Articles

U.S. data privacy and security solutions emerging at the…

The American Data Privacy and Protection Act bill faces a tough battle for passage, but the Biden administration is considering actions of its own.

Although a handful of U.S. states have enacted strict privacy laws, the United States still lacks a comprehensive federal privacy statute, a vacuum that has fueled what many observers argue is a culture of “surveillance capitalism.” The lack of a national privacy law looms particularly large now as the Supreme Court seems poised to overturn its landmark abortion decision Roe v. Wade, which is likely to accelerate private data hunting expeditions by prosecutors and law enforcement in nearly 30 U.S. states.

Absent a federal privacy law that would protect the location data of abortion seekers, Senator Elizabeth Warren (D-MA) introduced a bill that would essentially outlaw the sale of location data harvested from smartphones. However, the U.S. Congress and the Biden administration have recently taken surprising steps to tackle the problem of data privacy on a national basis through legislation, policy and regulatory measures that seek to stem the escalation of privacy-invading practices and technologies.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

China’s PIPL privacy law imposes new data handling requirements

The Personal Information Protection Law will force global companies doing business in China to be more careful with cross-border flow of personal information.

As part of the country’s growing scrutiny over the tech sector, China enacted on August 21 a sprawling and comprehensive data privacy law, the Personal Information Protection Law (PIPL), which goes into effect on November 1, 2021. In combination with China’s newly enacted and still little-understood Data Protection Law, which goes into effect on September 1, 2021, this law promises to impose a host of new data privacy, security, and protective obligations on all US and global companies doing business in China.

These significant laws fit into China’s broad “informatization policy,” which Chinese President Xi Jinping has described as the modern equivalent of industrialization. However, the data protection law comes closer to serving more as a cybersecurity law than the PIPL. In his efforts to boost China to” cyber superpower” status, President Xi has famously said that “cybersecurity and informatization are two wings of one body, and two wheels of one engine.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

New AI privacy, security regulations likely coming with pending…

CISOs should prepare for new requirements to protect data collected for and generated by artificial intelligence algorithms.

Regulation surrounding artificial intelligence technologies will likely have a growing impact on how companies store, secure, and share data in the years ahead. The ethics of artificial intelligence (AI), particularly facial recognition, by law enforcement authorities, have received a lot of attention. Still, the US is just at the beginning of what will likely be a surge in federal and state legislation regarding what companies can and cannot do regarding algorithmically derived information.

“It’s really the wild west right now in terms of regulation of artificial intelligence,” Peter Stockburger, partner in the Data, Privacy, and Cybersecurity practice at global law firm Dentons, tells CSO. Much like the California Consumer Protection Act (CCPA), which spelled out notice requirements that companies must send to consumers regarding their privacy protections, “a lot of people think that’s where the AI legislation is going to go, that you should be getting giving users notification that there’s automated decision making happening and get the consent.”

AI encompasses a wide range of technical activities, from the creation of deepfakes to automated decision-making regarding credit scores, rental applications, job worthiness, and much more. On a day-to-day basis, many, if not most, companies now use formulas for business decision-making that could fall into the category of artificial intelligence.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Markus Winkler on Unsplash

 

Articles

Defining data protection standards could be a hot topic…

lead centered=”no”
Some states could follow the New York Shield Act’s lead and set clearer regulatory expectations for reasonable cybersecurity. Election security legislation likely not on the agenda.
/lead

Following nationwide elections, a new line-up of state lawmakers will be joining their veteran peers to dig into a host of cybersecurity issues during 2021. Since March, many, if not most, cybersecurity issues at the state level have been derailed so that legislators could grapple with the coronavirus’s overwhelming challenges. Most experts see cybersecurity matters continuing to take a back seat through at least the early months of 2021.

Aside from the pandemic, another factor driving a possible delay in state legislative momentum is the political division throughout the country. “States are going to ask, ‘What’s the likelihood we’re going to pass legislation and it’s going to get overturned at the national level,’” says Aaron Tantleff, a partner focused on cybersecurity and data privacy at Foley and Lardner. “There’s going to be a little more of ‘Let’s wait and see what’s going to happen at the national level.’”

Once the immediacy of the pandemic dissipates and the political heat cools, cybersecurity issues will likely surface again in new or revived legislation in many states, even if weaved throughout other related matters. It’s difficult to separate cybersecurity per se from adjoining issues such as data privacy, which has generally been the biggest topic to involve cybersecurity issues at the state level over the past four years. “You really don’t have this plethora of state cybersecurity laws that would be independent of their privacy law brethren,” Tantleff said.

According to the National Conference of State Legislatures, at least 38 states, along with Washington, DC, and Puerto Rico introduced or considered more than 280 bills or resolutions that deal significantly with cybersecurity as of September 2020. Setting aside privacy and some grid security funding issues, there are two categories of cybersecurity legislative issues at the state level to watch during 2021. The first and most important is spelling out more clearly what organizations need to meet security and privacy regulations. The second is whether states will pick up election security legislation left over from the 2020 sessions.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Lars Kienle on Unsplash

 

Articles

Passage of California privacy act could spur similar new…

lead centered=”no”
Voters approved the California Privacy Rights and Enforcement Act (CPRA), which in part limits how organizations can use personal data. Legal experts expect other states to follow suit.
/lead

On November 3, California citizens approved the California Privacy Rights and Enforcement Act (the CPRA), a comprehensive privacy law that amends another privacy law that went into effect in the state on January 1, the California Consumer Privacy Act (CCPA). The CPRA is intended to strengthen privacy regulations in California by creating new requirements for companies that collect and share sensitive personal information. It also creates a new agency, the California Privacy Protection Agency, that will be responsible for enforcing CPRA violations.

Most privacy attorneys agree that the CPRA was created with the European Union’s General Data Protection Regulation (GDPR) in mind, adding teeth to the stipulations that existed in the CCPA. Consumers will be able to correct inaccurate personal information that business hold, and fines are steep for violating the children’s data protection requirements under the CPRA. Most of the law’s provisions will go into effect on January 1, 2023, with some provisions requiring a look-back to 2022.

The CPRA defines “sensitive personal information” to include an expansive range of data elements, including government-issued identifiers such as drivers licenses, passports, and Social Security numbers as well as financial account information, geolocation, race, ethnicity, religion, union membership, personal communications, genetic and biometric data, health information, and information about sex life or sexual orientation.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Nathan Guisande on Unsplash