The terms “pseudonymize” and “pseudonymization” are commonly referenced in the data privacy community, but their origins and meaning are not widely understood among American attorneys. Most American dictionaries do not recognize either term.1 While they derive from the root word “pseudonym” – which is defined as a “name that someone uses instead of his

Deidentified information is defined within the CCPA to refer to information that “cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer” provided that a business that uses deidentified information takes four operational and organizational steps to ensure that such information is not

After more than four years of negotiations, the Regulation on Privacy and Electronic Communications (ePrivacy Regulation), which will replace the ePrivacy Directive (2002/58/EC), appears to be at a turning point. On Feb. 10, 2021, the Council of the European Union announced it has adopted a consolidated version (the “Council’s Position”) which will be the basis

Possibly, yes. The European Data Protection Board (EDPB) has issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries).

The EDPB addresses a common

Possibly. The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries). In instances of a lost or stolen

Possibly. The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries). The guidance addresses the common scenario of

Maybe not. The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries).

The EDPB addresses a very common

Virginia is poised to be the second state, after California, to pass comprehensive data privacy legislation.  The Virginia Consumer Data Protection Act passed the Senate and the House of Delegates on Feb. 24, 2021, and now awaits the approval of Governor Northam.

Although the Virginia statute will not take effect until Jan. 1, 2023, companies

The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries) and to the individuals themselves. One example discussed

The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries). The guidance includes how to respond to a