On June 10, 2021, the final version of Data Security Law (DSL) of the People’s Republic of China was published, and the DSL will take effect Sept. 1, 2021. Prior to the issuance of the final version, two drafts of the DSL were released to the public seeking comments, in July 2020 and

While theoretically an organization could adopt ISO 27701 as a separate standalone framework to apply to an organization’s privacy program, the framework was conceptualized as an extension of the ISO data security standards. As a result, it is organized based upon the assumption that an organization already has a security program that is built off

On May 12, 2021, President Biden issued an executive order entitled Improving the Nation’s Cybersecurity (EO). The EO was released only days after the cyberattack impacting Colonial Pipeline, and several months following discovery of the penetration of various federal agencies as a result of the Solar Winds cyber breach by Russian hackers in 2019. The

While theoretically an organization could adopt ISO 27701 as a separate standalone framework to apply to the organization’s privacy program, the framework was conceptualized as an extension of the ISO data security standards – i.e., a company would ideally be certified in both data security and data privacy. As a result, it is organized based

The International Organization for Standards, better known simply as ISO, is an international standard on how organizations should manage information security. Organizations can obtain a certification from an accredited assessor that it is compliant with ISO security standards.

In 2019, ISO developed a privacy framework that was intended to build off of the existing ISO

What are the differences between the CCPA and the CPRA, and how do these two California privacy acts resemble the European GDPR? Is now the time to adopt a data privacy framework instead of trying to comply with state statutes like the CPRA? David Zetoony and Victor Monga, Governor of ISACA Orange County, recently discussed

Likely no. While the CCPA provides for statutory damages if certain personal information is exposed in a data breach due to a business’s failure to have reasonable and appropriate security in place, the CPRA goes a step further. The CPRA requires the California government to issue regulations requiring businesses whose processing of consumers’ personal information

In a major plot twist over the last few days, Brazil’s new General Data Protection Law (Lei Geral de Proteção de Dados Pessoais) – Law No. 13,709/2018 (LGPD) will take effect in two short weeks, after a last-minute decision not to delay its rollout.

The Background: A Very Brief Overview of the LGPD

The LGPD is similar to the EU’s General Data Protection Regulation (GDPR), applying data protection obligations to companies processing personal data regarding Brazilian residents. Among other requirements, the LGPD requires certain legal bases for processing data and provides Brazilian residents with many enumerated rights over their personal data. For a helpful overview of the LGPD’s provisions, including the individual rights, legal bases for processing, and sanctions as enumerated in the legislation, see GT Alert, 6 Months Until Brazil’s LGPD Takes Effect – Are You Ready?
Continue Reading Brazil’s Data Protection Law Will Be Effective After All, But Enforcement Provisions Delayed Until August 2021

Introduction

As many countries reach the second stage of the Coronavirus Disease 2019 (COVID-19) outbreak, privacy protections may be relaxed under certain circumstances. The European Data Protection Board (EDPB) issued a statement on the processing of personal data in this period of time, and several national data protection authorities have issued COVID-19 specific

While many companies across the United States transition to remote working, scammers are taking this opportunity to target vulnerable and unsuspecting employees. Some emails and websites promising information about keeping safe from, and offering resources for, the Coronavirus Disease 2019 (COVID-19) pandemic have turned out to be scams that push malware, ransomware, and disinformation, or