Compliance

FRANCE: The CNIL publishes new standards on HR management and whistleblowing schemes

By Denise Lebeau-Marianna and Caroline Chancé   On 11 April 2019, the French Data Protection Supervisory Authority (CNIL) published two draft standards intending to provide practical guidance in relation to the processing of personal data for HR management and whistleblowing systems. The purposes of such standards is to: Assist businesses in their compliance process, and Help …

FRANCE: The CNIL publishes new standards on HR management and whistleblowing schemes Read More »

FRANCE: THE FIRST CNIL STANDARD REGULATION FOR BIOMETRIC SYSTEMS IN THE WORKPLACE

By Denise Lebeau-Marianna (Partner) & Alexandre Balducci (Associate) Why did the CNIL adopt a specific regulation for the use of biometric data processing in the workplace? In accordance with Article 9 (4) of the General Data Protection Regulation (GDPR) which provides that “Member States may maintain or introduce further conditions, including limitations, with regard to …

FRANCE: THE FIRST CNIL STANDARD REGULATION FOR BIOMETRIC SYSTEMS IN THE WORKPLACE Read More »

FTC Updates COPPA Guidance: Six-Step Compliance Plan for Your Business

Written by Michelle Anderson and Samantha Glazer In a June 21, 2017 blog post, the FTC announced updates to its Six-Step Compliance Plan for Your Business under the Children’s Online Privacy Protection Act (COPPA). The revisions make clear that the FTC considers new business models (e.g., voice-activated devices) and products (e.g., connected toys) to be covered under COPPA. …

FTC Updates COPPA Guidance: Six-Step Compliance Plan for Your Business Read More »

THE NETHERLANDS: DPA published phased plan to prepare for GDPR

By Richard van Schaik and Róbin de Wit Last week, the Dutch Personal Data Protection Authority (Autoriteit Persoonsgegevens, “AP”) published a step-by-step plan for organiations to prepare for the upcoming GDPR. The plan, consisting of 10 steps, reads as follows.   Awareness As a first step, key players within the organization (e.g. policymakers) need to …

THE NETHERLANDS: DPA published phased plan to prepare for GDPR Read More »

EUROPE: ECJ – Dynamic IP addresses may constitute personal data

By Jan Pohle and Jan Spittka In its landmark decision in the case Breyer v. Federal Republic of Germany (decision dated 19 October 2016, case number C-582/14), the European Court of Justice (ECJ) not only ended the long and tricky debate whether dynamic IP addresses constitute personal data even if the data controller processing the …

EUROPE: ECJ – Dynamic IP addresses may constitute personal data Read More »

Russia: Important changes to Russian data protection rules

By Michael Malloy and Pavel Arievich On July 20, 2014 a new law amending the law on data protection and law on information was signed off by the Russian president and thus was officialy adopted. The law, as further clarified, will come into force on September 1, 2015. The law requires all personal data operators …

Russia: Important changes to Russian data protection rules Read More »

Congress makes compliance with the confusing Video Privacy Protection Act Easier

By Jim Halpert Congress has amended the Video Privacy Protection Act (VPPA) to make it easier for businesses to obtain consent to share personally identifying information regarding consumers’ video viewing choices. The VPPA is a 1988 law passed in response to the disclosure of video rental records of the Supreme Court nominee Judge Robert H. Bork …

Congress makes compliance with the confusing Video Privacy Protection Act Easier Read More »

Mobile Apps and Privacy — A Global Issue: Are you in Compliance with Australian Privacy Law?

By Alec Christie At the end of October, we talked about the California Attorney General’s enforcement of its privacy laws against mobile app providers, noting that the California AG sent letters to numerous mobile app providers alleging that they were in violation of California law by failing to maintain a privacy policy for the app. We emphasized that app providers should …

Mobile Apps and Privacy — A Global Issue: Are you in Compliance with Australian Privacy Law? Read More »

FTC Publishes Guidelines Designed to Assist Mobile App Providers with Privacy Compliance

By Jennifer Kashatus Earlier this month, the FTC published guidelines designed to assist mobile app providers in complying with privacy and truth-in-advertising principles.  In the guidelines, the FTC walks through certain privacy principles, which it set forth in its Privacy Report issued last March.  Specifically, the FTC encourages mobile app providers: to incorporate privacy principles into the design …

FTC Publishes Guidelines Designed to Assist Mobile App Providers with Privacy Compliance Read More »

March 1 Is Deadline to Update Vendor Agreements in Compliance with Massachusetts Data Security Regs

By Jennifer Kashatus Businesses that own or license any personal data regarding Massachusetts residents have until March 1, 2012, to update vendor agreements to include requirements that vendors implement and maintain a data security program that complies with 201 Code of Mass. Reg. 17.00. In 2008,Massachusetts enacted the Regulations – a set of comprehensive and detailed data …

March 1 Is Deadline to Update Vendor Agreements in Compliance with Massachusetts Data Security Regs Read More »