On July 23, 2018, Denmark’s data protection agency announced that companies must encrypt all emails transmitting sensitive personal data. This new rule goes into effect January 1, 2019, giving companies that do business in or with Denmark approximately five months to implement encryption technologies for their email systems. This is a strict interpretation of Article 9 of GDPR; however, one facet of GDPR is that each European Union country can interpret and determine how companies must comply with the overarching GDPR principles and requirements. Continue Reading Denmark Implements Email Encryption Requirement, What Countries Will Follow?
You could almost hear the cheers of plaintiffs’ class action lawyers in California last night, as California’s governor signed the most sweeping privacy law this country has seen to date. Notably, the law gives consumers the right to statutory damages in the event of a breach if the company holding the consumer’s information failed to implement reasonable security measures. Those statutory damages are not less than $100 and not more than $750 “per consumer per incident or actual damages, whichever is greater.” Continue Reading California Gets Its Very Own GDPR with Statutory Damages
Today, the European General Data Protection Regulation (“GDPR”) takes effect. The GDPR is the most comprehensive and complex privacy regulation currently enacted. The GDPR can apply to a business or organization (including a non-profit organization) anywhere in the world and its potential financial impact is huge; fines can reach up to € 20 million Euros (over $23 million USD) or 4% of an entity’s total revenue, whichever is greater. Not surprisingly, the potential for this type of penalty has caused concern and chaos leading up to the May 25, 2018 effective date. In light of this significant international development, all organizations should consider the following: Continue Reading Three Important Considerations For All Businesses in Light of GDPR
In this episode of the Murtha Cullina Cybersecurity Three Minute Check In Series, Dena Castricone addresses whether businesses in the United States must comply with the General Data Protection Regulation (GDPR).
In the wake of the Facebook and Cambridge Analytica scandal, another social media company, Grindr, a gay dating app, has come under scrutiny for its sharing of sensitive personal information with third parties. In particular, Norwegian research outfit SINTEF, after analyzing Grindr’s traffic, alleges that Grindr shares its users’ disclosed HIV status and last tested date , GPS location and other demographic profile information with third parties.