Privacy Management

Subscribe to Privacy Management via RSS

A thorny issue for companies has been how to handle data derived from personal information. Is it still personal information? Do privacy laws apply? The EU Court of Justice of grappled with this issue in a September decision. The case arose following a Spanish bank’s financial difficulties. Its regulatory agency, the European Single Resolution Board, stepped in to attempt to value some of the bank’s investments and otherwise determine next steps. As part of the process, the board hired a consulting firm to analyze feedback from the bank’s shareholders and creditors. The board collected the information, pseudonymized the data, and then sent the pseudonymized data set to the consulting firm.Continue Reading EU Weighs in on Pseudonymized Data

For those keeping track of the growing list of US state “comprehensive” privacy laws, you know that the Maryland law (the Maryland Online Data Privacy Act or MODPA) went into effect on October 1st. This rounds us out for US state privacy laws in 2025, bringing the total to 17 (or 16, if you discount Florida). Next up will be Indiana, Kentucky, and Rhode Island (all on January 1, 2026).Continue Reading 2025 Brought Us Eight US “Comprehensive” Privacy Laws, What’s Next?

Now is the time that many are putting together their 2026 budgets and considering how much to allocate next year to address the constantly evolving privacy and data security landscape. In the last article in this series we looked at three change management tools that can help effectuate privacy compliance. Here are three more, and things to consider -and potentially budget for- in the new year.Continue Reading More Privacy Compliance Considerations for the 2026 Budget Process

Today’s compliance landscape is more crowded—and more complex—than ever. As the pace of regulatory change accelerates, companies need to find effective paths forward. As I detailed in a Law360 article from earlier this year, change management tools can help. Here are three areas to consider as you begin to think about your compliance plans (and budget) for 2026.Continue Reading Setting Your Privacy Compliance Strategy in Advance of the 2026 Budget Process

The US “comprehensive” law landscape continues to expand, with two more states—Tennessee (July 1) and Minnesota (July 31) —joining the “comprehensive” privacy law club. Five of these -Delaware, Iowa, Nebraska, New Hampshire, and New Jersey- took effect in January. As the patchwork of state-level “comprehensive” privacy laws expands, what should business keep in mind? As outlined below, perhaps the biggest takeaway is that the laws add to a patchwork, one which consists of many overlapping requirements. Here are a few highlights from these two latest laws:Continue Reading US Privacy Footprint Continues to Expand: Tennessee and Minnesota Join the State Law Club

The European Data Protection Board issued draft guidelines last month that outline when processing can be considered done for “legitimate interest.” The public has until November 20 to provide comments to the draft.Continue Reading How Legitimate Is Your Business Interest? The EDPB Has Some Thoughts

The FTC’s staff report summarizes how it views the operations of social media and video streaming companies. Of particular interest is the insight it gives into potential enforcement focus in the coming months, and into 2025. Of particular concern for the FTC in the report, issued last month, were the following:Continue Reading FTC Social Media Staff Report Suggests Enforcement Direction and Expectations

We’ve cautioned before about the danger of thinking only about US state “comprehensive” laws when looking to legal privacy and data security obligations in the United States. We’ve also mentioned that the US has a patchwork of privacy laws. That patchwork is found to a certain extent outside of the US as well. What laws exist in the patchwork that relate to a company’s activities?Continue Reading The Privacy Patchwork: Beyond US State “Comprehensive” Laws

Much of the focus on US privacy has been US state laws, and the potential of a federal privacy law. This focus can lead one to forget, however, that US privacy and data security law follows a patchwork approach both at a state level and a federal level. “Comprehensive” privacy laws are thus only one piece of the puzzle. There are federal and state privacy and security laws that apply based on a company’s (1) industry (financial services, health care, telecommunications, gaming, etc.), (2) activity (making calls, sending emails, collecting information at point of purchase, etc.), and (3) the type of individual from whom information is being collected (children, students, employees, etc.). There have been developments this year in each of these areas.Continue Reading Mid-Year Recap: Think Beyond US State Laws!