Categories
Daily Compliance News

September 5, 2019- NCAA spanked yet again edition

In today’s edition of Daily Compliance News:

  • Google fined for violating child privacy. (NYT)
  • Judge denies NCAA access to FBI corruption material. (247Sports)
  • Wells Fargo reads NYT story, starts internal investigation. (NYT)
  • Odebrecht fined and certain subsidiaries debarred by the Inter-American Development Bank. (WSJ)
Categories
Life with GDPR

Episode 32- Lessons Learned in Year 1 of GDPR, Part 2

In this podcast, data privacy/data security expert Jonathan Armstrong and Compliance Evangelist Tom Fox use the framework of GDPR to discuss a wide range of issues relating to these topics. They consider what the US compliance and InfoSec security expert needs to know about what is happening in the UK, Europe and beyond. In this episode, we continue our three-part series of some of the key lessons learned from the first year of GDPR. Some of the issues and highlights are:
DPIA Everything. It’s mandatory under GDPR. It is a process analysis so you will need Subject Matter Expertise. How often do you revisit DPIA? Regulators are beginning to look at the process of your DPIA. When new process comes into play, you should do a new DPIA. Do you require DPIA when you hire 3rdparty vendor or in the M&A situation? If not you should do so moving forward.
Do SARs and DSRs are real good.How do you deal with these types of request? More importantly do you have a centralized team to understand the reason behind the request. Who could make that analysis? Is it a work in progress for your organization? Robust response to SARs is critical, as they are here to stay as core component of GDPR.
Respect the time. Time limits are much more generous in the US. Some regulators suggest not to be obsessed with time. Will courts allow ‘reasonable delay’? Corporations trying to extend the 72 hour by time zone arguments and other ridiculous argument by US corporations. (Listen for the Thanksgiving Weekend exemption) Regulators can fine you for being late. Are US companies getting the message? It’s a mixed bag, some are not doing so.
For more information on Cordery Compliance, go their website here.
For more information on data breaches, see here.
Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
Categories
Life with GDPR

Steven O’Donnell and the CCPA

We take a short interlude from our three-part series with Jonathan Armstrong to visit with Steven O’Donnell, the Head of Product Marketing – Legal Operations at Mitratech. We consider the California Consumer Privacy Act (CCPA) and how companies can more toward complying with the most robust data privacy law in the US. Some of the highlights in this episode include:

  1. What is the CCPA?
  2. How and why does it apply to companies domiciled outside the state of California?
  3. Is it true that if you’re not already making moves, you’re already behind the curve? What can a company so situated do at this point?
  4. What is the role of compliance in responding to the CCPA?
  5. How can CCPA compliance be a business differentiator?
  6. What processes should a company put in place to comply with the CCPA?

For more information on check out the article “How can improved process drive CCPA compliance” on the CCI website by clicking here.