Last week, the Federal Trade Commission granted a petition by Sears Holding Management seeking modification of a 2009 Commission Order. The notable 2009 Order settled allegations that Sears had improperly failed to provide notice regarding data collection by certain software the company offered to consumers. Sears argued that the 2009 Order placed it at a […]
100 Days Until GDPR Effective Date – Sharing Our GDPR Experience
In less than 100 days, the General Data Protection Regulation (GDPR) will go into effect. This means that as of May 25, 2018, each national Supervisory Authority will have the authority to apply and enforce the GDPR. The GDPR raises the bar in terms of requirements substantially higher than the Data Protection Framework Directive. For […]
Data Protection Litigation to Become a New Reality in Belgium
On November 16, 2017 the Belgian Senate adopted an “Act on the Establishment of the Data Protection Authority” (the “Act”). Following Austria, Germany, and the UK, Belgium is the fourth EU Member State to pass a domestic statute implementing the General Data Protection Regulation 2016/679 (“GDPR”) prior to its effective date of 25 May 2018. […]
EU DPAs and the Future of Privacy Shield
The Article 29 Working Party group (WP29) of European data protection authorities recently announced that they will legally challenge the adequacy of the Privacy Shield Framework unless the U.S. government addresses certain “prioritized concerns” by May 25, 2018. Privacy Shield provides a framework which helps over 2500+ participating U.S. companies legally transfer EU personal data […]
NIST Releases Updated Cyber Framework V1.1
On December 5, 2017, the National Institute of Standards and Technology (NIST) released a revised draft of its proposed updates to its Framework for Improving Critical Infrastructure Cybersecurity. The revised draft includes a new section on communicating with stakeholders about cybersescurity requirements, addresses stakeholder concerns regarding cybersecurity supply chain risk management and measuring cybersecurity risks […]