Wednesday, March 24, 2021

The trick is, you have to have a ‘best practices’ level plan AND you have to follow it.

https://www.jdsupra.com/legalnews/utah-becomes-the-second-u-s-state-to-7031711/

Utah Becomes the Second U.S. State to Establish Affirmative Defenses for Data Breach

In enacting the Cybersecurity Affirmative Defense Act, HB80, (Act) on March 11, 2021, Utah became the second state in the U.S. to create affirmative defenses for “persons” to certain causes of action arising out of a breach of system security.

The Act establishes the following three (3) affirmative defenses to tort-based claims brought under Utah law in a Utah state court:

  • A person that creates, maintains, and reasonably compiles with written industry-recognized cybersecurity regulations that were in place at the time of the breach has an affirmative defense to a claim that the person failed to implement reasonable information security controls that resulted in the breach;

  • A person that creates, maintains, and reasonably complies with their program and also had in place protocols for responding to a breach of system security at the time of the breach has an affirmative defense to a claim that the person failed to appropriately respond to a breach of a security system; and

  • A person that creates, maintains, and reasonably compiles with their program and also had in place protocols for notifying an individual about a breach at the time of the breach has an affirmative defense to a claim that the person failed to appropriately notify an individual whose personal information was compromised in a breach of a security system.





About time.

https://www.pogowasright.org/colorado-joins-list-of-states-proposing-privacy-laws/

Colorado Joins List of States Proposing Privacy Laws

Odia Kagan of FoxRothschild writes:

Colorado has introduced the “Colorado Privacy Act” bill (SB21-190).
Key things to note:
  • Recital notes that the “EU GDPR is emerging as a model for countries across the globe in data privacy.”
  • Consumer rights: access, correction, deletion, data portability and right to opt out of general collection and use of personal data not just use for sale.
  • Opt-in consent for processing sensitive data.
  • Affirmative obligation for information security.
  • Requirement for clear, transparent privacy disclosure,
  • Requirement for data protection assessments (for targeted advertising, sale, sensitive data).
  • Enforcement by AG.
  • Definition of “consent” modeled after Article 7 of GDPR.
  • Different definition of “de-identified data” which is similar to that under HIPAA.
  • Processing must be necessary, reasonable and proportionate to the specific purpose disclosed.
  • Controller is liable for a processor’s actions.
  • Requirement for controller/processor agreement but no specifics.

Read the full text of the bill.





The future law of the workplace?

https://www.vice.com/en/article/dy8n3j/amazon-delivery-drivers-forced-to-sign-biometric-consent-form-or-lose-job

Amazon Delivery Drivers Forced to Sign ‘Biometric Consent’ Form or Lose Job

Amazon delivery drivers nationwide have to sign a "biometric consent" form this week that grants the tech behemoth permission to use AI-powered cameras to access drivers' location, movement, and biometric data.

If the company’s delivery drivers, who number around 75,000 in the United States, refuse to sign these forms, they lose their jobs. The form requires drivers to agree to facial recognition and other biometric data collection within the trucks they drive.





...if you want to do business in Virginia.

https://www.huntonprivacyblog.com/2021/03/23/webinar-on-virginias-consumer-data-protection-act/

Webinar on Virginia’s Consumer Data Protection Act

On March 30, 2021, Hunton Andrews Kurth will host a webinar examining Virginia’s new Consumer Data Protection Act.





Speaking of privacy.

https://www.huntonprivacyblog.com/2021/03/13/edpb-releases-guidelines-on-virtual-voice-assistants/

EDPB Releases Guidelines on Virtual Voice Assistants

On March 12, 2021, the European Data Protection Board (“EDPB”) published its Guidelines 01/2021 on Virtual Voice Assistants for consultation (the “Guidelines”). Virtual voice assistants (“VVAs”) understand and execute voice commands or coordinate with other IT systems. These tools are available on most smartphones and other devices and collect significant amounts of personal data, such as through user commands. In addition, VVAs require a terminal device equipped with a microphone and transfer data to remote service. These activities raise compliance issues under both the General Data Protection Regulation (“GDPR”) and the e-Privacy Directive.





Interesting how the timing of one law impacts the utility of another.

https://fpf.org/blog/the-right-to-be-forgotten-is-not-compatible-with-the-brazilian-constitution-or-is-it/

THE RIGHT TO BE FORGOTTEN IS NOT COMPATIBLE WITH THE BRAZILIAN CONSTITUTION. OR IS IT?

The Brazilian Supreme Federal Court, or “STF” in its Brazilian acronym, recently took a landmark decision concerning the right to be forgotten (RTBF), finding that it is incompatible with the Brazilian Constitution. This attracted international attention to Brazil for a topic quite distant than the sadly frequent environmental, health, and political crises.

The fact that the RTBF has been predominantly analyzed and discussed through the European lenses does not mean that this is the only possible perspective, nor that this approach is necessary the best. In fact, the Brazilian conception of the RTBF is remarkably different from a conceptual, constitutional, and institutional standpoint. The main concern of the Brazilian RTBF is not how a data controller might process personal data (this is the part where frustration and disappointment might likely arise in the reader) but the STF itself leaves the door open to such possibility (this is the point where renewed interest and curiosity may arise).





Makes perfect sense to me.

https://www.cpomagazine.com/data-privacy/todays-cpo-tomorrows-general-counsel/

Today’s CPO, Tomorrow’s General Counsel

The future belongs to those who understand data. Nowhere will this adage be truer than in the General Counsel’s office. As data privacy is reaching the fore of consumer consciousness, and as the United States inches toward a possible federal data privacy law, an increasing number of Chief Privacy Officers are being tapped for the ultimate legal hot seat: the General Counsel spot.





Thinking ahead?

https://www.lexology.com/library/detail.aspx?g=c773be0f-6e4a-4ed1-911d-d8fdfca1c1d0

Protecting Privacy in the Era of AI

This article was originally published in the Canadian Bar Association's periodical, National Magazine, on March 16, 2021. Click here for the original article.

When it introduced its new privacy bill, the federal government took its first major step in modernizing the regulation of artificial intelligence in Canada.

Bill C-11, tabled in November 2020, will, among other things, create a new Consumer Privacy Protection Act (CPPA), which contains a novel addition to Canadian privacy law: the right to an “explanation” concerning decisions made by an automated decision system. It’s a welcome measure, but the government must now give organizations better guidance on what constitutes a meaningful explanation.

Under section 63(3) of the CPPA, individuals have a right to an explanation about the use of an automated decision system to make a prediction, recommendation or decision about them and how their personal information was used in the process.

Automated decision system” means “any technology that assists or replaces the judgement of human decision-makers using techniques such as rules-based systems, regression analysis, predictive analytics, machine learning, deep learning and neural nets.‍”





Right now, it’s at the level of a one celled organism.

https://www.itproportal.com/features/data-privacy-must-evolve-in-an-ai-centric-world/

Data privacy must evolve in an AI-centric world

… In the end, a best practice approach to Secure AI requires an organization to identify and define the end-to-end process for collecting data; building and deploying AI platforms that can use protected sensitivity of data; and developing an IT framework that ensures data in motion can remain protected and anonymized when necessary. This need extends to websites, apps, devices, and other systems. Likewise, it’s vital to keep an eye on what changes as various data sources and models change—and impact one another.

Finally, there’s a need to know that specific tools protect data across an ecosystem. This includes multi-cloud and hybrid-cloud environments (including containers and migrations that occur within clouds); AI protection solutions that anonymize, de-identify, or tokenize data and access; encryption methods such as homomorphic encryption that can hide the actual data even while it’s being analyzed; policy enforcement frameworks that support initiatives like GDPR and the California Consumer Privacy Act; and robust privacy reporting and auditing tools to ensure that systems are performing as expected.





Let’s hope we’re not “shut-ins” long enough to read all of these!

https://www.bespacific.com/open-syllabus-project-visualizes-the-1000000-books-most-frequently-assigned-in-college-courses/

Open Syllabus Project Visualizes the 1,000,000+ Books Most Frequently Assigned in College Courses

Open Culture -“The Prince, The Canterbury Tales, The Communist Manifesto, The Souls of Black Folk, The Elements of Style: we’ve read all these, of course. Or at least we’ve read most of them (one or two for sure), if our ever-dimmer memories of high school or college are to be trusted. But we can rest assured that students are reading — or in any case, being assigned — these very same works today, thanks to the Open Syllabus project, which as of this writing has assembled a database of 7,292,573 different college course syllabi. Greatly expanded since we previously featured it here on Open Culture, its “Galaxy now visualizes the 1,138,841 most frequently assigned texts in that database, presenting them in a Google Maps-like interface for your intellectual exploration…”





Tools.

https://www.freetech4teachers.com/2021/03/forky-simple-mind-mapping-tool.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+freetech4teachers/cGEY+(Free+Technology+for+Teachers)

Forky - A Simple Mind Mapping Tool

Forky is a new mind mapping tool that fits into the category of simple but effective.

Forky is a free mind mapping tool that focuses on just connecting text boxes. As you'll see in this video, all that you have to do to make a mind map with Forky is to double-click on the screen then start typing in the text box that appears when you double-click. To add a new connected idea just hit the tab key on your keyboard and a new text box appears for you to type in. If you want to create a new text box that isn't connected to a previous one, just double-click somewhere else on your screen. You can make connections between boxes after they're written by simply holding the shift key while clicking on one box then another.

Forky doesn't include support for inserting images, video, or any other media. It's just for writing a series of connected ideas. You can invite other people to view your Forky mind maps via email.

Here's my complete video overview of Forky.



No comments: