As the California Privacy Rights Act (CPRA) comes into effect on January 1, 2023, the temporary and partial exceptions for employment and business-to-business information will expire, making California the first and only...more
On August 24, 2022, California Attorney General Rob Bonta announced a settlement with Sephora, Inc. that included a fine of $1.2 million for alleged violations of the California Consumer Privacy Act (CCPA). The settlement is...more
8/26/2022
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Customer-Loyalty Programs ,
Data Collection ,
Data Sellers ,
Do Not Sell ,
Enforcement Actions ,
Opt-Outs ,
Personal Information ,
State Attorneys General
The Federal Trade Commission (FTC) accepted a proposed consent agreement earlier this week that includes payment of $500,000 for consumer redress from CafePress, an online platform allowing consumers to purchase customized...more
On February 22, 2022, U.S. Department of Homeland Security Secretary Alejandro Mayorkas warned critical infrastructure organizations located in the United States of possible cyberattacks by Russian state-sponsored actors in...more
Across the country, companies have been grappling with website accessibility challenges filed by serial plaintiffs alleging the company’s website is not fully accessible to individuals with disabilities. The complaints...more
The European Commission adopted new versions of the Standard Contractual Clauses (SCCs) on June 4, 2021. The new SCCs finally replace the original SCCs adopted under the 1998 European Data Protection Directive (DPD) and did...more
7/6/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK Data Protection Act
On Friday morning, the Supreme Court issued its eagerly awaited opinion in TransUnion LLC v. Ramirez (No. 20-297). Justice Kavanaugh delivered the opinion of the Court, with which four Justices concurred; Justices Thomas,...more
6/29/2021
/ Article III ,
Class Action ,
Class Members ,
Credit Reporting Agencies ,
Credit Reports ,
Fair Credit Reporting Act (FCRA) ,
Injury-in-Fact ,
SCOTUS ,
Standing ,
TransUnion ,
TransUnion LLC v Ramirez
On June 2, 2021, Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology, published a rare open letter to the corporate executives and business leaders of...more
6/14/2021
/ Corporate Executives ,
Cybersecurity ,
Department of Justice (DOJ) ,
Economic Sanctions ,
Embargo ,
Executive Orders ,
Hackers ,
International Emergency Economic Powers Act (IEEPA) ,
Joe Biden ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
TWEA
On June 3, 2021, the U.S. Supreme Court significantly narrowed the scope of the Computer Fraud and Abuse Act (CFAA) in Van Buren v. United States. In this closely watched case, the Court decided when a person “exceeds...more
While the world anxiously awaited the results of the November 2020 U.S. federal elections, California silently passed California Proposition 24, the California Privacy Rights Act (CPRA). Labeled on the ballot simply as...more
11/13/2020
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Data Mapping ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Policies and Procedures ,
Safe Harbors ,
Sensitive Personal Information
On October 28, 2020, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) issued a joint warning that they...more
10/30/2020
/ Coronavirus/COVID-19 ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Health and Human Services (HHS) ,
FBI ,
Germany ,
Health Care Providers ,
Hospitals ,
New Guidance ,
Pennsylvania ,
Ransomware
On July 16, 2020, the Court of Justice of the European Union (CJEU) issued its anxiously-awaited judgment in the Schrems II case. The CJEU’s decision upheld the Standard Contractual Clauses (SCCs) but, somewhat surprisingly,...more
7/21/2020
/ Court of Justice of the European Union (CJEU) ,
Data Collection ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
Executive Orders ,
Federal Trade Commission (FTC) ,
FISA ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
New privacy challenges await California businesses as they begin to develop plans to reopen after more than two months of lockdown due to the COVID-19 pandemic. Most businesses are required to fill out a county-specific safe...more
As industry continues to adapt to the evolving realities of shelter-in-place orders, companies face challenges in supporting an unprecedented remote workforce while balancing compliance with a variety of regulatory agencies....more
5/4/2020
/ CARES Act ,
Centers for Disease Control and Prevention (CDC) ,
Centers for Medicare & Medicaid Services (CMS) ,
Consumer Financial Protection Bureau (CFPB) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Popular ,
Safe Harbors ,
World Health Organization
On March 19, 2020, California Governor Gavin Newsom issued an Executive Order requiring Californians to “stay at home or at their place of residence” until further notice except as needed to maintain continuity of 16...more
4/30/2020
/ Banks ,
Coronavirus/COVID-19 ,
Gas Stations ,
Governor Newsom ,
Grocery Stores ,
Hardware ,
Healthcare ,
Home Healthcare Workers ,
Non-Essential Businesses ,
Pharmacies ,
Real Estate Transactions ,
Shelter-In-Place ,
Social Distancing
On March 19, 2020, the European Data Protection Board (EDPB) adopted a statement on the processing of personal data in the context of the COVID-19 outbreak. The EDPB made it clear that while the EU’s General Data Protection...more
As industry continues to adapt to the evolving realities of shelter-in-place orders, companies face challenges in supporting an unprecedented remote workforce while balancing compliance with a variety of regulatory agencies....more
4/9/2020
/ Business Interruption ,
California Consumer Privacy Act (CCPA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Regulatory Standards ,
Remote Working ,
Small Business ,
State of Emergency
On March 19, 2020, California Governor Gavin Newsom issued an Executive Order requiring Californians to “stay at home or at their place of residence” until further notice except as needed to maintain continuity of 16...more
As the coronavirus outbreak continues to wreak havoc on markets and industries in the U.S. and around the world, businesses are now confronting significant and unique challenges. Successful navigation of these challenges...more
Beginning with the California Online Privacy Protection Act (CalOPPA) in 2004, California has led the U.S. in adopting laws to protect the privacy of its residents. California continued this trend by enacting the California...more
...On April 4, 2019, California Assembly Member Wicks proposed sweeping changes to bill AB 1760, effectively repealing the California Consumer Privacy Act of 2018 (CCPA) and replacing it with the Privacy for All Act of 2019...more
4/11/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Disclosure Requirements ,
Opt-In ,
Personal Data ,
Private Right of Action ,
Proposed Amendments ,
Regulatory Oversight ,
Right to Be Forgotten ,
Third-Party Service Provider
...On June 28, 2018, California passed AB 375, the California Consumer Privacy Act of 2018 (CCPA), which will become effective January 1, 2020. Introduced just a week earlier in an effort to defeat a much stricter...more
7/3/2018
/ Consumer Protection Laws ,
Cybersecurity ,
Data Collection ,
General Data Protection Regulation (GDPR) ,
Governor Brown ,
New Legislation ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Portability ,
Right to Be Forgotten ,
State and Local Government
On February 28, 2018, Ethan P. Davis, the Deputy Assistant Attorney General for the Consumer Protection Branch, addressed the life sciences community regarding off-label promotion. In his remarks, Deputy Assistant Attorney...more
3/6/2018
/ Anti-Kickback Statute ,
Attorney General ,
CGMP ,
Department of Justice (DOJ) ,
Enforcement Guidance ,
Food and Drug Administration (FDA) ,
Life Sciences ,
Misleading Statements ,
Off-Label Promotion ,
Opioid ,
Pharmaceutical Industry ,
REMS
The data breach at the U.S. Office of Personnel Management was one of the most serious and possibly one of the top ten largest data breaches of the 21st century, compromising background investigation records for some 22...more
12/5/2017
/ Article III ,
Clapper v. Amnesty International ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Debit and Credit Card Transactions ,
FISA ,
Identity Theft ,
Office of Personnel Management (OPM) ,
Personally Identifiable Information ,
Retailers
In a ruling that is likely to have significant impact on privacy litigation, the Ninth Circuit determined on Tuesday that a plaintiff’s claim that the Fair Credit Reporting Act (FCRA) had been violated was sufficient “injury”...more