FTC Seeks Information from Platform-Based ISPs about Their Privacy Practices

Share

Following congressional hearings last month on potential federal data privacy legislation − Hearing on Policy Principles for a Federal Data Privacy Framework in the United States before the Senate Committee on Commerce, Science, and Transportation; Hearing on Improving Data Security at Consumer Reporting Agencies before the House Subcommittee on Economic and Consumer Policy − the Federal Trade Commission (FTC) on March 26, 2019, announced the initiation of a study concerning the privacy policies, procedures, and practices of seven internet service providers (ISPs). The FTC has used this process in other industries or areas of focus to gather information that it may later share in a public report.

Continue reading “FTC Seeks Information from Platform-Based ISPs about Their Privacy Practices”

Coming Soon to Singapore: Mandatory Data Breach Notifications

Share

Singapore’s Personal Data Protection Commission (PDPC) issued a statement on March 1 announcing its plan to introduce mandatory breach notifications as part of a set of proposed amendments to the country’s Personal Data Protection Act (PDPA). The proposed amendments come in response to the PDPC’s recent review of the PDPA in order “to ensure that it keeps pace with the evolving needs of businesses and individuals, and balances safeguarding individuals’ interests and enables the legitimate use of personal data by organisations.” The details of the mandatory breach notification have not yet been made public, but the amendment will likely require organizations to notify the PDPC and affected data subjects when a certain level of breach has occurred.

Continue reading “Coming Soon to Singapore: Mandatory Data Breach Notifications”

European Union Adopts Adequacy Decision For Safe Data Flows With Japan

Share

On January 23, 2019, the European Commission announced its decision to adopt adequacy status with Japan for transfers of personal data.  Pursuant to the European Union’s (EU) General Data Protection Regulation (GDPR), this decision will allow personal data to flow freely between the 28 EU countries, three additional European Economic Area member countries (Norway, Liechtenstein, and Iceland), and Japan, without the need for additional data protection safeguards or derogations.  Japan adopted an equivalent decision with the EU on January 22, 2019.  These reciprocal findings of adequacy will create the largest area of safe data flows in the world.

Continue reading “European Union Adopts Adequacy Decision For Safe Data Flows With Japan”

Brazil Adopts New Privacy Law Similar to GDPR

Share

On August 14, the president of Brazil signed the Brazilian General Data Protection Law (LGPD) into law. It will become effective on Valentine’s Day 2020. The elements of the new law are similar to the European Union’s General Data Protection Regulation (GDPR).

Continue reading “Brazil Adopts New Privacy Law Similar to GDPR”

Cybersecurity Responsibilities of a Plan Sponsor

Share

Plan sponsors of retirement plans handle a lot personal participant data, but many are unaware of their fiduciary duties in the context of cybersecurity. If a retirement plan suffers a cyberattack, plan assets could be diverted and misused. Under the Employee Retirement Income Security Act (ERISA), the plan sponsor could be held liable for a fiduciary breach for failure to satisfy a duty of loyalty and to act prudently.

Continue reading “Cybersecurity Responsibilities of a Plan Sponsor”

India Releases Draft Personal Data Protection Regulation

Share

India has released the much-anticipated first draft of the Personal Data Protection Bill, 2018, the country’s first comprehensive data protection regulation. The proposed bill is currently under review by India’s Ministry of Electronics and Information Technology and will likely be introduced in Parliament this year.

Continue reading “India Releases Draft Personal Data Protection Regulation”

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy