California, which has historically been one of the states at the vanguard of data breach notification issues, has made an update to its statute that takes effect on January 1, 2017. The update will require companies to notify affected individuals of a data breach of encrypted information, if “the encryption key or security credential was, or […]
Legislation
German DPAs to Create Model Processing Records for GDPR Compliance
On May 25, 2018, the EU General Data Protection Regulation (GDPR) enters into force. One of the major changes the GDPR introduces is a duty for in-scope controllers and processors to maintain written records of processing activities. Under Article 30 GDPR, companies will need to inventory all “processing activities under [their] responsibility” and memorialize them […]
Join Our Roadmap to the GDPR Webinar: Outsourcing & Processors — with Brexit
Alston & Bird invites you to join us for the third program in our Roadmap to the GDPR webinar series: Brexit Analysis, Outsourcing & Processors. Our GDPR Roadmap series provides you with the critical information you need to assess and address the myriad issues raised by the passage and implementation of the GDPR. This webinar will be held on Thursday, July 14, […]
UK Regulator Elaborates Plans for Extensive Guidance on GDPR Compliance
The UK Information Commissioner’s Office (“ICO”) has provided details on its plans to provide guidance to organizations on compliance with the European Union’s General Data Protection Regulation (“GDPR”), which will apply EU-wide as from 25 May 2018. The ICO’s work plan involves three overlapping “phases.” Over the next six months, priority outputs will include ICO […]
Illinois Makes Extensive Changes to Data Breach Notification Law
On May 6, 2016, Illinois Governor Bruce Rauner signed HB1260, which significantly updates the state’s Personal Information Protection Act. The changes take effect on January 1, 2017. When the new law becomes effective, Illinois’ data breach notification statute will include one of the broader definitions of the information which, if breached, will trigger notification […]