India Releases Draft Personal Data Protection Regulation


India has released the much-anticipated first draft of the Personal Data Protection Bill, 2018, the country’s first comprehensive data protection regulation. The proposed bill is currently under review by India’s Ministry of Electronics and Information Technology and will likely be introduced in Parliament this year.

Continue reading “India Releases Draft Personal Data Protection Regulation”

Digital Medicine: Health Care Providers’ Side of the Story


Health care technology, particularly digital medicine, promises great new capabilities that will improve outcomes and reduce overall costs and time constraints. Digital medicine encompasses a broad-range of technologies, from technologies used to record, retain, and manipulate health data (i.e., Electronic Health Records aka., EHRs) and thereby make it more useable and amenable to analysis; to actual tools in clinical care (i.e., medical imaging, wearable sensors) that can measure physiological parameters or patient activity and facilitate clinical care and decision-making.

Continue reading “Digital Medicine: Health Care Providers’ Side of the Story”

California Enacts Consumer Privacy Act


The California Consumer Privacy Act’s swift passage is the result of a compromise reached between the backers of a ballot initiative and California legislators. There are similarities and differences between the Privacy Act and the European Union’s General Data Protection Regulation (GDPR) regime, but one thing that is common to both is the need for covered entities that collect or process the personal data of data subjects to understand what personal data is collected, why it is collected, how it is used, and with whom it is shared – in other words, core information governance principles.

The new law is the most comprehensive state privacy law passed to date. It will go into effect January 1, 2020 and comes on the heels of the GDPR which became effective on May 25, 2018.

Continue reading “California Enacts Consumer Privacy Act”

Federal IT Modernization Report Recommendations


This post is part of a continuing DBR on Data series on Executive Order 13800 and updates on its implementation a year after passage.

Strengthening federal information technology (IT) has been one of the priorities of the current administration, as outlined in the May 2017 Executive Order 13800. As summarized in our previous blog, the Director of the American Technology Council (ATC) was tasked, among other things, to coordinate the preparation of a report to the president regarding modernization of federal IT infrastructure. The draft report was made available for public comment in August, and finalized in December 2017. The final report’s implementation clock started on January 1, 2018.

Continue reading “Federal IT Modernization Report Recommendations”

FTC Staff Provides Recommendations to Consumer Product Safety Commission on IoT Safety


In March 2018, the Consumer Product Safety Commission (CPSC) issued a Notice of Public Hearing and Request for Written comments on The Internet of Things on Consumer Product Hazards.  The CPSC expressed interest regarding existing safety standards on existing IoT devices, how to prevent hazards, and the role of government in the effort to promote IoT safety.

Continue reading “FTC Staff Provides Recommendations to Consumer Product Safety Commission on IoT Safety”

Stay In Touch! Email Marketing After the GDPR


Part I: Untangling the GDPR and the e-Privacy Directive

This is the first post in a four part series on GDPR and email marketing.

Your email in-box has probably finally recovered from the wave of GDPR opt-in requests and notices that peaked around May 25th. But, if you’ve followed the privacy press or the statements from EU regulators, you’re probably left wondering what it was all for. Many statements made in news stories (both in the U.S. and the EU) and by commentators have claimed that the GDPR means no one can send marketing emails any more without your permission. But, other stories suggest that the opt-in emails and privacy notices were unnecessary or, even, inappropriate. Who’s right? And what email marketing is allowed now?

Continue reading “Stay In Touch! Email Marketing After the GDPR”