In 2011, the International Organization for Standards technical committee on Information Security, Cybersecurity and Privacy Protection developed a privacy framework that was intended to propose common privacy terminology, define the roles of different organizations with respect to privacy, and establish core privacy principles.1 The result was the publication on December 15, 2011, of the
There are few published statistics regarding the adoption rate of privacy frameworks. The statistics that do exist have questionable reliability, primarily owing to sampling bias and self-reporting bias. For example, studies that ask clients of an organization that creates a privacy framework whether they adopted the privacy framework are likely to overreport adoption rates, as
There are numerous privacy frameworks. Some are established by independent organizations such as the International Organization for Standardization (ISO), which established the ISO 29100 privacy framework. Others are established by standard-setting bodies related to specific countries or governments. For example, the United States National Institute of Standards and Technology (NIST) established a NIST Privacy Framework.
A privacy framework describes a set of standards or concepts around which a company bases its privacy program. Typically, a privacy framework does not attempt to include all privacy-related requirements imposed by law or account for the privacy requirements of any particular legal system or regime. Instead, the framework attempts to establish a privacy program
What are the differences between the CCPA and the CPRA, and how do these two California privacy acts resemble the European GDPR? Is now the time to adopt a data privacy framework instead of trying to comply with state statutes like the CPRA? David Zetoony and Victor Monga, Governor of ISACA Orange County, recently discussed
Kate Black, a shareholder in Greenberg Traurig’s Data Privacy & Cybersecurity and Emerging Technology practices, will participate in a panel discussion on Wednesday, April 7 from 10:00 – 11:00 a.m. PDT as part of the International Association of Privacy Professionals (IAPP) Global Privacy Summit Online 2021. The summit is designed to provide critical
Section 1798.150 of the CCPA permits consumers to “institute a civil action” if consumer “personal information, as defined in subparagraph (A) of paragraph (1) of subdivision (d) of Section 1798.81.5, is subject to unauthorized access and exfiltration, theft, or disclosure,” and where that unauthorized access was “a result of the business’s violation” of a duty
Consumers are permitted to bring suit under the CCPA if they can prove the following five elements:
Shareholder Jena M. Valdetero is quoted in a Law360 article titled “COVID Inflamed Damaging Year For Data Breach Victims.” Click here to access the Law360 article (subscription required).
Innovation and ingenuity captured by companies in the form of intellectual property (IP) can be some of the greatest corporate assets and as such, require protection. Trade secrets, in particular, are sensitive intellectual property rights because they consist of proprietary information that maintains its value based on its confidentiality or secret status.
If stolen, the