Consistent with recent expansions to state data breach notification laws, Colorado recently enacted an expanded data privacy law that strengthens the state’s existing breach notification law and that requires policies and procedures concerning the protection and destruction of personal identifying information (“PII”). The law applies to any individual or commercial entity that maintains, owns, or […]
Data Protection
German DPAs Issue DPIA Blacklists; Many Companies Likely to be Affected
The GDPR entered into force on May 25, 2018. One of the GDPR’s core going-forward obligations is the duty to conduct Data Protection Impact Assessments (DPIAs) over processing activities that create a “high risk” to individuals’ privacy. DPIAs constitute an important aspect of GDPR compliance, as they arguably replace the notifications of processing systems and […]
On GDPR Day, Austrian DPA issues First Binding DPIA Whitelist
The GDPR entered into force on May 25, 2018. One of the GDPR’s core going-forward obligations is the duty to conduct Data Protection Impact Assessments (DPIAs) over processing activities that create a “high risk” to individuals’ privacy. DPIAs constitute an important aspect of GDPR compliance, as they arguably replace the notifications of processing systems and […]
Georgia Court of Appeals Reaffirms Lack of Duty to Safeguard Personal Information
The Georgia Court of Appeals recently reaffirmed its prior conclusion that there is no duty to safeguard personal information under Georgia law. In McConnell v. Ga. Dep’t of Labor, — S.E.2d —-, 2018 WL 2173252 (Ga. App. May 11, 2018), the Court of Appeals addressed whether a plaintiff whose social security number and other personal […]
Alston & Bird Issues Data Protection Paper on Accurate Retrieval of Personal Data under the GDPR
Today Alston & Bird’s Peter Swire and DeBrae Kennedy-Mayo, with support from Senzing, Inc., are publishing a White Paper titled The Importance of Accurate Retrieval of Data Subjects’ Personal Data in Complying with GDPR Individual Rights Requirements. The General Data Protection Regulation, which enters into effect on May 25, 2018, goes considerably beyond existing law in […]