The Act Now Training team is really looking forward to attending the 2022 IRMS Conference in Glasgow on Sunday.
The conference brings together IG professionals and industry suppliers, where they can share best practice and contemplate innovative ways of working. The programme will include a wide range of thought-provoking keynotes, real-life case studies and interactive discussions, reflecting on the events of the previous year with a focus on learning lessons and highlighting the positive developments and innovations that have emerged in the field of information governance. Our director Ibrahim Hasan will be speaking on a panel discussing “Training for the Future” and our associates, Lynn Wyeth and Scott Sammons, are also leading some interesting workshops.
Each year the IRMS recognises excellence in the field of information management with their prestigious Industry Awards. These highly sought-after awards are presented at a glittering ceremony at the annual Conference following the Gala Dinner. In 2021 Act Now won the Supplier of the Year award.
For 2022 Act Now has been nominated for the following awards:
Team of the Year
Supplier of the Year
Innovation of the Year
If you are attending the conference, be sure to come to our exhibitor stand in the Information Market to say hello.
Act Now is delighted to announce that we will be exhibiting at the PrivSec London conference on the 4th and 5th of February 2020.
This conference will bring together privacy and security professionals from around the globe to address industry issues, challenges and opportunities. It will explore the inextricable link between data privacy and data security, providing attendees with access to first-rate content presented by a line-up of international experts. The five theatres at the event will feature talks on Data Protection, GDPR, privacy, security, governance and risk management.
We have 7 free delegate places to give away (worth £474 each).
If you would like a place, please get in touch using the contact form on our website. We will add your name to the draw which will take place on Tuesday 7th January at 11am. The winners will be announced shortly afterwards on our blog.
Act Now is in full conference mode at present. On 10th December our team were at DIGIT’s 3rd annual Data Protection Summit billed as “Scotland’s largest Data Protection and Privacy event for business”. The programme contextualised the changing Data Protection landscape, considering the business impact of the GDPR and DPA 2018 and how it is shaping policy and process in practice. The conference is run with assistance from the ICO, ScotlandIS and DMA. The conference was a huge success and our GDPR E-LEARNING stole the show. Follow this link to see a short demo.
In April, Ibrahim Hasan will travel to Las Vegas to address the 21st Annual NAPCP Commercial Card and Payment Conference. Ibrahim will be talking about the California Consumer Privacy Act (CCPA) which comes into force on 1st January 2020. It is sometimes known as the US equivalent of the General Data Protection Regulation (GDPR), and provides broader rights to consumers and stricter compliance requirements for businesses than any other state or federal privacy law.
If you are attending any of these conferences, come and say hello (and pick up a freebie!)
CCPA’s impact will not just be felt by California based businesses but businesses worldwide who process personal data about Californian consumers who will need to consider their privacy practices. With 40 million Californian residents, making up 12 percent of the US population, it is likely that most big business wherever they are based will have to comply with the CCPA.
Like GDPR, CCPA is about giving people control over how their personal data is used by organisations. It requires transparency about how personal data is collected, used and shared. It gives Californian consumers various rights including the right to:
Know and access the personal being collected about them
Know whether their personal data is being sold, and to whom
Opt out of having their personal data sold
Have their personal data deleted upon request
Avoid discrimination for exercising their rights
CCPA also includes a breach notification requirement like GDPR. A security breach involving personal data, must be notified to each individual it affects. It does not matter if the data is maintained in or outside of California.
Fines and Enforcement
Fines for breaches of CCPA include:
$2,500 for unintentional and $7,500 for intentional violations of the Act. Legal action must be brought by the California Attorney General.
$100-$750 per incident, per consumer- or actual damages, if higher – for damage caused by a data breach. Legal action may be brought by consumers.
A business shall only be in breach of the CCPA if it fails to cure any alleged violation within 30 days after being notified of the same.
While these fines may appear relatively low, it is important to keep in mind they are per violation. It is not uncommon for a privacy incident to affect thousands or tens of thousands of consumers, in which case these fines could reach the hundreds of thousands or millions of dollars.
A Federal Privacy Law?
CCPA represents the first real, comprehensive privacy legislation in the U.S. It will, no doubt, form the foundation for other state privacy regulations in the future, and quite possibly a U.S federal privacy regulation. Nevada residents also now have more control over how their personal information is used. Senate Bill 220 went into law recently, giving consumers more ability to keep websites from selling their information to third-party firms. Proactive businesses are already considering CCPA as a de facto US privacy law. Recently Microsoft announced that it will apply the main CCPA rights to all its customers in the U.S.
CCPA will not just have a big impact on US businesses. UK and EU companies doing business in the States also need to understand it provisions and implications. Ibrahim Hasan will be speaking about this topic when he addresses the NAPCP Commercial Card and Payment Conference in Las Vegas in April 2020.
CCPA and GDPR
CCPA is often compared to the GDPR. Both laws give individuals rights to access and delete their personal information, require transparency about information use and necessitate contracts between businesses and their service providers. In some respects, however, the CCPA does not go as far as GDPR. For example, it does not require businesses to have a legal basis for processing personal data (Article 6 of GDPR), there are no restrictions on international transfers and no requirement to appoint a data protection officer. To learn more about the differences, have a look at this comparison chart produced by BakerHostetler LLP.
NEW CCPA Workshops
Our forthcoming CCPA workshops (in the UK and US) will cover the main obligations and rights in CCPA and practical steps to compliance. They are ideal for data protection officers and advisers in UK and US businesses.
Act Now is pleased to announce the winners of the 5 free delegate tickets for the European Data Protection Summit taking place in Manchester on 13th and 14th November 2019. We are sponsoring this two day event which will deliver top-level strategic content, insights, networking, and discussion around data protection, privacy and security. In addition to leading content, tickets will include refreshments, lunch and access to exclusive post-event content.
Jamie Burton of Wythenshawe Community Housing Group
Kathy Fleming of The Lead Agency
Sam License of National Institute for Health and Care Excellence
Matt Stephenson of University of Bradford
Jacqueline Gillanders of HEFSTIS
All the winners will receive an e mail giving details of how they can book their free place.
Thank you to all of those who expressed an interest.