Four Key Rules For Collecting Biometric Data In A Privacy – Compliant Way


In this post, we provide you with four key rules for collecting biometric data to ensure the collection is privacy-compliant.  While extracted from the recent Guidance on Collection and Use of Biometric Data issued by the Hong Kong Privacy Commissioner and from a 2011 Guidance issued by the Canadian Privacy Commissioner, these rules are of … Read more

GDPR – German Data Protection Authorities Establish New Rules For Whistleblowing Hotlines: Call For Action

three women

In light of the GDPR, the German data protection authorities (German DPAs) have issued new guidance regarding the implementation of whistleblowing hotlines. The new position of the German DPAs is so fundamentally different from their pre-GDPR position that German companies should review, and likely implement changes to, any existing whistleblowing hotlines offered to their employees. … Read more

California – New Data Security Requirements For Manufacturers Of Connected Devices


Effective January 1, 2020, according to a new Cal. Civ. Code § 1798.91.04(a), manufacturers of connected devices offered for sale or sold in California must equip such devices with reasonable security features to protect the device and any information contained in them from unauthorized access, destruction, use, modification, or disclosure.Unlike the GDPR and other data … Read more

Reasonable Retention Of Personal Information: The Compliance Advantage Of Risk-Based Polices And Procedures For Information Governance


A recent privacy breach case in Canada offers practical guidance for organizations anywhere to avoid the over-retention of personal data.A May 2017 Order from the Office of the Information and Privacy Commissioner of Alberta provides new insight into the requirement under section 35 of the Personal Information Protection Act to retain personal information only as … Read more

New California Data Security And Breach Notification Requirements For 2016


Businesses and government entities have been subject to data security breach notification requirements under California law for decades. In 2002, California was the first country worldwide to pass a law requiring businesses and agencies to notify data subjects of data security breaches. Since then, California has regularly updated its data security breach notification law, including … Read more

Global Data Protection Enforcement Guide

data transfering

Nearly every company in the world is struggling to effectively manage the broad range of legal and operational risks associated with data.  Data is everywhere, and everyone is working to maximize its organizational value, while avoiding wrongful disclosures, theft of informational assets, and the losses related to the costly legal fallout.  This is the result, … Read more

EU GDPR Is Here, Now What?


So we have all fully digested 209 pages of  the EU General Data Protection Regulation (GDPR) text, and added it to our 2016 new year’s resolution, now what?   While the EU Parliament and Council are expected to have their final vote on the GDPR in the first quarter of 2016, how should companies start preparing for … Read more