With the EU General Data Protection Regulation (GDPR) looming near for organizations that process the data of European citizens, compliance is top-of-mind for multinationals doing business in Europe. The enforcement date for GDPR compliance is May 25, 2018. And according to a PwC survey of C-suite executives of certain large U.S. multinationals, more than half of the companies surveyed said GDPR is their top data-protection priority and 77% plan to spend $1 million or more on GDPR compliance.
Effective immediately, federal contractors will need to comply with privacy training rules intended to ensure that their workforces protect personally identifiable information. As of January 19, 2017, federal contractors will need to follow a five-step plan to comply with the new rules issued by the Department of Defense, General Services Administration, and National Aeronautics and Space Administration.
This is the first post in a three-part series.
May 25, 2018. If you are a company that comes into contact with European data, whether you are operating in Europe or elsewhere, and you have not taken note of this date yet, you should. That is when Europe’s new data protection framework – the General Data Protection Regulation (GDPR) – will enter into force, replacing Data Protection Directive 95/46/EC (the “Directive”).
Following this summer’s vote to leave the European Union, the wider implications of Britain’s decision to break from the EU continue to be felt as governments, businesses, and private citizens look to forthcoming negotiations. Unfortunately, it appears that definitive answers to the questions raised by the vote may not be forthcoming for some time following Theresa May’s October 2 announcement that she plans to trigger Article 50, setting in motion negotiations regarding Britain’s departure, by March 2017. One area up for consideration will likely be the issue of data privacy and whether UK will create its own privacy rules or follow the lead of the EU in implementing the General Data Privacy Regulation (GDPR). Generally speaking this law, slated to take effect in May of 2018, will limit the amount of and type of data on EU citizens which may be gathered and shared. Interestingly however, May’s announcement comes just days after the newly appointed head of the Information Commissioner’s Office (ICO), Elizabeth Denham, stated that Britain should follow the GDPR regime. During an interview with the BBC, Denham made her sentiments clear, stating “I don’t think Brexit should mean Brexit when it comes to standards of data protection…In order for British businesses to share information and provide services for EU consumers, the law has to be equivalent.”
Last Friday, Snapchat (which recently changed its name to Snap, Inc.) announced the coming release of its newest product: “Spectacles” - brightly colored, fun-looking sunglasses with a built-in camera that records videos in 10-second increments (which can be combined to form a video of up to 30-seconds in length) with the touch of a button. The videos can be stored in the sunglasses until a later time or uploaded to the user’s phone for immediate sharing with friends. The glasses are expected to retail for $130 which is only about one-tenth the price of the virtually defunct Google Glass, making Spectacles a product likely to be much more accessible to the average employee. Why does this matter to employers? Because it’s the latest challenge to companies striving to implement more secure data protection and privacy protocols in the workplace.
UK Data Protection Rules remain despite Brexit vote
The Equal Employment Opportunity Commission recently issued final regulations regarding employer wellness programs under GINA and the ADA.
On May 4, 2016, the White House released a report entitled “Big Data: A Report on Algorithmic Systems, Opportunity, and Civil Rights” to herald its focus on discrimination in “big data” assisted personnel screening algorithms. While the statement was too vague to inform the public of any new enforcement policy or the degree of sophistication with which such a policy might be enforced or even what institution will bear the burden of remedying the perceived issues, it is clear that the intended scope is expansive.
In February 2016, President Barack Obama directed his Administration to implement a Cybersecurity National Action Plan (CNAP) that “takes near-term actions and puts in place a long-term strategy to enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security.” (Fact Sheet: Cybersecurity National Action Plan, 2/9/2016) As part of that plan, the President highlighted the STOP. THINK. CONNECT. campaign, a global cybersecurity awareness campaign appealing for individuals to play a more significant role in Internet and network security.
Another new phishing scheme has tricked numerous employers into disclosing highly sensitive, employee information. In the wake of tax season, spoofing emails were sent to payroll and human resource personnel at various companies. The emails, appearing to be requests from upper level company officials, including in some instances the companies’ CEOs, requested employee W-2 tax forms that contain Social Security numbers and other personally ...