Archives

Privacy Is the New Black

It seems to have all started with the Health Insurance Portability and Accountability Act (HIPAA), which was passed in 1996 and signed into law by President Bill Clinton. Then, after stumbling around for almost a decade, in 2009 the HITECH Act was signed by President Barack Obama which gave the necessary teeth to the privacy […]

Cross-Border Data Management and Cybersecurity: Walking the Tightrope of Compliance and Business Efficiency

This article originally appeared on KuppingerCole Analyst’s Blog on June 26, 2018 and is available in its original here. * * * * * Technology is changing rapidly, correlating in an increasing amount of data collected every second.  These technologies cross-borders and allow businesses to operate on a global scale, at a rate never before […]

Are You a Joint Controller with Facebook? The CJEU’s Judgment in Case C-210/16

How many companies maintain business-oriented pages on Facebook?  Millions. In today’s social media driven economy — where individuals digest news, shopping, and friend’s updates all on the same platform — companies are increasingly trying to harness those platforms to drive customers to them.  Even our firm has a Facebook page, a LinkedIn page, and a […]

The GDPR and Higher Education #4: International Data Transfers

We are concluding our series on the Impact of the European Union’s General Data Protection Regulation (“GDPR”) on Higher Education Institutions located in the United States.  The first post frames the application of the GDPR to higher-education institutions; the second post focuses on the two key roles under the GDPR:  data controllers and data processors; and the third post focuses on data processing and key rights under the GDPR.  This final post in the series discusses the data transfer provisions under the GDPR:  key to US-based institutions that intend to transfer data related to EU data subjects to the United States.

The GDPR and Higher Education #3: Lawful Data Processing and Data Rights

As we discussed in our first and second blog posts, higher education institutions — including those in the United States — are impacted by the forthcoming European Union’s General Data Protection Regulation (“GDPR”).  We continue our conversation in this post, focusing on the actual processing of data and the rights of data subjects.

The GDPR and Higher Education #2: Universities as Data Controllers & Data Processors

As we discussed in our first blog post framing the impact of the European Union’s General Data Protection Regulation (“GDPR”) on higher education, there are a number of key GDPR provisions that higher education institutions should be aware of when contemplating GDPR compliance.  This second blog post will focus on data controllers and data processors, key definitions and roles under the GDPR.

The Impact of the GDPR on Higher Education in the United States Blog Series

Colleges, universities, institutions of higher education– however you want to frame it — are organizations devoted to the development of academic subjects. They create environments ripe for intellectual exploration and the exchange of information. They provide a platform for individuals from across the globe to collaborate on ideas and develop the innovations of tomorrow. These institutions are a treasure-trove of data.  Inherent in the functioning of any higher-education organization is the free flow of ideas (i.e. data):  data related to the individual students, data related to studies conducted by these institutions, data related to research and development.  Basically, they are institutions of data.

A Funny Thing Happened on the Way to the Office

I try to make most of my blog posts about current legal issues in the area of cybersecurity and data privacy because so many businesses do not fully understand cybersecurity, how it works and what they can do to protect their company. As my law partner often says, cybersecurity is like pandora’s box and many companies do not want to open that box because they are scared and do not know what is inside.  However, this is not that kind of post. I am angry. And really, more than angry, I am upset. And why may you ask?? Simply because I received a telephone call. HUH???

Biometric Data under the GDPR

With the launch of the iPhone X, the debate around using biometric data as an authentication method has become mainstream.  To recap, the iPhone X is making thumbprint access to a mobile device a thing of the past:  now, all you need is your face (and, of course, the iPhone X).  While thumbprint access has become standard in most mobile devices, the use of facial recognition is new for most consumers.

Sticking Your Head in the Sand: How NOT to Approach the GDPR

In speaking with entities, of all sizes and all industries, we are often confronted with the same series of questions over and over again regarding the EU’s General Data Protection Regulation (“GDPR”):  why do I need to comply?  Is the EU really going to enforce this?  What are the odds (as if we have a Magic 8-Ball) that the EU will actually sanction me?  That is in essence like saying: what are the odds I will be hit by a car?  I don’t know, but I still look both ways before crossing the street and I have insurance because I don’t want to risk it.  The doubters, the deniers, the wait-and-see’ers;  these are the entities that will get hit by the GDPR.  They hope that the GDPR will not be as extensive, or as intrusive, or as devastating as privacy experts are saying and while we don’t have a Magic 8-Ball, the response we give these naysayers is, “All signs point to Yes!”.