In this episode, I visit with Jonathan Armstrong consider some of his predictions for the rest of 2019. Even if these predictions do not become fully formed, you should consider them in light of your data privacy/data protection policies and protocols. Some of the issues and highlights are:

  1. Drones-what are the GDPR implications.
  2. The number of data breach notifications under GDPR. Through the end of January there were over 42,000 in the EU alone.
  3. Will AI and self-driving cars follow the rules on safe driving standards, or will there be new rules for the road?
  4. What will be the effects of data, big data and AI in elections going forward? What will be the fallout from Cambridge Analytica going forward?
  5. How will businesses respond to the industrialization of internet crime? What happens when there is a Zero-Day exploit?
  6. Cybersecurity insurance. Will standard insurance rules and regulations apply, or will new policy language be drafted for such coverage?

For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

In this episode, I visit with Jonathan Armstrong on the recent UK court of appeals decision in the Morrisons’ case. This decision stretched the limits of vicarious liability for a corporation to the absolute breaking point and has significant implications in the broader data privacy-data protection space. Jonathan and I go full lawyer-geek to discuss the legal theories, underlying facts and what it all may mean. Some of the issues and highlights are:

  1. The case is instructive for how to do (or perhaps not do) regular business under GDPR on data privacy.
  2. If a file is too large to email, it presents a higher data protection risk and must be so managed.
  3. Should you do risk assessments on individual employees around data privacy-data protection?
  4. How can vicarious liability exist for ultra vires conduct by an employee?
  5. How do you properly scope an investigation to ascertain an individual’s mindset?
  6. A company must require its vendors to exercise appropriate data protection and control.
  7. Will Morrisons apply to the UK Supreme Court for relief?

For a more detailed reading, see the Cordery Client alert, here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

In this episode I visit with Jonathan Armstrong on the recent fine levied by British regulators against the insolvent institution Cambridge Analytica for violations of the British privacy law which was in place before GDPR went live. The case involved Cambridge Analytica denying aggrieved parties subject access requests and associated rights. Some of the issues and highlights are:

  1. The case demonstrates how not to interact with regulators as Cambridge Analytica’s pleadings were unnecessarily demeaning.
  2. The settlement with the company left open the possibility of criminal charges against individuals.
  3. How wide is the jurisdiction of the ICO? This case tested the limits.
  4. Always remember data subjects have rights.
  5. What are the key takeaways on the case?
  6. A vigorous defense of a civil action can lead to higher regulatory fines.
  7. What does a corporate regime change mean for regulatory enforcement?

For a more detailed reading, see the Cordery Client alert, here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

In this episode I visit with Jonathan Armstrong and André Bywater on the recent fine levied by the French Data Privacy regulator CNIL against Google for violations under GDPR. Some of the highlights are:

  1. The case is the first major GDPR fine against a US company.
  2. It demonstrates the lack of forum shopping available to US companies which are looking for a softer regulatory approach.
  3. How did the regulators investigate, review and assess a fine and penalty so quickly as GDPR only came into effect last May?
  4. What were the two basis of legal violations under GDPR?
  5. What are the key takeaways on the case?
  6. How was the quantum amount determined? Is it reasonable?
  7. Will Google appeal to the European Court of Justice?

For a more detailed reading, see the Cordery Client alert, here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

In this episode I visit with Jonathan Armstrong on the topic of class action lawsuits involving data privacy and GDPR. Some of the highlights are:

  1. Key differences in UK/EU and US class actions.
  2. We take a deep dive in to the Morrisons data breach.
  3. Why Data Privacy Impact Assessments are critical for companies and their vendors.
  4. How risks can change and be modified during the term of an employee’s work life?
  5. What is the state of class action litigation in the EU?
  6. What does all of this mean for US companies, trying to get data out of the UK and EU?

For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.