Assessing GDPR Guidelines Part II: Data Impact Assessments

Following up on yesterday’s blog about profiling and automated decision making, we now look at guidance on data protection impact assessment (DPIA). The same guidance we discussed also directs companies to conduct a DPIA where profiling or automated decision making results in the “systematic and extensive evaluation” of an individual and decisions are made based on that evaluation that could have legal effects.
Continue Reading

Assessing GDPR Guidelines Part I: Profiling and Automated Decision Making

The Article 29 Data Protection Working Party recently issued guidelines on how to handle profiling and automated decision making under the General Data Protection Regulation. Under GDPR, “profiling” means the automated collection of personal information in order to evaluate personal aspects about an individual. For example, companies may use profiling to predict individuals’ spending habits, targeting ads to individuals based on their internet browsing history.  Continue Reading

New York Court Scraps Another FACTA Receipt Class Action for Lack of Standing

In the latest installment of what has become a quickening trend, a New York federal court recently dismissed another yet putative FACTA class action for lack of Article III standing. On her fourth (and final) attempt, the court in the case (Fullwood v. Wolfgang’s Steakhouse, Inc.) held the plaintiff once again failed to plead a concrete injury against a New York City steakhouse that provided her with a receipt displaying the full expiration date of her credit card in 2013. Continue Reading

Lessons Learned from Cyber Awareness Month – Part Four

In this, our last post about learnings from cyber awareness month, we focus on developing the next generation of cybersecurity experts and increasing its size. According to a study by the Center for Cyber Safety and Education, within five years there will be a shortage of 1.8 million data security workers. This means companies will find it increasingly difficult to hire and retain qualified employees to protect their data systems. Cyber Awareness Month included programs encouraging students and others to explore jobs in cybersecurity, and emphasized programs such as the National Cyber Collegiate Defense Competition and the U.S. Cyber Challenge. Continue Reading

Lessons Learned from Cyber Awareness Month – Part Three

Following up on our prior posts, we now turn to the future of cybersecurity. In so doing, we are reminded that, just as technology and the Internet are rapidly changing, so is the need for defenses against cyber attacks. Today’s cutting edge includes smart cities, connected devices, digitized records and smart cars. They bring with them increasing threats of attacks using the Internet of Things (IoT), and illegal access to private data. At a recent panel discussion hosted by Sheppard Mullin, experts focused on both the near future – the threat of a new bot army possibly set to launch attacks within weeks – and the more distant future – the coming advent of quantum computing and what it will mean for cybersecurity. We must prepare for tomorrow’s threats by doing our best to anticipate them today. Continue Reading

Lessons Learned from Cyber Awareness Month – Part Two

Following up on our last post about Cyber Awareness, we now focus on cybersecurity in the workplace. All organizations – large and small, for-profit and non-profit – need to be vigilant about cybersecurity. According to one analysis, 918 data breaches led to 1.9 billion data records being compromised worldwide in the first half of 2017, or about 10 million records a day, a 164% increase. Another study found that since 2013, a sample of company breaches had led to over $52 billion in shareholder losses. Continue Reading

CFPB Provides Guidance on Consumer Data Protection

The Consumer Financial Protection Bureau (CFPB) recently released a set of Consumer Protection Principles aimed at the Fintech field. The Principles describe obligations when sharing or aggregating consumer financial information. The CFPB regulates and enforces consumer financial laws, and issued this release as part of its review of the Fintech industry. These Principles follow a request for information that the CFPB issued late last year, as well as insights from stakeholders that the CFPB summarized at the time it released the Principles. Continue Reading

Lessons Learned from Cyber Awareness Month – Part One

October was Cyber Security Awareness Month. As proclaimed by President Trump and organized by the Department of Homeland Security, Cyber Security Awareness Month is a time to focus on cybersecurity as a shared responsibility that affects all Americans. Now that it has come to an end, it’s worth reviewing some of the important points highlighted during the course of the month, which we are doing in several installments.  Continue Reading

In January, Will You be Able to Board Your Domestic Flight With Your Current Driver’s License?

BACKGROUND

In 2005, Congress passed the Real ID Act, enacting national standards for obtaining state driver’s licenses and I.D. cards. These federally mandated standards require states to use enhanced security features and identification procedures, and to review documentary evidence of legal status, before issuing a driver’s license or identity document. The Act requires that only individuals with a Real-ID-compliant identity document may (1) access federal facilities; (2) enter nuclear power plants; or (3) board commercial aircrafts for domestic flights. Continue Reading

BIPA Fingerprint Suits Continue

Employees in Illinois are continuing to file class action complaints against their employers. Bob Evans Restaurants and Suparossa Restaurant Group are two of the latest to be accused of violating the Illinois’ Biometric Information Privacy Act. Both companies’ employees took issue with their employers’ use of their fingerprints and other biometric information in time-clock and point of sale systems. The employees’ alleged that their employers collected and used their information without the written consent necessary under BIPA. As we have written previously class action lawyers are increasingly bringing cases alleging violations of the law. Continue Reading

LexBlog