The FTC could improve cybersecurity standards by verifying the adequacy of companies' risk assessments, IAPP Cybersecurity Law Center Managing Director Jim Dempsey said in a post Friday.
Compliance Techniques
Compliance techniques encompass the strategies, tools and processes organizations use to meet evolving privacy and data protection requirements. Privacy engineers, chief data protection officers and compliance teams deploy methods such as data mapping, privacy impact assessments and automated monitoring to align with new laws in the U.S. and abroad. These techniques help avoid costly enforcement actions and build trust by embedding privacy by design into products and operations.
The California Privacy Protection Agency (CPPA) filing a court petition to force Tractor Supply Co. to comply with an investigative subpoena Wednesday demonstrates its willingness to fight for privacy rights, consumer advocacy groups and other privacy professionals said.
The privacy profession "is undergoing significant transformation" driven by the development of AI, IAPP reported Tuesday in a study on salaries.
The California Consumer Privacy Act (CCPA) is “like a big Lego block” to which state legislators “are constantly adding … Lego pieces,” said Tom Kemp, executive director of the California Privacy Protection Agency, during an IAPP webinar Tuesday. The California Privacy Rights Act, which amended the CCPA, prohibits reducing Californians’ privacy rights, he noted.
Nik Blosser will be Oregon’s first Chief Privacy Officer and Artificial Intelligence Strategist, announced Oregon Chief Information Officer Terrence Woods on Tuesday. Blosser will craft the strategic vision of the state in relation to privacy, data protection and AI. He previously served as chief of staff for Gov. Kate Brown (D) and is co-founder of Celilo Group Media.
The U.S. has set itself on a "fundamentally divergent path" from the EU by focusing on deregulation and national security in the new White House AI Action Plan (see 2507230058), Pinsent Mason AI and intellectual property attorney Cerys Wyn Davies blogged Thursday.
Microsoft signed the EU general-purpose AI (GPAI) code of practice to help build trust in the emerging technology, the company said Thursday.
Minnesota's comprehensive privacy law that took effect Thursday uniquely requires companies to allow consumers to question their automated decisions. The law also includes uncommon requirements about material changes to privacy polices and giving lists of third parties to consumers. While companies will also for the first time face requirements such as having to conduct data inventories and appoint chief privacy officers, many of the law's stipulations are already best practices, privacy lawyers told us.
Businesses should start thinking now about complying with new data-protection regulations approved Thursday by the California Privacy Protection Agency (CPPA), privacy attorneys said immediately afterward in blogs and LinkedIn posts. While consumer privacy advocates slammed the rules as weak, one acknowledged they still give California a lead over other U.S. states.
Indonesia agreed to grant the U.S. "adequacy" for personal data transfers under a trade deal the White House announced Tuesday, but it's unclear when the decision will take effect, IAPP Global Privacy Policy Manager Luis Montezuma told us Wednesday.