GDPR compliance is paying off for the minority of businesses who make the grade

This is according to research published today by Capgemini Research Institute, which surveyed 1,100 senior executives from companies across the Netherlands, Germany, Norway, Sweden, France, Spain, Italy, India, the UK and the US.

It found that while only 28% of companies had successfully achieved GDPR compliance, 92% of those who were compliant reported having a competitive advantage as a result.

Full Article Here

Ready, Set, Sustain: Six Steps Toward CCPA Compliance

The California Consumer Privacy Act (CCPA) is the first major piece of United States privacy legislation, but it won’t be the last. There are already similar bills in the works in Washington, Hawaii, Massachusetts, New Mexico, Rhode Island and Maryland. Introduced on June 28, 2018, the CCPA adopts much of its framework from the European Union General Data Protection Regulation (GDPR) – although there are some subtle differences. For example, the CCPA extends its protections to households and devices, not just individuals, and includes the right to opt-out of the sale of personal information.

Full Article Here

Tech giants ask Congress for a data privacy bill to bypass state laws

Tech giants are calling on Congress to pass a data privacy law — just as long as it’s on their terms. Those terms include legislation that would pre-empt the many state laws already protecting people’s privacy. But consumer privacy advocates argued this move would hurt data privacy. 

In a letter signed by more than 50 CEOs, including Amazon’s Jeff Bezos and AT&T’s Randall Stephenson, the industry leaders called for federal privacy legislation that would “strengthen consumer trust and establish a stable policy environment.”

Full Article

Coffee with Privacy Pros: “Privacy Policy is Human Progress”

AT&T’s mission statement is simple: “To inspire human progress through the power of communication and entertainment.” To achieve such an immense goal, AT&T could not just be a phone company.

AT&T, one of the top ten Fortune 500 companies, is now four distinct business units: AT&T Communications, which provides cable, internet, and phone services totaling more than $144 billion in revenue annually in the U.S., WarnerMedia (with fixture HBO) adding $33 billion, AT&T Latin America with over $7 billion, and finally, Xandr’s $2 billion contribution of advanced advertising solutions, which powers the data intelligence gathered from customer insights from parts of all the aforementioned AT&T businesses. Together, the new AT&T is “reinventing the way the media and entertainment industry works for consumers, content creators, distributors and advertisers.” This involves using customer data, such as viewing habits, likes/dislikes, and browsing history, all with the appropriate levels of permission, aggregation, and other safeguards. Some of the data can be considered quite private, so issues of trust, clarity, and choice are important.


Full Article

New FBI Plans for Social Media Surveillance Already Raising Significant Privacy Concerns

At a time when the general population in the U.S. is more aware than ever before of privacy issues raised by social media usage, the Federal Bureau of Investigation (FBI) appears ready and willing to ramp up its social media surveillance activities. According to a new request for proposal (RFP) that the FBI distributed in early July, the goal is to develop an “early alerting tool” that would enable the FBI to “proactively identify and reactively monitor” persons of interest or suspects in ongoing cases.

Full Article

Instagram Data Scraping by HYP3R Raises Privacy Concerns

Until recently, many of the social media privacy concerns that seem to swirl around Facebook on a regular basis never seemed to extend to Instagram, which is owned by Facebook. But all that could be changing as the result of a recent Instagram data scraping case that is attracting a lot of attention from privacy and security experts. A trusted Facebook marketing partner, HYP3R, had been scraping data from Instagram, storing it on its own servers, and then re-packaging all of that social media data for advertisers. The Instagram data scraping in question included physical locations, bio information, and photos – as well as some content (such as Instagram Stories) that were specifically intended to disappear after 24 hours.

Full Article

A Closer Look at the CCPA’s Private Right of Action and Statutory Damages

The California Consumer Privacy Act (CCPA) has significantly altered the potential consequences of a data breach under California law by permitting California consumers to bring civil suits for statutory damages, Cal. Civ. Code § 1798.150(a)(1), and to seek statutory damages of between $100 and $750 “per consumer per incident or actual damages, whichever is greater.” Id. § 1798.150(a)(1)(A). The ability to seek statutory damages is in addition to injunctive or declaratory relief. Id. § 1798.150(a)(1)(B),(C).

While consumers already had the right to bring suit under California’s data breach law, the CCPA’s provision allowing consumers to sue, known as a private right of action, adds a few new wrinkles. First, it provides for statutory damages. In many data breaches, demonstrating and quantifying damages caused by the breach can be difficult, making it hard for plaintiffs to successfully sue and obtain monetary damages. Statutory damages eliminates that hurdle by dispensing with the need to prove actual damages. Plaintiffs’ attorneys may be more likely to bring class action lawsuits on behalf of groups of data breach plaintiffs with this new tool in hand. The CCPA provides courts with a laundry-list of considerations for determining the amount of statutory damages to award. That list includes “the nature and seriousness of the misconduct, the number of violations, the persistence of the misconduct, the length of time over which the misconduct occurred, the willfulness of the defendant’s misconduct, and the defendant’s assets, liabilities, and net worth.” Id. § 1798.150(a)(2).

Full Article

U.S. Chamber of Commerce Presents ‘Data Done Right’

For over one hundred years, the U.S. Chamber of Commerce has acted as the eyes and ears for businesses in Washington, D.C., taking action on legislative issues and representing the interests of their membership body. Today, the Chamber’s membership consists of more than three million organizations across all sectors and regions, ranging from large corporations to small businesses (in fact, more than 96% of Chamber member companies have fewer than 100 employees). 

On July 11, 2019, the U.S. Chamber of Commerce hosted Data Done Right, a summit for “all things related to data privacy.” This event gave members an opportunity to hear from industry experts as well as voice their opinions. So, what’s the main takeaway from the day? That to effectively impact the data privacy debate, we all need to stand on common ground. To that end, here are four common views a majority of participants rallied behind:  

Full Article

How Can Marketers Handle All the Layers of Privacy Regulations?

Marketers are currently facing what might be called the Layer Cake Era of consumer privacy.

A little more than a year ago, the European Union’s General Data Protection Regulation (GDPR) began implementation, sending waves of data wariness through brands and vendors who collect and use data from European consumers.

Then California passed the California Consumer Privacy Act (CCPA), hurried through the legislature to head off a pending referendum. It set up its own data privacy requirements for larger California companies.

Full Article

PwC will have to work to rebuild trust after shock GDPR fine

The corporate world has gotten a shock of its recently when the data protection enforcement body of Greece has imposed a fine on one of the Big 4. PwC’s Greek holdings, “PRICEWATERHOUSECOOPERS BUSINESS SOLUTIONS SA”, has received a fine under Article 83 of the GDPR amounting to 150 000 EUR.

In addition, the Hellenic DPA has also imposed corrective measures on the organization to be complied with under the European Regulation.

Full Article