Data Privacy & Cybersecurity

In 2011, the International Organization for Standards technical committee on Information Security, Cybersecurity and Privacy Protection developed a privacy framework that was intended to propose common privacy terminology, define the roles of different organizations with respect to privacy, and establish core privacy principles.1  The result was the publication on December 15, 2011, of the

There are few published statistics regarding the adoption rate of privacy frameworks. The statistics that do exist have questionable reliability, primarily owing to sampling bias and self-reporting bias. For example, studies that ask clients of an organization that creates a privacy framework whether they adopted the privacy framework are likely to overreport adoption rates, as

There are numerous privacy frameworks. Some are established by independent organizations such as the International Organization for Standardization (ISO), which established the ISO 29100 privacy framework. Others are established by standard-setting bodies related to specific countries or governments. For example, the United States National Institute of Standards and Technology (NIST) established a NIST Privacy Framework.

A privacy framework describes a set of standards or concepts around which a company bases its privacy program. Typically, a privacy framework does not attempt to include all privacy-related requirements imposed by law or account for the privacy requirements of any particular legal system or regime.  Instead, the framework attempts to establish a privacy program

What are the differences between the CCPA and the CPRA, and how do these two California privacy acts resemble the European GDPR? Is now the time to adopt a data privacy framework instead of trying to comply with state statutes like the CPRA? David Zetoony and Victor Monga, Governor of ISACA Orange County, recently discussed

Kate Black, a shareholder in Greenberg Traurig’s Data Privacy & Cybersecurity and Emerging Technology practices, will participate in a panel discussion on Wednesday, April 7 from 10:00 – 11:00 a.m. PDT as part of the International Association of Privacy Professionals (IAPP) Global Privacy Summit Online 2021. The summit is designed to provide critical

Section 1798.150 of the CCPA permits consumers to “institute a civil action” if consumer “personal information, as defined in subparagraph (A) of paragraph (1) of subdivision (d) of Section 1798.81.5, is subject to unauthorized access and exfiltration, theft, or disclosure,” and where that unauthorized access was “a result of the business’s violation” of a duty

Consumers are permitted to bring suit under the CCPA if they can prove the following five elements:

  1. A business incurred a data breach;
  2. The data breach involved a sensitive category of information identified in California Civil Code Section 1798.81.5;
  3. The business had a legal duty to protect the personal information from breach;
  4. The business failed

Innovation and ingenuity captured by companies in the form of intellectual property (IP) can be some of the greatest corporate assets and as such, require protection. Trade secrets, in particular, are sensitive intellectual property rights because they consist of proprietary information that maintains its value based on its confidentiality or secret status.

If stolen, the