PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Brazil’s LGPD: Its Sudden Jolt to Life and Its Key Requirements

LGPD - Brazil - TeachPrivacy LGPD Training

In a surprising turn of events, the LGPD–Brazil’s new privacy law–went from an expected delayed implementation to being fully active.  The twists and turns of the LGPD’s jolt to life make one’s head spin.  It was originally scheduled to become active on August 16 of this year, but then delayed until May 2021 due to […]

Developing a Multi-Jurisdictional Approach to Privacy Laws — An Interview with K Royal

Global Privacy Law

I’m thrilled to interview K Royal, Senior Director, Western Region, Privacy, at TrustArc. K has had a long career in privacy law, having served as privacy counsel for several companies. She’s also an adjunct professor at Arizona State University. Prof Solove: What is the need for a multi-jurisdictional approach to privacy laws? K Royal: With the European […]

Please Join Us at the International Privacy and Security Forum (April 3-5, 2019)

International Privacy and Security Forum

I hope that you can join us for the International Privacy+Security Forum (April 3-5, 2019 in Washington, DC). The International Privacy+Security Forum is an annual sister event to the Privacy+Security Forum, an annual event held in October at George Washington University in Washington, DC.  The Int’l Forum event focuses on privacy and security laws from […]

Cartoon: GDPR Compliance

Cartoon GDPR Compliance - TeachPrivacy GDPR Training 02 medium

Organizations are racing to get ready for the GDPR implementation date of May 25, 2018.  Complete GDPR compliance in a few months is likely not feasible for many organizations, but this shouldn’t mean that these organizations should give up.  Making a good-faith effort and continuing to strive to improve are quite worthwhile.

Cartoon: GDPR Right to Be Forgotten

Cartoon GDPR Right to Be Forgotten - TeachPrivacy GDPR Training

The GDPR Article 17 provides for a right to erasure — commonly known as the “right to be forgotten.”  Data subjects may request that an organization erase their personal data “without undue delay” under a number of circumstances.  These circumstances include when the data is no longer relevant to the purposes of collection, when consent […]

The International Privacy+Security Forum

International Privacy+Security Forum

The International Privacy+Security Forum (February 26-27, 2018 in Washington DC) is next week. The International Forum is a new annual sister event to the Privacy+Security Forum, an annual event held in October at George Washington University in Washington, DC.  The regular Privacy+Security Forum will be in its 4th year in 2018.  This past year, we […]

Cartoon: GDPR’s Scope

Cartoon GDPR Scope

I turned my short GDPR vignette about GDPR’s territorial scope into a cartoon.  The GDPR applies not just to all EU organizations that process personal data.  The GDPR also applies to non-EU established organizations that offer goods and services to EU citizens or that monitor behavior within the EU. The GDPR thus has quite a long […]

The U.S. Congress Is Not the Leader in Privacy or Data Security Law

Capitol Sinking 01

A common myth is that the U.S. Congress is a leader in creating privacy and data security law.  But this has not been true for quite some time.  Congress isn’t leading, and even the policies and practices of US companies are increasingly built around the law of the European Union (EU) or the states. In […]

Congress’s Attempt to Repeal the FCC Internet Privacy Rules: The Void Will Be Filled

FCC Privacy Rules Repealed

Recently, Congress voted to overturn new FCC rules that regulated the privacy of broadband Internet Service Providers (ISPs).  The rules implemented the Communications Act, 47 U.S.C. § 222 to ISPs, requiring opt in for sharing sensitive customer data, opt out for sharing non-sensitive customer data, as well as transparency requirements.  Sensitive data includes precise geo-location, children’s […]

Privacy Shield Training

Privacy Shield Training Course

I have produced a new Privacy Shield training course that provides a short introduction to the EU-US Privacy Shield Framework.  Privacy Shield is an arrangement reached between the EU and US for companies to transfer data about EU citizens to the US.  Privacy Shield replaces the Safe Harbor Arrangement, which was invalidated in 2015 in […]