The Sedona Conference® has released a Public Comment Version of its Commentary on Information Governance, Second Edition. The latest edition of this Commentary sets out 11 principles of information governance that provide a strategic framework for senior management to make decisions with respect to all information within an enterprise and accounts for changes and advances in technology and law that have occurred over the past four years. It also incorporates guidance on information governance contained in The Sedona Principles, Third Edition, which we discussed in a previous blog post. As defined in this Commentary, information governance “means an organization’s coordinated, interdisciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value.” The Commentary recognizes that information governance encompasses a variety of disciplines, including traditional records and information management, data privacy, information security, and e-discovery.
Continue reading “The Sedona Conference Publishes Commentary on Information Governance, Second Edition”
The UK Information Commissioner’s Office (ICO) has issued an Enforcement Notice against a Canadian data analytics firm, AggregateIQ (AIQ) that allegedly produced targeted advertisements for pro-Brexit campaigns. This action is the first enforcement Notice issued under the GDPR.
Continue reading “First Notice Filed Under GDPR against Canadian Analytics Firm”
The Senate Commerce Committee held a hearing “Examining Safeguards for Consumer Data Privacy” on September 26, which included testimony from tech industry executives.
Senator John Thune’s opening statement noted that with the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have put the issue of consumer data privacy squarely on the Congress’s doorstep. “The question is no longer whether we need a federal law to protect consumers’ privacy,” he said. “The question is what shape that law should take.”
Continue reading “The Devil is in the Definitions for Federal Consumer Data Privacy Safeguards”
The Internet Association (IA), a group of 40 major internet and technology firms, called for the establishment of a national privacy framework anchored by six privacy principles on Wednesday. In its press release announcing the principles, the IA indicated its support for the American approach to federal privacy legislation that is “consistent nationwide, proportional, flexible, and encourages companies to act as good stewards of the personal information provided to them by individuals.”
Continue reading “Enough of the Patchwork: Tech Industry Group Calls for a National Privacy Framework”
On August 14, the president of Brazil signed the Brazilian General Data Protection Law (LGPD) into law. It will become effective on Valentine’s Day 2020. The elements of the new law are similar to the European Union’s General Data Protection Regulation (GDPR).
Continue reading “Brazil Adopts New Privacy Law Similar to GDPR”
India has released the much-anticipated first draft of the Personal Data Protection Bill, 2018, the country’s first comprehensive data protection regulation. The proposed bill is currently under review by India’s Ministry of Electronics and Information Technology and will likely be introduced in Parliament this year.
Continue reading “India Releases Draft Personal Data Protection Regulation”