Many industries are sounding the alarm over proposed rules to implement the New Jersey Data Privacy Act. In comments submitted by the Sept. 2 deadline, industry officials said a draft by the attorney general’s Division of Consumer Affairs is too burdensome and exceeds what’s allowed under the NJDPA and other laws. On the flip side, several consumer privacy advocates suggested that the state legislature should overhaul the law itself to make it far stricter.
Compliance Techniques
Compliance techniques encompass the strategies, tools and processes organizations use to meet evolving privacy and data protection requirements. Privacy engineers, chief data protection officers and compliance teams deploy methods such as data mapping, privacy impact assessments and automated monitoring to align with new laws in the U.S. and abroad. These techniques help avoid costly enforcement actions and build trust by embedding privacy by design into products and operations.
Discussing how privacy issues intersect with a company’s growth goals and how they permeate the organization is key to having a strong privacy policy and earning consumer trust, said TrustArc executives during a Tuesday webinar the compliance vendor hosted.
Whether to use an internal or external auditor to comply with new California Privacy Protection Agency (CPPA) rules depends on the company, said Woods Rogers cybersecurity attorney Patrick Austin in an IAPP analysis posted Tuesday. “There is no one right choice that applies to all businesses.”
The variety in privacy laws and standards give companies some flexibility in how consent banners are displayed on their websites, said panelists during an IAPP webinar Tuesday. But they cautioned that teams throughout an organization must understand how trackers operate on the site and what data is collected.
Age assurance can be a crucial step in online safety for children, so long as it’s done carefully and in a privacy-preserving way, said experts during a Public Knowledge event Monday. However, they warned that age assurance should be part of a larger response.
Though using age assurance to access certain online platforms and websites is the route policymakers frequently take hoping to protect children online, it can end up doing more harm than good, multiple privacy organizations said in recent papers and blog posts.
Age-estimation technology and its role in reducing regulatory burden is gaining attention in industry and data privacy circles, an official with BBB National Programs said Friday.
The EU General Court ruling upholding the EU-U.S. Data Privacy Framework "is not the end of the story," IAPP Chief Knowledge Officer Caitlin Fennessy said Thursday during a webinar. Wednesday's decision can and likely will be appealed, said data protection lawyers, adding that the ruling has implications for frameworks beyond the EU.
The EU General Court threw out a challenge to the EU-U.S. Data Privacy Framework (DPF) on Wednesday, confirming that the U.S. adequately protects Europeans' personal data and that trans-Atlantic data flows can continue.
Successful privacy professionals make the most of limited resources, BlueSky Privacy CEO Teresa Troester-Falk said in an IAPP opinion piece Thursday.