The terms “pseudonymize” and “pseudonymization” are commonly referenced in the data privacy community, but their origins and meaning are not widely understood among American attorneys. Most American dictionaries do not recognize either term.1 While they derive from the root word “pseudonym” – which is defined as a “name that someone uses instead of his

Deidentified information is defined within the CCPA to refer to information that “cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer” provided that a business that uses deidentified information takes four operational and organizational steps to ensure that such information is not

The CCPA includes a non-exhaustive list of data types that may fall under the definition of personal information. One of those data types is “biometric information.”1

While the CCPA provides a definition of “biometric information,” it is worth noting that the CCPA’s definition differs from the definition of the term in other statutes and

After more than four years of negotiations, the Regulation on Privacy and Electronic Communications (ePrivacy Regulation), which will replace the ePrivacy Directive (2002/58/EC), appears to be at a turning point. On Feb. 10, 2021, the Council of the European Union announced it has adopted a consolidated version (the “Council’s Position”) which will be the basis

Maybe.

“Hashing” refers to the process of using an algorithm to transform data of any size into a unique fixed-sized output (e.g., combination of numbers and letters). To put it in layman’s terms, some piece of information (e.g., a name) is run through an equation that creates a unique string of characters. Anytime the exact

Kate Black, a shareholder in Greenberg Traurig’s Data Privacy & Cybersecurity and Emerging Technology practices, will participate in a panel discussion on Wednesday, April 7 from 10:00 – 11:00 a.m. PDT as part of the International Association of Privacy Professionals (IAPP) Global Privacy Summit Online 2021. The summit is designed to provide critical

On March 10, 2021, Rep. Suzan DelBene (D-Wash.) introduced the first comprehensive consumer privacy bill of the 117th Congress. The Information Transparency and Personal Data Control Act is designed to “establish a uniform set of rights for consumers and create one set of rules for businesses to operate in,” according to a press release from

Section 1798.150 of the CCPA permits consumers to “institute a civil action” if consumer “personal information, as defined in subparagraph (A) of paragraph (1) of subdivision (d) of Section 1798.81.5, is subject to unauthorized access and exfiltration, theft, or disclosure,” and where that unauthorized access was “a result of the business’s violation” of a duty

Consumers are permitted to bring suit under the CCPA if they can prove the following five elements:

  1. A business incurred a data breach;
  2. The data breach involved a sensitive category of information identified in California Civil Code Section 1798.81.5;
  3. The business had a legal duty to protect the personal information from breach;
  4. The business failed

The CCPA states that a service provider must be contractually prohibited from “retaining, using, or disclosing the personal information [provided to it by a business] for any purpose other than for the business purposes specified in the contract for the business . . . .”1 That prohibition, however, may not apply to information once