Exterro's Legal GRC Breakdown

Get your daily dose of news, best practices, and technology from Exterro's e-discovery, privacy, and digital forensics experts here.

4 Tips for Keeping Up with State Privacy Laws

Created on September 12, 2023

Director of Marketing, Privacy

Today’s privacy landscape is more complex than ever. As of late summer in 2023, five states have privacy laws in effect, with eight more set to roll out over the next two and a half years. In addition, another five states have active bills that could become law. These laws have different provisions governing to whom they apply, what rights consumers have, and what businesses’ obligations are. Complying with this fragmented patchwork of laws is rapidly becoming untenable—if it isn’t already impossible.  These forthcoming state frameworks may exert pressure on the... Read More

What Is the Global Privacy Control--and Why Does It Matter?

Created on September 6, 2023

Director of Marketing, Privacy

What Is the Global Privacy Control (GPC)? The Global Privacy Control is an update to the "Do Not Track" browser signal that the ad world successfully killed 10 years ago. According to globalprivacycontrol.org, it is a proposed specification designed to allow Internet users to notify businesses of their privacy preferences, such as whether or not they want their personal information to be sold or shared. It consists of a setting or extension in the user’s browser or mobile device and acts as a mechanism that websites can use to indicate they support the specification... Read More

Key Privacy Updates from Summer 2023

Created on August 31, 2023

Director of Marketing, Privacy

If there's one thing that's been true in the world of privacy over the last few years, it's that there is never a dull moment--and that certainly is the case for the summer of 2023. In terms of new laws and regulatory updates, we've seen some action internationally, but it's really paled in comparison to what is happening at the state and federal level in the US. When we look back over the last few months, though, three trends emerge as being especially important.European Privacy Regulators Define a Status Quo It makes sense... Read More

Colorado's Privacy Law Is In Effect. Are You Ready?

Created on July 14, 2023

Director of Marketing, Privacy

On July 8, 2021, Colorado became the third state with a comprehensive privacy law protecting its citizens when Governor Jared Polis signed the Colorado Privacy Act (CPA) into law. The law, which went into effect on July 1, 2023, provides several privacy rights to Colorado citizens, as well as requiring websites to have a privacy policy and imposing fines for failure to comply with its requirements. With substantial financial penalties attached, the risks of non-compliance can add up quickly.  The CPA is part of a patchwork of state laws that govern consumer... Read More

Data Privacy Alert: Brazil Announces Sanctions for Violations of LGPD

Created on April 24, 2023

Director of Marketing, Privacy

While the Brazilian General Data Protection Law (LGPD) was signed into law in 2018 and has been in effect since 2020, until recently it lacked an enforcement mechanism. In February 2023, Brazil’s Data Protection Agency (ANPD) announced the sanctions available under the law and now has the means to enforce compliance. Overview The LGPD brings 40 different laws governing personal data in Brazil under a single umbrella. It applies to at least 12,000 large companies (over 250 employees) that control or process data involving Brazilian citizens, granting them rights to confirm... Read More

Data Privacy Alert: Iowa Passes Comprehensive Consumer Privacy Law

Created on April 11, 2023

Director of Marketing, Privacy

While momentum for a comprehensive federal privacy law remains sporadic, state legislatures continue to pass privacy laws to protect their citizens. Iowa recently signed into law a comprehensive privacy law, becoming the sixth state to do so. It will go into effect on January 1, 2025. Overview On March 28, 2023, Iowa Governor Kim Reynolds signed into law Iowa Senate File 262, making Iowa the sixth US state with a comprehensive consumer privacy law, joining California, Colorado, Connecticut, Utah, and Virginia. Similar to other state laws, Iowa’s new law grants Iowa... Read More

Data Privacy Alert: Telehealth Therapy Service Latest Organization Targeted by FTC for Privacy Violations

Created on March 28, 2023

Director of Marketing, Privacy

The Federal Trade Commission continues to be a powerful force reining in privacy abuses against American consumers. In March 2023, the FTC announced a proposed $7.8 million settlement with BetterHelp, an online therapy and counseling service, for repeatedly violating its promise to consumers “not to use or disclose their personal health data.” Overview  Considering that health information, and mental health information in particular, are quite sensitive and confidential, online counseling service BetterHelp (acquired by telehealth company Teladoc in 2015) repeatedly violated its customers’ trust by disclosing said information to a variety... Read More