News Alerts and Breach Report for Week of May 22, 2023

European Parliament Discusses Privacy Framework With U.S.

Members of the European Parliament (MEPs) will meet with Federal Trade Commission Chair Lina Khan last week, as part of a trip to discuss international relations with the U.S. The EU Parliament recently voted to reject the Trans-Atlantic Data Privacy Framework (DPF), which would create a legal protocol for transferring personal data between both entities, and “pertinent aspects” of the DPF will be discussed with the U.S. Department of Justice’s Data Protection Review Court and the Office of the Director of National Intelligence, according to IAPP.

Vietnam’s Data Privacy Law Will Take Effect in Seven Weeks

Last month, Vietnam issued Decree No. 13/2023/ND on the Protection of Personal Data (Decree). The Decree will take effect in just seven weeks on July 1 and will be Vietnam’s first comprehensive data privacy law. The law applies to all domestic and foreign businesses located in Vietnam or processing “basic personal data” and “sensitive personal data” in Vietnam. Specifically, “The Decree applies to (i) any Vietnamese agency, organization or individual; (ii) any foreign agency, organization or individual in Vietnam; (iii) any Vietnamese agency, organization or individual operating abroad; and (iv) any foreign agency, organization or individual that processes personal data in Vietnam.” The Decree is built around eight privacy principles: purpose limitation, data minimization, lawfulness, transparency, accuracy, confidentiality, accountability, and storage limitation classifies sensitive personal data as any “personal data that, when violated, will directly affect an individual’s legitimate rights and interests,” which includes but is not limited to individuals’ names, addresses, relationship status and sexual behavior, race, political and religious views, location information, financial and medical data, and biological characteristics. ADCG will release an explainer in the coming weeks.

Tennessee Passes Data Privacy Law

Governor Bill Lee signed the Tennessee Information Protection Act (TIPA) into law on May 11. According to JD Supra, the law, which is similar to California’s Consumer Privacy Act, affects “entities that conduct business in Tennessee or provide products or services to Tennessee residents, exceed $25 million in revenue, and control or process information of 25,000 or more Tennessee consumers per year and derive more than 50% of gross revenue from the sale of personal information; or control or process information of at least 175,000 Tennessee consumers.” TIPA does not grant consumers a private right of action in the case of violations. Rather, enforcement is handled by the Tennessee Attorney General, who must provide 60 days’ written notice of enforcement to violators, and the opportunity to cure the violation before incurring enforcement action. “If the alleged violations are not cured, the Tennessee Attorney General may file an action and seek declaratory and/or injunctive relief, civil penalties up to $7,500.00 for each violation, reasonable attorney’s fees and investigative costs, and treble damages in the case of a willful or knowing violation.” ADCG’s explainer is forthcoming.

BREACH REPORT

* * * * * * *

To read our latest article, Federal Agencies to Require New Vendor Verification Process, click here.

Jody Westby hosts our podcast, ADCG on Privacy & Cybersecurity, bringing together leaders in the privacy and cybersecurity arenas to discuss a wide range of issues ranging from the proposed federal and state regulations to best practices and standards for compliance. Episodes can be enjoyed on many platforms including Spotify and Apple Podcasts. Don’t forget to subscribe!

Our most recently released episodes:

91 | Managed Detection & Response; The Path Forward

90 | AdTech Meets Privacy Laws

89 | Quantum Technologies: What is Possible, Where We Are Headed & Policy Issues to Consider

To browse our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.

Previous
Previous

Federal Agencies to Institute New Vendor Verification Process

Next
Next

This New Cryptography Tool Could Ease Compliance Burdens, Part II: Three Ways NTT’s Cryptography Research Could Aid Data Privacy Compliance