇪)
• Privacy Please Podcast
• Spirion COVID-19 Blog
• Spirion Data Discovery Agent
• Spirion SDM trial
• Future of Privacy Forum - COVID-19:  Privacy & Data Protection Resources

Twitter
@Spirion 
@GabrielGumbs 
@PrivacyPlsPod 
@UlrichKelber
@heartofprivacy 
@EuroPaulB

If you have comments or questions, find us on LinkedIn, Twitter/Mastodon @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us!

Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.

#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

The world suddenly came to a standstill when the #Coronavirus took hold of our daily lives. Fighting the virus is the first priority, but that cannot be done at the expense of the rights to #privacy and #data protection. In this double episode of #SeriousPrivacy, K and Paul talk about the virus with a number of guests, discussing employee privacy, the collection of health data and the latest regulator guidance. 

This is a two-part series, both at 40 minutes.Links are below for Spirion to follow up with Cameron and Gabe, along with links to their free offering for privacy / security and other resources we mention in the podcast.

Guests

• Gabe Gumbs - Chief Innovation Officer, Spirion
• Cameron Ivey - Senior Marketing/BDR, Spirion
• Lindsay Palmer - Research Specialist, TrustArc
• Prof. Ulrich Kelber - German Federal Commissioner for Data Protection and Freedom of Information

References

• TrustArc COVID-19 Blog
• Top 10 Tips for Companies with (new) Remote Workers  
• Top 10 Tips for Enabling (new) Remote Workers
• COVID-19 German DPA Guidance (🇩🇪)
• Privacy Please Podcast
• Spirion COVID-19 Blog
• Spirion Data Discovery Agent
• Spirion SDM trial
• Future of Privacy Forum - COVID-19:  Privacy & Data Protection Resources

Twitter
@Spirion 
@GabrielGumbs 
@PrivacyPlsPod 
@UlrichKelber
@heartofprivacy 
@EuroPaulB

If you have comments or questions, find us on LinkedIn, Twitter/Mastodon @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us!

Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.

#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

In the second episode of season three, co-hosts Bill Mariano and Rob Hellewell kick off the show with Sightings of Radical Brilliance. In this episode, they discuss how technology competence has become a priority for today’s lawyers, which has become a recent hot topic within the space as more states make technical competence for lawyers mandatory. 

They then introduce the next guest speaker segment from the live recording of Law & Candor during Legaltech, which features Kelly Clay from GSK. They explore how GDPR has impacted the ediscovery world, both globally and in the US, since its enactment and focus on ways to mitigate risk by uncovering answers to the following questions: 

• What key challenges have GDPR and the rise of recent privacy laws created globally and in the US?
• How can information governance and compliance practices mitigate data privacy and security risks?
• What are best practices or key recommendations for listeners?

Our co-hosts wrap up the episode with a few key takeaways. Join in the conversation on Twitter and discover more about our speakers and the show here.

About Law & Candor

Law & Candor is a podcast wholly devoted to pursuing the legal technology revolution. Co-hosts Bill Mariano and Rob Hellewell explore the impacts and possibilities that new technology is creating by streamlining workflows for ediscovery, compliance, and information governance. To learn more about the show and our speakers, click here.

Are you a digital hoarder? Are you someone who always has a full mailbox? Then you know that finding the right data isn’t always easy. In this episode, K Royal chats with Kevin Ogrodnik, president of Sherpa Software, about the challenges of data discovery and finding data across systems.

Contact us at SeriousPrivacy@trustarc.com with comments or suggestions.

If you have comments or questions, find us on LinkedIn, Twitter/Mastodon @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us!

Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.

#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

The New York Shield Act will go into effect on March 21, 2020, for the State of New York residents.  The California Consumer Privacy Act (CCPA) began enforcement on January 1, 2020, for the State of California residents and General Data Protection Regulation (GDPR)  began enforcement in May 2018 for residents in EEA countries.   What does that have to do with Vendor Maintenance?  Let’s find out. 

Keep listening..

Check out my website www.debrarrichardson.com if you need help cleaning your vendor master file or implementing authentication techniques, internal controls and best practices to prevent fraudulent payments. 

Subscribe today to be entered in the subscriber-only monthly drawing to win a free Putting the AP in hAPpy Coffee Mug.  

Links mentioned in the podcast:   

• Blog Post: Why You May Need a Manual Vendor Process With Your Vendor Self-Registration Portal 
• Need help cleaning your Vendor Master File for a Portal Implementation? 5 Day Vendor Master File Clean-Up
• Authentication. Validation. Management: 3 Step Vendor Setup & Maintenance Process.  Protect your Vendor Master File.  Setup real vendors and avoid fraudulent payments
• Vendor Validation Reference List with Resources Links: www.debrarrichardson.com/vendor-validation-download
• More Podcasts/Blogs www.debrarrichardson.com
• More ideas?  Email me at debra@debrarrichardson.com 

 Music Credit:  www.purple-planet.com

Robert talks with Richard about privacy regulations including GDPR & CCPA, privacy program drivers, and his transition from globetrotting GDPR evangelist at IBM to Global IG Director at White & Case law firm, one of the world's largest. RIchard also talks about how he got into the computer business, which was somewhat by accident! 

In celebration of Global Data Privacy / Protection Day, TrustArc is launching its Serious Privacy podcast. Real information on your schedule. Tune in to hear our plans, why we got into privacy and what keeps us here.

If you have comments or questions, find us on LinkedIn, Twitter/Mastodon @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us!

Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.

#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO