An agreement in principle on two consumer privacy suits brought by the Texas Attorney General's office would settle the complaints for a total of $1.375 billion. The suits broadly involve surreptitious tracking of users via several methods and products in recent years, including alleged undisclosed company use of biometrics.
Data Protection
Certain types of personal data are very valuable to criminals, and can be very damaging to an individual or business if it falls into the wrong hands. As the world becomes more digital and more connected, more of this sort of data is generated and passed between various sources on a regular basis.
Government regulations and supervisory authorities aren’t just about keeping irresponsible parties in line. They also provide vital security guidance to every type of organization that handles sensitive personal, business or government information.
Data protection regulations also ensure that the end user has a transparent view of and a say in the processing of personal data. These safeguards play a significant role in everything from the preservation of civil rights to ensuring that democratic institutions function properly.
Some types of personal data are clear candidates for regulation: medical records, banking information, national ID numbers and so on. But some of these regulations also cover items that might seem relatively innocuous at first glance: home addresses, email addresses, website profile information and so on. For example, the European Union General Data Protection Regulation (GDPR) has stipulations about anything that is unique to an individual to include phone numbers and social media accounts. People have varying levels of privacy preference with these items, but they are often protected by regulation because they can be used for targeted scams and attempts at identity theft.
Given that regulations often take the size and customer count of businesses into consideration in terms of penalties and the scope of protection of personal data, compliance is particularly important for enterprise-scale organizations. You do not necessarily have to have an active business presence in a country or region; simply storing data on or moving it through servers there may subject you to their data protection rules.
An ongoing Texas investigation is specifically examining whether driver data collected by modern smart vehicles is being misused under the terms of a variety of state laws. The investigation is also looking at potential violations of federal law in the area of consumer privacy.
With less than a year until the new implementation date, how can organizations successfully prepare for Thailand’s PDPA enforcement come May 31, 2021?
The ADPPA is the first nationwide US privacy bill that stands a chance of being legislated and changing the face of the entire US privacy landscape. There is a general consensus that the proposed data minimization guidelines could significantly reshape the processes and procedures businesses will utilize to collect consumer data.
The California Consumer Privacy Act (CCPA) is the latest in privacy compliance. Although not as comprehensive as what is provided by the GDPR, there are useful operational overlap that can help with compliance with the CCPA.
CaCPA, going into effect January 2020, has triggered many organizations to look for reliable data partners to protect consumer privacy. What are the criteria when searching for these colocation partners?
With the CCPA enforcement deadline only a month away, Chief Privacy Officers are still grappling with significant uncertainties about what exactly the law requires.
Although CCPA is intended for California consumers, enterprises across the U.S. are adjusting their cybersecurity procedures and policies in anticipation of further regulations.
Colorado's AI regulations are still a work in progress, and the battle over how to regulate AI – without stifling innovation – has only just begun. As Colorado stands at the forefront of AI regulation, this process isn't just about one state's laws – it's a test case for how AI will be governed across the country.
While the proposed Data Care Act isn't quite a full-on EU GDPR equivalent, the bill still aims to bring the tech industry's practices more in line with current approaches for handling sensitive personal information.










