COVID-19, the California Consumer Privacy Act (CCPA) coming into force, and the invalidation of the EU-US Privacy Shield already made 2020 an especially active year for privacy and data security risks and obligations. Rounding out the year, December then brought discovery of the unprecedented Solarwinds cyberattack affecting government agencies, critical infrastructure entities and others. Thus, looking ahead, … Continue Reading
As the D.C. District Court in Wengui v. Clark Hill recently commented, “[m]alicious cyberattacks have unfortunately become a routine part of our modern digital world. So have the lawsuits that follow them….” The court’s decision in that case has added another data point to developing jurisprudence of the cyberattack landscape, specifically concerning the discoverability of post-breach … Continue Reading
Qualifying businesses have another year to complying with certain, major provisions of the CCPA. The CCPA, or the California Consumer Privacy Act of 2018, is a California law that gives California consumers, defined broadly to encompass all California residents, certain rights with respect to their personal information. Namely, it gives consumers the right to know … Continue Reading
On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated Decision 2016/1250 on the adequacy of the protection provided by the EU-US Privacy Shield, ruling, among other things, that U.S. domestic law governing law enforcement access to transferred data does not satisfy the GDPR’s requirements because, as the Court stated, U.S. … Continue Reading
On June 1, 2020, the California Attorney General’s office released the third and final set of CCPA proposed regulations (available here). Below, we provide information about the final proposed regulations and enforcement actions.… Continue Reading
In today’s world, cybersecurity breaches and threats are pervasive concerns for any business entity, without exception. Working from home arrangements due to COVID-19 constraints only magnify the risk and create further vulnerabilities for companies. Companies should be aware of (1) the key cyber threats they face, (2) the consequences of a breach, and (3) the … Continue Reading
On April 30, 2020, the French data protection authority, the CNIL, published a guidance surrounding considerations behind what it calls “commercial prospecting,” meaning scraping publicly available website data to obtain individuals’ contact info for purposes of selling such data to third parties for direct marketing purposes. The guidance is significant in two respects. First, it … Continue Reading
Privacy and cybersecurity remain top priorities for regulators and companies alike, as the threats posed by large-scale data breaches and other cyber incidents show no signs of waning. Companies and their counsel must monitor privacy and data security-related enforcement trends, new laws and regulations, and key emerging issues to mitigate risks and minimize potential liability. … Continue Reading
In the largest piece to come out of the FTC’s new focus on emerging technologies, the FTC Bureau of Consumer Protection issued new guidance on the use of artificial intelligence (“AI”) and algorithms. The guidance follows up on a 2018 hearing where the FTC explored AI, algorithms, and predicative analysis. As the FTC recognizes, these … Continue Reading
The developing coronavirus pandemic affects businesses and personnel within the state and elsewhere. With more New Yorkers working from home, there are more opportunities for cyberattacks through unsecure remote connections and the public concern growing each day. The New York SHIELD (“Stop Hacks and Improve Electronic Data Security”) Act was signed to law on July … Continue Reading
With the spread of the novel coronavirus (COVID-19), cybersecurity criminals and scammers are ramping up their efforts to target vulnerable employers and workforces. The FTC announced today that since January they have received more than 7,800 fraud complaints from consumers related to the COVID-19 pandemic. But the FTC isn’t slowing down either. Even with the … Continue Reading
On October 10, 2019, the California Attorney General, Xavier Becerra, announced at a press conference that his office has released proposed implementing regulations for the California Consumer Privacy Act (“CCPA”). The text of the proposed regulations is available here. As background, the CCPA is a California privacy law that seeks to give California consumers the … Continue Reading
Effective tomorrow, October 1, 2019, the existing Nevada Privacy of Information Collected on the Internet from Consumers Act will be amended to include a consumer right to opt out from the sale of personal information and to impose verification requirements on “Operators” covered by the law. The existing law requires such covered entities to post … Continue Reading
In an effort to give consumers more control over the data businesses collect from and about them, the California legislature passed the California Consumer Privacy Act (CCPA) in 2018 (and amended it a few months later). The CCPA gives consumers the right to know about and have deleted the data businesses have gathered about them, among … Continue Reading
Reflecting the movement to toughen data security laws on a state-by-state basis, on July 25, 2019, Governor Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act” or the “Act”). The Act amends New York State’s current data breach notification law, which covers breaches of certain personally-identifiable computerized data … Continue Reading
GDPR fines are seemingly like buses, you wait over a year for enforcement action by the UK’s data supervisory authority, the ICO, and then two come along at once – and with quite dramatic effect.… Continue Reading
Senate Bill 561’s smooth sail through the California legislature came to an end on Thursday, May 16. On the eve of the deadline for all fiscal committees to hear and report on the bills introduced in their house, the Senate Appropriations committee decided to hold the bill. Meaning, SB 561 will not pass out of … Continue Reading
In late March, the French Data Protection Authority, Commission Nationale de l’Informatique et des Libertés (“CNIL”) released a model regulation (the “Model Regulation”) governing the use of biometric access controls in the workplace. Unlike many items of personal information, biometric data (such as a person’s face or fingerprints) is unique and, if stolen or otherwise … Continue Reading
With less than a month to go until the UK is due to leave the EU (at 11pm GMT/12pm CET on 29 March 2019), there is still much uncertainty as to whether, and if so how, the UK will exit the EU (commonly dubbed “Brexit”). In light of this uncertainty we outline what will happen, … Continue Reading
California already has some of the strongest data privacy laws in the United States, but within the past week state legislators, with the backing of the California Attorney General Xavier Becerra, have proposed two new bills that would strengthen California’s data privacy laws even more. One bill (SB 561) would amend key sections of the … Continue Reading
The French Supreme Court sanctions a company for having produced complete employee pay slips in a litigation. It is not news that the rules of evidence and data privacy laws may be conflicting. A recent decision of the French Supreme Court[1] illustrates this tension and highlights the need for litigators to take into account data … Continue Reading
The California Consumer Privacy Act (CCPA) is a major new state law poised to affect the privacy landscape not just in California, but in the U.S. as a whole. (For a detailed overview of the CCPA, read our previous post.) On August 31, the California legislature passed several amendments to the CCPA that will have a … Continue Reading
This has been a big year in the data protection world, with the headline-grabbing General Data Protection Regulation (GDPR) occupying most of the spotlight with its plethora of privacy-related requirements and potential for high fines for violators. While companies (justifiably) may be focused on the GDPR at the moment, it’s also important to keep an … Continue Reading
The General Data Protection Regulation (GDPR) comes into force across the European Union (EU) on 25 May 2018. It will have an impact on EU fund managers and may have an impact on non-EU fund managers depending on their operations. Below are FAQs to help EU and non-EU fund managers determine the extent to which the … Continue Reading
This website uses third party cookies, over which we have no control. To deactivate the use of third party advertising cookies, you should alter the settings in your browser.