A new Federal Communications Commission settlement with T-Mobile who has suffered multiple data breaches requires the major carrier to upgrade its business practices. 

The full implications of the recent case are outlined in the commission's statement that accompanied the settlement, where the FCC indicated that the extensive cybersecurity measures T-Mobile agreed to will "serve as a model for the mobile telecommunications industry." 

In April of this year, a bipartisan group of lawmakers introduced the American Privacy Rights Act (APRA) to establish comprehensive national standards national framework for data privacy in the United States. APRA aims to unify data privacy standards across the country.

Five police officers in Nelson, B.C. have just launched a constitutional challenge in the B.C. Supreme Court claiming that their privacy rights were violated during an investigation into their WhatsApp messages. They were accused of swapping inappropriate content on their personal smartphones.

Ticketmaster acknowledged in May that hackers stole 560 million customers’ data for ransom. In a a U.S. Securities and Exchange Commission filing on May 20th, the company confirmed unauthorized activity. Ticketmaster’s parent company, Live Nation Entertainment, said it had “identified unauthorized activity within a third-party cloud database environment.”

The FTC recently announced that it is referring its investigation into TikTok to the Justice Department, with allegations that the social media app is violating children’s privacy regulations.

On May 15, 2024, the government of Quebec published the final version of the Regulation respecting the anonymization of personal information  (Anonymization Regulation), which establishes requirements for organizations subject to Quebec’s Law 25, that amends Quebec’s Act respecting the protection of personal information in the private sector (Quebec Privacy Act).

On May 17, 2024, Governor Jared Polis signed the Colorado Artificial Intelligence Act (SB 24-205) (CAIA), regulating the development, deployment, and use of artificial intelligence (AI) systems.

In the Supreme Court of Canada’s March 2024 decision R. v. Bykovets, 2024 SCC 6, Internet protocol (“IP”) addresses were found to attract a reasonable expectation of privacy under section 8 of the Canadian Charter of Rights and Freedoms (“Charter”).

On April 2, 2024, the California Privacy Protection Agency issued its first Enforcement Advisory 2024-01, reminding businesses that data minimization is a foundational principle of the California Consumer Protection Act (CCPA).

The de-identification of personal data and the myriad of methods and algorithms that can be applied to data has received significant attention in the past year.

The second enforcement action publicly announced since the California Consumer Privacy Act (CCPA) took effect in January 2020 involved food delivery company DoorDash, who agreed to pay a $375,000 fine as part of settlement announced by the California Attorney General. The first action against Sephora involved a $1.2 million penalty in August 2022.

In an article published by the Association of Corporate Counsel, I discuss the delicate relationship between privacy oversight and the role of the in-house lawyer. This blog post summarizes the interview.

Here's a look at the major AI events of 2023, what may come in 2024, and some practical tips for responding to the challenges and opportunities that lie ahead…

Artificial intelligence technology matured significantly in 2023, resulting in a flood of laws and standards in an attempt to regulate it. In Canada, September saw the Minister of Innovation, Science and Industry release a “Voluntary Code of Conduct on the Responsible Development and Management of Advanced Generative AI Systems”.

In an era dominated by digital interactions and evolving privacy compliance requirements,…

On July 10th, the European Commission issued an adequacy decision for the EU-US Data Privacy Framework, signaling that the United States provides an adequate level of protection for personal data transferred from the EU to US companies, if those companies have self-certified and adhere to certain Data Privacy Framework Principles.

PIPEDA Findings # 2024-001, released on February 29, 2024, involving MindGeek’s consent confirmation processes provides an important reminder of the importance of ensuring consent of a data subject before their sensitive information will be disclosed.

Next week I deliver in-depth privacy training to prepare individuals for their IAPP CIPP/C exam and we’ll definitely be discussing federal Bill C-27.

Privacy breach management and reporting is certainly receiving a great deal of attention in Canada. As of February 1st, 2023, public bodies in B.C. are now required to report privacy breaches to the Information and Privacy Commissioner of British Columbia if the breach could be expected to result in significant harm.

Recent privacy concerns regarding Home Depot’s sharing of personal data between 2018 and October 2022 with Meta, which operates social media giants Facebook and Instagram is clearly a widespread issue that has alarmed privacy regulators and the public.