Data Security

My Friends Call Me Murphy … You Call Me RoboCall

Pesky telemarketing calls that plagued consumers in the 1990s were severely reined in through a combination of technology, such as caller ID, and legislation, such as the Telephone Consumer Protection Act of 1991 (“TCPA”). The TCPA regulates unsolicited marketing activities directed at residential telephones, including land lines and mobile phones by voice call or text. Among other things, the TCPA, as amended over the years:

  1. Established the national Do Not Call registry whereby consumers may register their numbers and organizations may be fined for directing unsolicited marketing activities to those registrants’ phones;
  2. Restricts the time periods during which unsolicited marketing calls and texts may be sent;
  3. Prohibits the use of pre-recorded phone contacts, such as robocalls and robotexts; and
  4. Prohibits the use of automated dialing technologies, such as autodialers.

Importantly, there are several phone and text activities that are exempt from TCPA regulation. Unsolicited marketing contact by phone from charities, political groups, debt collectors, surveys, and companies the recipient has either recently done business with or has given written permission may be exempted from certain TCPA regulations. In addition, if the nature of the unsolicited contact is not to market goods and services to consumers, it would not run … Keep reading

Less Than Two Months Until New Chinese Data Security Law Goes Into Effect

Earlier this June, China passed the Data Security Law (“DSL”), which will go into effect on September 1, 2021. Unlike many international data security laws, the DSL is not restricted to personal information and instead regulates data broadly to include any record of information in electronic or other forms. However, consistent with many international privacy and data security laws passed post-GDPR, the DSL will have extraterritorial reach.

Specifically, the DSL applies not only to processing personal data within China but also to any personal data processing activities that occur outside of China that threaten Chinese national security, public interest, or the lawful interests of its citizens or organizations. If this describes something your organization engages in, here are the top operational requirements covered by the DSL:

  1. Establish a data security management system across the organization. This should include providing data security training, implementing appropriate measures to safeguard data, and designating a data security officer if the organization processes important data.
  2. Actively monitor data security risks. When a risk is discovered, such as data security defects or leaks, the organization must take immediate remedial actions. When a data security incident occurs, the organization must immediately take responsive measures, notify users,
Keep reading