PRIVACY + SECURITY BLOG

News, Developments, and Insights

The Schrems II Decision

The European Court of Justice has finally issued its decision in Facebook Ireland Ltd. v. Maximillian Schrems — otherwise known as Schrems II. The full text of the Schrems II opinion is here. The result: The US-EU Privacy Shield Framework is invalid.  The Standard Contractual Clauses are valid.  Ultimately, this means that it is still […]

The Three General Approaches to Privacy Regulation

These days, the debate about a federal comprehensive privacy law is buzzing louder than ever before. A number of bills are floating around Congress, and there are many proposals for privacy legislation by various groups, organizations, and companies.  As proposals to regulate privacy are debated, it is helpful to distinguish between three general approaches to […]

Video- Challenges of Privacy Notices, Schrems II, and Other Privacy Issues – A Conversation with Daniel Solove, Justin Antonipillai, and Andy Dale

In this video, Daniel Solove (TeachPrivacy, GW Law), Justin Antonipillai (Wirewheel), and Andy Dale (Alyce) discuss the challenge of writing privacy notices, Schrems II, and other privacy issues.

How Cyberinsurance Is Responding to Ransomware: An Interview with Ken Suh, Mark Singer, and Marcello Antonucci

Ransomware has long been a scourge, and it has been growing into a pandemic with no signs of slowing down. I recently had the opportunity to discuss ransomware with several experts at Beazley. Based in Chicago, Ken Suh is the focus group leader for cyber & tech claims at Beazley. Mark Singer is a cyber & tech […]

What Are the Requirements for HIPAA Training?

HIPAA training is an specific requirement of HIPAA. HIPAA requires that covered entities (CEs) and business associates (BAs) provide HIPAA training to members of their workforce who handle protected health information (PHI).  This means administrative and clinical personnel need to be trained.  Business associates — and any of their subcontractors — must have training.  Basically, […]

What Are the Requirements for CCPA Training?

What are the requirements for California Consumer Privacy Act (CCPA) training?  At Section 1798.135(a)(3), the CCPA requires that businesses “ensure that all individuals responsible for handling consumer inquiries about the business’s privacy practices or the business’s compliance with this title are informed of all requirements in Section 1798.120 and this section and how to direct […]

Cartoon: De-Identifying PHI under HIPAA

  This cartoon is about de-identifying PHI under HIPAA.  De-identifying personal data is quite complicated. Researchers have been able to re-identify sets of personal data with just names, birth dates, and gender. The reason why de-identifying data is difficult is that there is more and more identified personal data online that can be matched up […]

Ransomware and the Role of Cyber Insurance: An Interview with Kimberly Horn

Ransomware has long been a scourge, and it’s getting worse. I recently had the chance to talk about ransomware and cyber insurance with Kimberly Horn, the Global Claims Team Leader for Cyber & Tech Claims at Beazley. Kim has significant experience in data privacy and cyber security matters, including guiding insureds through immediate and comprehensive responses to […]