Google Sued Under Illinois Biometric Information Privacy Act

8th October 20198th October 2019 peterglock

Collecting biometric information (or using Google, Facebook etc that do it for you)? I expect to see legislation like BIPA rolled out (not in China obvs) so make sure you’re […]

Ethics Rules for Using Social Media in Legal Matters

4th October 20194th October 2019 peterglock

The same rules apply to employers e.g. don’t force your employees to ‘friend’ you…: Social media is increasingly important in eDiscovery, employment investigations and jury research. Using social media in […]

The notification dilemma – what can you tell the public when you don’t yet know the extent of a data security incident?

2nd October 20192nd October 2019 peterglock

Useful tips about tuning your disclosure messages…: In June, BCLP hosted a high profile data breach seminar, in which industry specialists, the ICO’s Head of Investigations, a former convicted hacker […]

Is Google Drive HIPAA Compliant?

2nd October 20192nd October 2019 peterglock

SAme question applies to Box, DropBox, Amazon S3… […] In short, yes Google Drive is HIPAA compliant, however, before it can be used in a HIPAA compliant manner there must […]

CCPA Security FAQs: Can a consumer bring suit in a California state court under the CCPA even if they were not injured by a data breach?

27th September 201927th September 2019 peterglock

Just in case you were wondering…: Yes, if they satisfy the elements of a CCPA data breach claim. Section 1798.150 of the CCPA permits consumers to “institute a civil action” […]

Privacy and Data Security Alert

26th September 201926th September 2019 peterglock

Tightening of privacy legislation on the West Coast…: […] Subject to the governor’s signature, California’s breach-notification law will gain additional requirements related to biometric information due to the passage of […]

The Capital One Data Breach and Vendor Cybersecurity Risks

16th September 201916th September 2019 peterglock

Interesting podcast on the Capital One breach. I’ve been attempting to interest my clients in tools that monitor for their data being spread around, via their supply chain and/or unsecured […]

[Video] Life With GDPR: Episode 32- Lessons Learned in Year 1 of GDPR, Part 2

6th September 20196th September 2019 peterglock

This is a useful summary for we Europeans as well. In my role as a DPO I tend to use the DPIA as my starting point for each engagement. DSARs […]

Initial Coin Offerings (ICOs) on SEC’s Radar

27th August 201927th August 2019 peterglock

Full disclosure: I have been involved in a number of blockchain-based startups in the past couple of years so I’ve seen first-hand the chilling effect of the regulatory interest in […]

Software Provider and DOJ Reach $8.6M Settlement for FCA Case Involving Alleged Cyber Security Shortcomings

22nd August 201922nd August 2019 peterglock

TL;DR – don’t sell software with known security vulnerabilities…: […] The case, United States of America v. Cisco Systems, involved allegations from a former-subcontractor whistleblower that Cisco Systems knowingly sold video […]