Privacy Compliance & Data Security Blog

Odia is a frequent contributor to the firm's Privacy Compliance & Data Security blog, writing regularly on a wide variety of emerging international data privacy and cybersecurity issues. Topics include the European Union's General Data Protection Regulation, the California Consumer Privacy Act and Pacific Rim data privacy initiatives.

Read Odia's most recent posts below or view a complete list of all her articles.

Recent Blog Posts

  • Hungary Offers Employers a GDPR Compliance To Do List for Processing Data in the Pandemic Hungary’s Data Processing Authority offers a GDPR compliance to do list for employers. Collect and process only what you need  Abide by the emergency laws  Devise a pandemic contingency plan  Adopt full transparency Read my detailed analysis on the Hungary Nemzeti Adatvédelmi és Információszabadság Hatóság guidance.... More
  • FCC: Auto-Dialed Calls, Texts on Coronavirus Health and Safety Exempt From Consent Requirements The Federal Communications Commission clarifies that auto-dialed calls and SMS messages regarding COVID-19 are exempted from Telephone Consumer Protection Act (TCPA) consent requirements. Efforts to slow the spread of the disease depend on effective communications about measures to mitigate transmission of the illness, as well as other health and safety information. Automated calls to wireless numbers made necessary by imminent danger including “health risks” affecting health and safety are made for an emergency purpose and do not require prior express consent to... More
  • Global Privacy Assembly: Possible to Fight COVID-19 and Protect Privacy The Executive Committee of the Global Privacy Assembly (GPA) weighs in on data privacy and the coronavirus pandemic. The universal data protection principles in all our laws will enable the use of data in the public interest and still provide the protections the public expects. Data protection authorities stand ready to help facilitate swift and safe data sharing to fight COVID-19. Health data is considered sensitive across many jurisdictions, but work between data protection authorities and governments means we have already seen... More
  • COVID-19 May Delay Implementation of Brazil’s Data Protection Regulations Brazil may delay implementation of its LGPD data protection regulations beyond the August 2020 go live date. “The COVID-19 crisis will likely result in the postponement of the go-live date for Brazil’s general data protection regulations. According to industry observers, the pandemic is seen as a fair justification to delay the go-live date for the regulations, which are due to be enforced in August 2020.” According to Brazilian privacy lawyer and member of the education advisory board at the International Association of... More
  • CA Privacy Expert Suggests CCPA Enforcement Should be Delayed Santa Clara University professor and privacy law expert Eric Goldman says CCPA enforcement should be delayed. “The DOJ should relax the July 1, 2020 enforcement date. California has declared a state of emergency and is on indefinite lockdown due to COVID-19. This is not business as usual” – says Goldman. “These circumstances significantly hamper businesses’ ability to respond to the constantly-changing requirements of the draft regulations. Due to illness or layoffs, some businesses will not have employees available to implement the new... More
  • Canada Data Privacy Regulator: Limited Circumstances Allow Data Collection Without Consent Canada’s Office of the Privacy Commissioner weighs in on data processing under COVID-19: “There are some circumstances under which organizations may collect, use or disclose personal information without consent, including: Collection in the interests of the individual and consent cannot be obtained in a timely way, e.g. critical illness. Collection and use for making a disclosure required by law, e.g. public health authority requires it. Disclosure requested by a government institution under a lawful authority to obtain the information and is for the purpose... More
  • European Data Protection Supervisor: Pandemic Raises Fundamental Rights Questions The European Data Protection Supervisor weighs the impact of the COVID-19 on future data protection strategy and fundamental rights. “Covid-19 is a game changer. Thinking about the EDPS’ strategy for the next five years, we have to look again at our text. Whatever happens in the next few weeks, we know the words will not be the same. We will all be confronted with this game changer in one way or another. And we will all ask ourselves whether we are... More
  • Data Access Requests in the Age of COVID-19, Guidance from Ireland Ireland’s Data Protection Commission weighs in on the issue of COVID-19 and data access requests: “The Data Protection Commission acknowledges the significant impact of the Covid-19 health crisis which may affect organisations’ ability to action GDPR requests from individuals, such as access requests. While the statutory obligations cannot be waived, should a complaint be made to the DPC, the facts of each case including any organisation specific extenuating circumstances will be fully taken into account.” Organizations should: communicate with individuals about the handling of... More
  • NYDFS Extends Cybersecurity Compliance Deadline Due to COVID-19 Pandemic Coronavirus and Data Protection: New York Department of Financial Services had extended the deadline for compliance with its cybersecurity requirements. The Superintendent of Financial Services of the State of New York recognizes that COVID-19 may present compliance challenges for certain regulated entities and persons in meeting their legal obligations. Therefore the deadline for submission of Certifications of compliance with cybersecurity requirements, and transaction monitoring and filtering programs, is extended by 45 days from the original due date. Several other deadlines were extended as... More
  • Could COVID-19 Delay CCPA Enforcement? Should enforcement of the California Consumer Privacy Act be delayed? The current outbreak of COVID-19 warrants delaying enforcement of California’s new privacy law to January 2021, dozens of organizations say in a letter sent this week to state Attorney General Xavier Becerra. “Now is not the time to threaten business leaders with premature CCPA enforcement lawsuits,” the organizations write. “A temporary deferral in enforcement of the CCPA would relieve many pressures placed on organizations due to COVID-19 and would better enable business... More