Monday, May 3, 2021
The California Privacy Protection Act (CPRA) amended the California Consumer Privacy Act (CCPA) and has an operative date of January 1, 2023. The CPRA introduces new compliance obligations including a requirement that businesses conduct risk assessments. While many U.S. companies currently conduct risk assessments for compliance with state “reasonable safeguards” statutes (e.g., Florida, Texas, Illinois, Massachusetts, New York) or the HIPAA Security Rule, the CPRA risk assessment has a different focus. This risk assessment requirement is similar to the EU General Data Protection’s (GDPR) data protection impact assessment (DPIA).
The goal of conducting a CPRA risk assessment is to restrict or prohibit the processing of personal information where the risks to a consumer’s privacy outweigh any benefits to the consumer, business, stakeholders, and public. Notably, the CPRA does not limit risk assessments to activities involving the processi
To embed, copy and paste the code into your website or blog:
The California Privacy Protection Act (CPRA) amended the California Consumer Privacy Act (CCPA) and has an operative date of January 1, 2023. The CPRA introduces new compliance obligations including a requirement that businesses conduct risk assessments. While many U.S. companies currently conduct risk assessments for compliance with state “reasonable safeguards” statutes (e.g., Florida, Texas, Illinois, Massachusetts, New York) or the HIPAA Security Rule, the CPRA risk assessment has a different focus. This risk assessment requirement is similar to the EU General Data Protection’s (GDPR) data protection impact assessment (DPIA).
Stopping the Next SolarWinds Requires Doing Something Different
Will the SolarWinds breach finally prompt the right legislative and regulatory actions on a broader, more effective scale?
The SolarWinds breach is not the first major supply chain breach, but previous similar breaches failed to prompt effective regulatory action. Both governments and businesses remain focused on things like cyber hygiene and information sharing, which while critical are not enough to stop the next major breach. The SolarWinds breach came in via a trusted vendor, which means even the most diligent cyber hygiene and immediate patching would not have helped. Likewise, information sharing is important, but it took nine months to detect the SolarWinds attack so by the time there was information to share, it was too late.
Monday, May 3, 2021
The end of last month the Sedona Conference and its Working Group 11 on Data Security and Privacy Liability (WG11) announced that The Sedona Conference Commentary on Quantifying Violations under U.S. Privacy Laws (“Commentary”) has been published for public comment. Read on for some key takeaways.
First, for those who are not so familiar, a brief introduction. What is The Sedona Conference? It is a nonpartisan, research and educational institute dedicated to the advanced study of law and policy in the areas of antitrust law, complex litigation, intellectual property rights, and data security and privacy law.
Since its inception, The Sedona Conference has had multiple Working Groups. These Working Groups, or “think-tanks”, are tasked with confronting some of the most challenging legal issues. For example, the first Working Group (WG1) met on October 17-18, 2002, and was dedicated to the development of guidelines for electronic documen
Stadtratte via Getty Images
Last week, the United States Senate played host to a number of social media company VPs during hearings on the potential dangers presented by algorithmic bias and amplification. While that meeting almost immediately broke down into a partisan circus of grandstanding grievance airing, Democratic senators did manage to focus a bit on how these recommendation algorithms might contribute to the spread of online misinformation and extremist ideologies. The issues and pitfalls presented by social algorithms are well-known and have been well-documented. So, really, what are we going to do about it?
“So I think in order to answer that question, there s something critical that needs to happen: we need more independent researchers being able to analyze platforms and their behavior,” Dr. Brandie Nonnecke, Director of the CITRIS Policy Lab at UC Berkeley, told Engadget. Social media companies “know that they need to be more transparent in what s happening on t