On January 29 the California legislature introduced the California Children’s Data Privacy Act (AB 1949) in what appears to be the first bill proposed to amend the California Consumer Privacy Act (CCPA) since passage of...more
On October 30, 2023, President Biden signed the 53-page Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence that significantly advances the United States' policy framework...more
11/17/2023
/ Algorithms ,
Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Equity ,
Executive Orders ,
Innovative Technology ,
Machine Learning ,
National Security ,
OMB ,
Popular ,
Regulatory Agenda ,
Regulatory Oversight
On September 15, 2022 California Governor Gavin Newsom signed the California Age-Appropriate Design Code Act (CAADCA) into law. The CAADCA takes effect July 1, 2024, and brings vast changes to the online compliance landscape...more
The European Commission adopted new versions of the Standard Contractual Clauses (SCCs) on June 4, 2021. The new SCCs finally replace the original SCCs adopted under the 1998 European Data Protection Directive (DPD) and did...more
7/6/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK Data Protection Act
While the world anxiously awaited the results of the November 2020 U.S. federal elections, California silently passed California Proposition 24, the California Privacy Rights Act (CPRA). Labeled on the ballot simply as...more
11/13/2020
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Data Mapping ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Policies and Procedures ,
Safe Harbors ,
Sensitive Personal Information
On August 14, 2018, the Brazilian government approved the Brazilian General Data Protection Law, known as the Lei Geral de Proteção de Dados Pessoais (“LGPD”). Enforcement was set to begin on August 15, 2020 but then, due to...more
9/11/2020
/ Binding Corporate Rules ,
Brazil ,
Certifications ,
Coronavirus/COVID-19 ,
Data Protection ,
Data Protection Officers (DPOs) ,
Economic Sanctions ,
EU ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Noncompliance ,
Penalties ,
Personal Data
On July 16, 2020, the Court of Justice of the European Union (CJEU) issued its anxiously-awaited judgment in the Schrems II case. The CJEU’s decision upheld the Standard Contractual Clauses (SCCs) but, somewhat surprisingly,...more
7/21/2020
/ Court of Justice of the European Union (CJEU) ,
Data Collection ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
Executive Orders ,
Federal Trade Commission (FTC) ,
FISA ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
The California Attorney General Xavier Bacerra submitted the final proposed regulations (the “Regulations”) under the California Consumer Privacy Act of 2018 (“CCPA”) to the California Office of Administrative Law (“OAL”) on...more
As industry continues to adapt to the evolving realities of shelter-in-place orders, companies face challenges in supporting an unprecedented remote workforce while balancing compliance with a variety of regulatory agencies....more
4/9/2020
/ Business Interruption ,
California Consumer Privacy Act (CCPA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Regulatory Standards ,
Remote Working ,
Small Business ,
State of Emergency
New York State has enacted S5575, the Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”). This new law amends New York General Business Code 899-aa and adds Section 899-bb to significantly expand consumer...more
9/30/2019
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Personally Identifiable Information ,
SHIELD Act ,
State Attorneys General ,
State Data Breach Notification Statutes
On August 6, 2019, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) released ISO/IEC 27701 (ISO 27701), a privacy extension to ISO/IEC 27001 and ISO/IEC 27002...more
9/9/2019
/ California Consumer Privacy Act (CCPA) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Organization for Standardization ,
Personally Identifiable Information ,
Privacy Laws ,
Security and Privacy Controls
Since the referendum to leave the EU rocked the UK in 2016, commentators, privacy personnel, and corporate officers alike have been speculating as to how Brexit will affect Britain’s subjugation to the General Data Protection...more
5/22/2019
/ Binding Corporate Rules ,
Data Protection ,
EU ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
No-Deal Brexit ,
Personal Data ,
Privacy Laws ,
Standard Contractual Clauses ,
Third Country Entities (TCEs) ,
UK ,
UK Brexit ,
Withdrawal Agreement
Since the referendum to leave the EU rocked the UK in 2016, commentators, privacy personnel, and corporate officers alike have been speculating as to how Brexit will affect Britain’s subjugation to the General Data Protection...more
5/21/2019
/ Automotive Industry ,
Binding Corporate Rules ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Standard Contractual Clauses ,
Third Country Entities (TCEs) ,
UK ,
UK Brexit ,
UK Data Protection Act
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
The New York State Department of Financial Services (DFS) made headlines back in late September with a “first-in-the-nation” piece of legislation aimed at mandating specific cybersecurity protocols for banks, insurance...more
12/3/2016
/ Banks ,
Board of Directors ,
Brokers ,
Chief Information Security Officer (CISO) ,
Covered Entities ,
Credit Unions ,
Cybersecurity ,
Data Protection ,
Department of Financial Services ,
Financial Institutions ,
Incident Response Plans ,
Insurance Industry ,
Mortgage Lenders
This past Friday the 13th was not a lucky day for the Federal Trade Commission (FTC). An Administrative Law Judge (ALJ) dismissed the FTC’s data security enforcement proceeding against LabMD on the grounds that the FTC failed...more
On October 6, 2015, California Governor Jerry Brown signed into law several changes to California’s Data Breach Notification Statute. The law, as amended, adds additional categories of information into the definition of...more
10/12/2015
/ Breach Notification Rule ,
Consent ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
Governor Brown ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Third-Party ,
Websites
Not coincidentally, on July 21, 2015, Wired Magazine published an article with groundbreaking evidence of hacking a car wirelessly, and Senators Edward Markey (D-Mass.) and Richard Blumenthal (D-Conn.) introduced legislation...more
7/24/2015
/ Automotive Industry ,
Cloud Computing ,
Cyber Attacks ,
Cybersecurity ,
Dashboard ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Federal Trade Commission (FTC) ,
Hackers ,
Internet of Things ,
NHTSA ,
Personally Identifiable Information ,
Proposed Legislation ,
Safety Standards ,
Transparency ,
Wireless Technology
Yesterday, May 1, was a big day for privacy in the news. The White House issued 2 reports on the privacy implications of Big Data, and the Florida legislature overhauled the state’s security breach notification law,...more