WRITING | CONSULTING | EDUCATING | SPEAKING 

Policy Patty Toolkit 
 

Making the world a little more compliant one toolkit at a time.

Blog

California Has a New Consumer Privacy Law

Posted on July 1, 2018 at 11:55 AM

The California Consumer Privacy Act initiative was approved on June 28, 2018. As a result, some of the rights consumers will have because of this important law:

• Right to know all data collected by a business on you

• Right to say NO to the sale of your information

• Right to DELETE your data

• Right to be informed of what categories of data will be collected about you prior to its collection, and to be informed of any changes to this collecti...

Read Full Post »

City of Chicago Issues New Data Protection Ordinance

Posted on June 18, 2018 at 1:25 PM

The City of Chicago recently introduced the Personal Data Collection, and Protection Ordinance (“the Ordinance”) requiring: (1) prior opt-in consent from Chicago residents to use, disclose or sell their personal information; (2) notice to affected Chicago residents and the City of Chicago in the event of a data breach; (3) registration requirements if business qualifies as “data brokers;” (4) specific notification to mobile device users for location services; and ...

Read Full Post »

GDPR is Here

Posted on May 24, 2018 at 8:50 AM

The EU's General Data Protection Regulation (GDPR) takes effect today (May 25th Compliance Date). If your organization is subject to these sweeping data protection requirements on processing personal data, it should be following a plan to address the regulation's requirements. In sum, these include:

• Application of the regulation to your organization (what applies to determine priorities and focus)

• Project team and project plan to coordinate efforts

• Da...

Read Full Post »

GDPR: WP29 Updated Guidance on Consent

Posted on April 18, 2018 at 2:30 PM

The Article 29 Working Party (WP29) has issued its guidance on consent requirements under the EU’s General Data Protection Regulation (GDPR). While much remains the same as the previously-issued draft guidance, some aspects have changed.

The GDPR defines ‘consent’ as:

‘any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the pr...

Read Full Post »

FINRA Investor Alert - Know Before You Share: Be Mindful of Data Aggregation Risks

Posted on March 29, 2018 at 1:45 PM

FINRA issued an Investor Alert to help consumers consider the risks of sharing personal financial account information and other sensitive information with data aggregators. These companies offer financial data aggregation services that put information about financial holdings typically in a personal financial management hub or portal. The data used to create these reports come from consumers that usually agree to provide the aggregator with the login information for all of his or her financia...

Read Full Post »

PayPal settles with the FTC over alleged Venmo disclosure failures

Posted on February 28, 2018 at 12:50 AM

The Federal Trade Commission (FTC) settled with PayPal, Inc. over allegations that:

• the company told users of its Venmo peer-to-peer payment service that money credited to their Venmo balances could be transferred to external bank accounts without adequately disclosing that the transactions were still subject to review and that funds could be frozen or removed;

• Venmo

o misled consumers about the extent to which they could control the privacy of their transac...

Read Full Post »

FTC Staff Perspective Recaps Workshop Examining Privacy, Security Issues Related to Connected Cars

Posted on January 15, 2018 at 9:50 AM

The Federal Trade Commission’s Bureau of Consumer Protection detailed the key takeaways from the June 28, 2017, workshop the Commission co-hosted with the National Highway Traffic Safety Administration focused on privacy and security issues related to connected cars.

The notice summarizes important themes from the discussion by panelists at the full-day workshop. This included various issues related to connected and automated vehicles that collect data. They include:

•...

Read Full Post »

Identity Theft Guidance from the FTC

Posted on December 19, 2017 at 12:35 AM

The guidance from the Federal Trade Commission (FTC) covers the Fair Credit Reporting Act (FCRA) Section 609(e). This section sometimes called “the business records turnover provision.” requires, among other things, you to provide identity theft victims – or law enforcement at the victim’s request – with a copy of records relating to the theft. This information must be provided:

• following a written request from an identity theft victim;

•...

Read Full Post »

A Guide to the role of the Data Protection Officer

Posted on October 19, 2017 at 7:10 PM

The attached blog provides a good overview of the role Data Protection Officer (“DPO”) associated with the EU General Data Protection Regulation (‘GDPR”). Some EU data protection laws do require this role, but finally, the adoption of new rules relating to Privacy Seals by the French Data Protection Authority (CNIL) harmonizes varying requirements. The blog provides the following:

• mandate or legislate for the appointment of the DPO, for example, Ger...

Read Full Post »

FTC issues guidance for small businesses on data safeguards

Posted on October 12, 2017 at 7:55 AM

The FTC issued a series of guidance on how small business can protect their data from deletion, hacking, or theft. The information is issued as part of overall efforts to promote awareness during National Cybersecurity Awareness Month. The effort is designed to give access to the resources the FTC has to help you and your employees understand cybersecurity, maintain your business’ computer networks safely, and keep sensitive information protected.

This guidance includes:

...

Read Full Post »