Deidentified information is defined within the CCPA to refer to information that “cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer” provided that a business that uses deidentified information takes four operational and organizational steps to ensure that such information is not

After more than four years of negotiations, the Regulation on Privacy and Electronic Communications (ePrivacy Regulation), which will replace the ePrivacy Directive (2002/58/EC), appears to be at a turning point. On Feb. 10, 2021, the Council of the European Union announced it has adopted a consolidated version (the “Council’s Position”) which will be the basis

Possibly, yes. The European Data Protection Board (EDPB) has issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries).

The EDPB addresses a common

Possibly. The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries). In instances of a lost or stolen

The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries) and to the individuals themselves. One example discussed

Given the circumstances of most ransomware attacks, likely yes.

The EDPB issued practical guidance on various types of data breaches, giving top billing to ransomware attacks. Given the recent increase in ransomware attacks likely due to the sudden shift to remote work in response to COVID-19, the EDPB’s guidance focuses extensively on ransomware attacks. In

When the GDPR took effect in 2018, it required notification within 72 hours to supervisory authorities in the EU of a data breach likely to result in a risk to the rights and freedoms of individuals, and subsequent notification to the individuals themselves if the breach could give rise to such a “high” risk. Unlike

We have a deal! After several months of negotiations, on 24 December 2020, the EU and the UK announced that they have finally agreed on an agreement regulating trade and cooperation between the UK and the remaining 27 member states after 31 December 2020 (Trade Agreement). From a data protection perspective, this is welcome news

The UK is nearing the end of its Brexit transition period (the Transition Period), which expires Dec. 31, 2020. Although the UK has not been a party to the European Economic Area (EEA) agreement since the passage of Brexit, it has been treated as an EEA member during the Transition Period. Because of this status,