Implementing Privacy by Design, Part 1: Understanding Personal Information

Almost every jurisdiction worldwide, whether state, provincial, or national, has enacted privacy and data security laws. At their heart, these laws are designed to set the parameters for the protection of the personal information that is being gathered by businesses. This program, taught by privacy and cybersecurity attorneys Amy Goldsmith and Federica Rigato, will review, compare, and contrast the various definitions of "personal information," "personally identifiable information," and "personal data" under several state laws, including those of New York and California, as well as under Europe's General Data Protection Regulation ("GDPR"). What personal information is being collected and processed and by whom? What are the responsibilities of the different businesses in the chain? This program will also review a model questionnaire that service companies may receive from their clients and a model audit.

Learning Objectives:

1. Discuss the various definitions of personal information

2. Evaluate state laws and learn which businesses are subject to their provisions

3. Analyze the GDPR

4. Review a model questionnaire and a model audit