On Sept. 15, join GT Data, Privacy & Cybersecurity Shareholder David Zetoony and Associate Karin Ross for their myLawCLE presentation, “What Is Considered Sensitive Personal Information?”, co-sponsored with the Federal Bar Association.

The term “sensitive personal information” is often referred to in contracts, regulatory guidance, and policy documents. What constitutes sensitive personal information,

Some privacy statutes explicitly reference “sensitive” or “special” categories of personal information. While such terms, when used, often include similar data types that are generally considered as raising greater privacy risks to data subjects if disclosed, the exact categories that fall under those rubrics differ between and among statutes. Furthermore, other privacy statutes do not

Some privacy statutes explicitly reference “sensitive” or “special” categories of personal information. While such terms, when used, often include similar data types that are generally considered as raising greater privacy risks to data subjects if disclosed, the exact categories that fall under those rubrics differ between and among statutes. Furthermore, other privacy statutes do not

A controller refers to the entity that determines the “purpose and means” of how personal data will be processed. Determining the “purpose” of processing refers to deciding why information will be processed. Determining the “means” of processing refers to deciding how information will be processed.[1] That does not necessarily mean, however, that a controller

A controller refers to the entity that determines the “purposes and means” of how personal data will be processed. [1] Determining the “means” of processing refers to deciding “how” information will be processed.[2] That does not mean, however, that a controller must make every decision with respect to the processing of information.

The European

New regulations to the California Consumer Privacy Act (CCPA) took effect in March that prohibit businesses from using on their websites “dark patterns” that make it difficult for California consumers to opt out of the sale of their personal information.

A dark pattern is a potentially manipulative user interface design that can have the effect,

The terms “pseudonymize” and “pseudonymization” are commonly referenced in the data privacy community, but their origins and meaning are not widely understood among American attorneys. Most American dictionaries do not recognize either term.1 While they derive from the root word “pseudonym” – which is defined as a “name that someone uses instead of his

Deidentified information is defined within the CCPA to refer to information that “cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer” provided that a business that uses deidentified information takes four operational and organizational steps to ensure that such information is not

The CCPA includes a non-exhaustive list of data types that may fall under the definition of personal information. One of those data types is “biometric information.”1

While the CCPA provides a definition of “biometric information,” it is worth noting that the CCPA’s definition differs from the definition of the term in other statutes and