The UK Information Commissioner’s Office (“ICO”) has provided details on its plans to provide guidance to organizations on compliance with the European Union’s General Data Protection Regulation (“GDPR”), which will apply EU-wide as from 25 May 2018. The ICO’s work plan involves three overlapping “phases.” Over the next six months, priority outputs will include ICO […]
Privacy & Cyber Regulatory Enforcement
Illinois Makes Extensive Changes to Data Breach Notification Law
On May 6, 2016, Illinois Governor Bruce Rauner signed HB1260, which significantly updates the state’s Personal Information Protection Act. The changes take effect on January 1, 2017. When the new law becomes effective, Illinois’ data breach notification statute will include one of the broader definitions of the information which, if breached, will trigger notification […]
GDPR Published Today, Commencing Two-Year Countdown to Application
One of the most important EU legislative initiatives in recent years, and a landmark in privacy regulation worldwide, the GDPR is set to replace the Data Protection Directive (95/46/EC) of 1995. After the Council of Ministers accelerated the voting timetable for GDPR passage and the Parliament approved the GDPR in an up-or-down vote, all eyes were on the […]
Nebraska Makes Changes to Data Breach Statute
Nebraska Governor Pete Ricketts has signed LB835 into law, updating the state’s data breach notification statute. The changes take effect on July 20, 2016. With the updates, Nebraska joins a growing number of states that include a username or email in combination with a password or security question and answer that would permit access to […]
Turkey’s New Data Protection Law
Turkey’s new “Law on the Protection of Personal Data” has entered into effect following passage by the Turkish Parliament in late March and official publication last week. The Data Protection Law adopts a broadly European model for data protection and helps clarify key aspects of the regulation of personal data under Turkish law. This blog […]