WHAT DO TARGET, GOOGLE, APPLE and SAMSUNG ALL HAVE IN COMMON?
If you answered multimillion-dollar fines for data privacy violations, you’d be right.
But you don’t have to be Google to face a crippling lawsuit that could threaten the future of your business.
Second Edition released in October 2017 and written in accessible language by experienced US and internationally-qualified professionals, DATA PRIVACY LAW: A Practical Guide (ISBN: 978-0-9995127-1-5, US$49) enables practitioners to develop a quick and comprehensive understanding of your company’s legal obligations to protect client data.
Data Privacy Law: A Practical Guide answers questions like
- Which are the key data privacy law standard-setting bodies in the US and internationally?
- Does cross-border selling expose you to data privacy compliance risks in foreign countries?
- Can you effectively offload your legal responsibilities to protect customer data to outsourced third-party service providers like web hosts and payment processors?
- How do online marketing strategies like re-targeting affect your exposure to data privacy laws?
- What are your legal obligations after discovering a data privacy breach?
- What legal risks are involved in Web-based file sharing services like Dropbox?
- At what stage must you appoint a Data Protection Officer?
- How to document your company’s compliance with its data privacy policy?
- … and many more
CONCRETE EXAMPLES are introduced throughout the text and are annotated to illustrate the implications of applicable laws on data privacy policies.
ESSENTIAL SUMMARIES ensure that key applicable data privacy laws of the US, Canada, EU, Australia and key emerging markets, are taken into account when designing your company’s data protection policies.
We also provide specific recommended courses of action to follow to mitigate liability following a data privacy breach.
We cover both CONSUMER and COMPANY data privacy and protection rules.
If you are creating, managing or complying with data privacy policy in an organization, this book was written for you.
Data Privacy Law: A Practical Guide is co-written by
Gwen “Wendy” Kennedy BA, JD, LLM (Cantab). Wendy is an international attorney specializing in assisting multinational enterprises in managing their global risks, particularly in relation to compliance, data privacy, and taxation. She is a former university lecturer in international law and is a qualified attorney in the US and a solicitor in the UK.
Leighton Peter Prabhu BCom MPhil (Cantab) CA CPA. Peter is a public accountant, auditor and financial advisor who has worked with clients in more than 25 countries. Peter is particularly experienced in the cross-border e-commerce sector and has worked with both startups and some of the largest international financial institutions.
Content Overview
Chapter One provides an overview of data privacy. Answering a few of the more frequently asked questions, including, who needs a data privacy policy, what is the difference between data privacy and data security and where liability may arise.
Chapter Two examines data privacy laws in both the U.S. and Canada.
In Chapter Three the EU General Data Protection Regulation is introduced. The GDPR, when implemented, will be the most stringent data privacy laws in the world and will form the basic tenets for most data privacy laws around the world.
Chapter Four outlines regional trends around the globe and discusses how data privacy laws differ from country to country, in some cases causing multijurisdictional conflicts.
Chapter Five examines outsourcing, business-to-business (“B2B”) issues and data breach insurance.
In Chapter Six you will find information on what to do in the case of a data privacy breach, how to prevent incidences and reduce risks.
Chapter Seven sets out what substantive provisions should be included in a data privacy policy and how to draft a policy that conforms with the strictest data privacy laws that might be applicable to your business. It includes suggestions on how to streamline your data privacy policy to maximize the compliance in jurisdictions with less rigorous laws.
DATA PRIVACY LAW: A Practical Guide
Table of Contents
Preface
Content Overview
Acknowledgements
About the Authors
Chapter One: Who Needs a Data Privacy Policy?
Introduction
What is the Difference Between Data Privacy and Data Security?
Why Do Businesses Collect Personal Information?
Is the Need for a Data Privacy Policy Urgent?
Two Case Studies: Toysmart and DoubleClick
Use of Third-Party Vendors
Who’s in Charge?
What is a Data Protection Officer?
Who Needs a Data Protection Officer?
Chapter Two: Compliance with Data Privacy Laws: A Survey of U.S. and Canadian Law
Introduction
United States Data Privacy Laws
Canadian Data Privacy Laws
Chapter Three: EU Data Protection Legislation
Introduction
EU Historical Concern for Data Privacy and Protection
The General Data Protection Regulation (“GDPR”)
The Governing Principles
Data Transfers Outside the EU
Chapter Four: Regional Trends and Multijurisdictional Conflicts
Regional Trends
Multijurisdictional Conflicts in Data Privacy Laws
Chapter Five: Outsourcing
Introduction
Use of a Cloud Service Provider to Collect, Store and Transfer Information
Data Breach Insurance
Chapter Six: Responding to an Incident
Incidence Response Timing and Process
Training
Data Retention and Disposal
Enforcement Actions
Chapter Seven: The Data Privacy Policy
Introduction
What Should Be Included in a Data Privacy Policy?
Contents
Data Classification
Combining Personal Information from Multiple Sources
Collecting and Processing Personal Information
Required Provisions
Sample Privacy Policy Template
Endnotes
How to Stay Updated
Additional readings relating to data privacy from our blog
- How do Changes to UK Consumer Law Affect E-commerce Businesses?
- Outsourcing Data Management: The Risk
- Google Facing Lawsuit for Scanning Data of Students
- Employees Need to Understand Data Security Risks
- France is finished with Big Data Privacy Violations
- New Australian Privacy Laws for Businesses: The Highlights
- Data Protection: Where does “Processing” Occur?
- A Presumption of Consent – The Cookie Conundrum
- What Can Be Learned from Google’s Missteps
- U.S. FTC Cracks Down on Customer Data Privacy Violations
- Data Privacy and Consumer Analytics
- You Don’t Need to be Target to Get Sued Over Data Privacy Violations
- 2014: Data Privacy and a Big Boon for EU Companies
- Data Privacy in the Cloud
- Should Marketing Companies Pay for the Right to Use Personal Information?
- Does One Size Fit All? Data Privacy Considerations in Global Transactions