Tuesday, December 24, 2024

DATA PRIVACY

Definition of ‘Data Privacy’

Data Privacy, also known as ‘Information privacy’, relates to Personally Identifiable Information (PII) and how it is acquired, managed, processed, protected and distributed by the third party to whom it has been trusted. Thus, data privacy laws govern how those entrusted with PII use it for the purposes disclosed. Whereas, data protection, also known as ‘cybersecurity’, governs the processes for the protection of PII, and other types of proprietary data, to prevent unauthorized uses or loss.

None of the major data privacy laws actually define ‘data privacy’. Rather, they each define what information is private and how the data is to be obtained, used, stored, analyzed and/or deleted.

The additional information below is quoted from wikipedia.org

Information privacy law or data protection laws prohibit the disclosure or misuse of information about private individuals. Over 80 countries and independent territories, including nearly every country in Europe and many in Latin America and the Caribbean, Asia, and Africa, have now adopted comprehensive data protection laws. The European Union has the General Data Protection Regulation (GDPR), in force since May 25, 2018. The United States is notable for not having adopted a comprehensive information privacy law, but rather having adopted limited sectoral laws in some areas.

These laws are based on Fair Information Practice guidelines developed by the U.S. Department for Health, Education and Welfare (HEW), by a Special Advisory Committee on Automated Personal Data Systems, under the chairmanship of computer pioneer and privacy pioneer Willis H. Ware. The report submitted by the Chair to the HHS Secretary titled “Records, Computers and Rights of Citizens (07/01/1973), proposes universal principles for the privacy and protection of consumer and citizen data:

  • For all data collected there should be a stated purpose.
  • Information collected from an individual cannot be disclosed to other organizations or individuals unless specifically authorized by law or by consent of the individual
  • Records kept on an individual should be accurate and up to date
  • There should be mechanisms for individuals to review data about them, to ensure accuracy. This may include periodic reporting
  • Data should be deleted when it is no longer needed for the stated purpose
  • Transmission of personal information to locations where “equivalent” personal data protection cannot be assured is prohibited
  • Some data is too sensitive to be collected, unless there are extreme circumstances (e.g., sexual orientation, religion)
Data Privacy

Recent Posts - Data Privacy

FinCEN 30th Anniversary April 25, 2020

31 U.S.C. 310 Mandate from the Congress The statute established FinCEN, the Financial Crimes Enforcement Network, within the Treasury Department, and was followed by Treasury Order No. 105-08 on April 25, 1990. 31 U.S.C. 310(b)(2) states the duties and powers of the Director are as follows: Advise and make recommendations on matters relating to financial [...]

9 Best Practices for the SaaS Agreement

This article is part of the Action Cyber Times™ Series on Agreements for Information Technology and Transactions. The SaaS (Software as a Service) is a services agreement, not a software license, by third-party vendors to provide their particular proprietary software functionality from a remote server to a client via a data connection. As with most [...]

8 Best Practices for a Master Services Agreement in Information Technology

MSA and SaaS / IaaS / PaaS / TaaS / XaaS Agreements This article is part of the Action Cyber Times™ Series on Agreements for Information Technology and Transactions. 8 Best Practices for a Master Services Agreement cover the terms and conditions for the services from a SaaS (Software as a Service) provider, with a [...]

SEC Regulations for Data Security and Disclosures

This article is part of an Action Cyber Times™ series on Cybersecurity Risk Management. The series reviews relevant issues regarding cybersecurity compliance and enforcement.   SEC Statement and Guidance on Public Company Cybersecurity Disclosures Rules and Regulations in the SEC arsenal.  See SEC Release Nos. 33-10459 and 34-82746, published at 83 Federal Register 38 pp 8166-8172 [...]

SEC Enforcement of ICOs 2018-2019

2019 for ICOs and Cybersecurity were addressed in the December 6, 2018, speech by Chairman Jay Clayton, "SEC Rulemaking Over the Past Year, the Road Ahead and Challenges Posed by Brexit, LIBOR Transition and Cybersecurity Risks": Chairman Clayton first reviewed the extensive 2018-2019 SEC regulatory agenda and projects presented in Appendices A and B, including [...]

Update: SEC Postpones VanEck SolidX CboeBZX Bitcoin Shares ETF

Crypto-Cop Conundrum > Bitcoin ETF PostponedSEC File No. SR-CboeBZX-2018-040 CboeBZX Inc Exchange Request to the SEC for trading of VanEck SolidX Bitcoin Shares December 6, 2018 - Read below to review the prior regulatory history.  On September 20, 2018, the Commission instituted proceedings to approve or disapprove the proposal. In the interim, the Commission stated [...]

SEC v Mayweather and DJ Khaled

SEC Consent Orders 11/29/2018 re: In the Matter of Floyd Mayweather Jr., Respondent, Nov. 29, 2018, SEC Release No. 33-10578; Administrative Proceeding File No. 3-18906  In the Matter of Khaled Khaled, Respondent, Nov. 29, 2018, SEC Release No. 33-10579; Administrative Proceeding File No. 3-18907   Rensel et al. v. Centra Tech, Inc., et al, No. 1:17-cv-24500 (SD [...]

DOJ Indictment for the $36M SamSam Ransomware CyberAttacks

Dept of Justice, US Attorney’s Office for the District of New Jersey, Newark, NJ United States District Court for the District of New Jersey (Newark, NJ) USA v Faramarz Shari Savandi and Mohammad Mehdi Shah Mansouri, 3:18-cr-00704-BRM   Cyberattack Criminal Action: On November 28, 2018, Deputy Attorney General Rod Rosenstein, on behalf of the DOJ [...]

SEC v Colburn Consent Order (EtherDelta Exchange), File No. 3-18888

Synopsis of the Securities and Exchange Commission Proceeding and Order re: In the Matter of Zachary Colburn (EtherDelta Exchange), November 8, 2018 SEC Release No. 34-84553; Administrative Proceeding File No. 3-18888   SEC Colburn Cooperation: On November 8, 2018, the SEC issued an administrative consent ORDER instituting Cease-and-Desist Proceedings pursuant to Section 21C of the [...]

SEC Chairman Jay Clayton Fireside Chat at CONSENSUS:INVEST Nov 27 2018

CONSENSUS:INVEST 2018 Hot-Seat for SEC Chairman Clayton COINDESK has announced that SEC Chairman Jay Clayton and Federal Reserve Director Glenn Hutchins will have a one-on-one fireside conversation at the CONSENSUS:INVEST conference to be held November 27, 2018, in New York City.   CONSENSUS Broad Agenda The agenda appears to be a whirlwind of hot blockchain [...]