In my legal work for clients, I’m not content with using AI-generated content.
Information Bytes
The law blog for data with people problems
Blog Authors
Latest from Information Bytes
PII Breach Notification Laws: the seas remain choppy
As we watch the tsunami of state comprehensive consumer privacy laws now spreading from California across the U.S., it’s time to revisit the flood zone of state-level PII breach notification statutes, which also flowed forth from California back in 2002. By 2018 that wave had reached every state, along with the District of Columbia, Puerto…
Less Data is Now Even More Than Ever
In the real world, what to do has never been as impactful as why to do it. For the 2020s, the newest impetus for managing information retention and disposal is crystal clear – data privacy and security compliance…
Less Data #6: Explosion of new state consumer privacy laws compels deletion of unnecessary data
We’re witnessing a “rapid, unscheduled disassembly” (thanks SpaceX) of comprehensive consumer privacy laws across the United States. While these new state laws generally have a different, sleeker structure than California’s CCPA/CPRA, they share a similar impact – each such law incents covered businesses to delete unnecessary data.…
Less Data #5: With CPRA, California doubles down on deleting unnecessary data
Last month California finalized its updated regulations under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). With the CPRA, California has upped the ante on requiring data retention schedules and disposal of unnecessary data.
As always, to fully appreciate where we are, we need to remember from where…
Less Data #3: New FTC enforcement actions require retention schedules and data disposal
We’ve already seen how new FTC regulations for GLBA-regulated financial institutions require retention schedules and disposal of unnecessary data as essential data security controls. The FTC is now also taking that position for all businesses under Section 5 of the FTC Act, as seen in a slew of recent FTC data security enforcement actions.
Two…
Less Data #2: New FTC Safeguards Rule requirements for data disposal
The FTC has updated its data security regulations for the financial institutions it regulates under the Gramm-Leach-Bliley Act (GLBA). The FTC’s revised requirements for information security programs, effective June 1, 2023, will now mandate data retention policies and disposal of unnecessary customer information.
To appreciate what this means, we must take a quick look at…
Why govern our information? Reason #3: “Your” data may actually belong to others … and you’re responsible to take care of it.
As you toss and turn in bed, you picture yourself on a strange playing field with other athletes swirling around you. You have absolutely no idea what sport you are playing, nor a clue what the rules are. It all feels beyond embarrassing, and downright dangerous.
This is not just a bad dream – it’s…
Why govern your information? Reason #3: “Your” information may belong to others … and you’re responsible to take care of it.
It’s a common nightmare. As you toss and turn in bed, you picture yourself on a strange playing field with other athletes swirling around you. You have absolutely no idea what sport you are playing, nor a clue what the rules are. it’s not only embarrassing – it’s downright dangerous.
This is not just a…
Equifax breach – the good, the bad, and the ugly
The aftermath of the Equifax breach continues. First, the Ugly:
Music Major? Really?
The hoi polloi apparently find it offensive that Equifax’s Chief Security Officer, fired in the breach’s wake, had a music degree. The implication is that someone formally trained long ago in music is clearly incompetent to have a career in IT or Infosec,…