On July 29, 2024, the FTC’s revised Health Breach Notification Rule (HBNR) takes effect. The Rule requires vendors of personal health records (PHRs) and related entities not covered by HIPAA to notify individuals, the FTC,...more
The year ahead promises to be busy on the state privacy front. As we’ve covered on this blog, states are continuing to fill the gap at the federal level by implementing comprehensive state laws that guarantee consumer privacy...more
If you follow our blog, you already know that there have been a number of significant developments in the world of advertising law over the past 12 months. In this post, we highlight ten of those developments and consider...more
Google updated its privacy terms earlier this month, shifting away from offering many of its advertising services on a “service provider” basis. With the change, Google states that its Customer Match, Audience Partner API,...more
On Friday June 3, a bipartisan group of leaders from key House and Senate committees released a new “discussion draft” bill to establish nationwide standards for consumer privacy. The proposal (the American Data Privacy and...more
On Friday May 27, 2022, the California Privacy Protection Agency (CPPA) Board announced its next public meeting will be on June 8, 2022. The announcement simply stated the date of the meeting, that there are “some discussion...more
In guidance released last week, the New York State Office of the Attorney General urged businesses to incorporate safeguards to detect and prevent credential-stuffing attacks in their data security programs. The guidance...more
As of September 27, 2021, the European Commission requires controllers and processors to rely on the recently updated Standard Contractual Clauses (SCCs) for any new contracts governing personal data transfers from the EEA....more
9/30/2021
/ Data Controller ,
Data Protection ,
EU ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Last year’s voter guide to California Proposition 24, the California Privacy Rights Act (CPRA), included a stark argument against enacting the privacy ballot initiative because it did not go far enough to protect employee...more
6/21/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Employer Liability Issues ,
Hiring & Firing ,
Job Applicants ,
Personal Information ,
Popular
The CCPA grants the California Attorney General (AG) the authority to enforce the CCPA starting on July 1, 2020. Last month, the AG confirmed no intention to delay that enforcement date due to the COVID-19 pandemic, despite...more
On Wednesday, the California Attorney General (AG) released a third draft of proposed CCPA regulations for public comment. The draft contains a series of technical corrections, along with a handful of substantive incremental...more
3/12/2020
/ Attorney General ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Popular ,
Privacy Laws ,
Proposed Regulation
In exactly two months, the California Consumer Privacy Act (CCPA) takes effect. Many businesses are devoting resources to timely comply, but between the late rollout of the Attorney General’s draft regulations, recent...more
11/1/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Popular ,
Privacy Laws ,
Private Right of Action
Last week, the California legislature voted to send five amendments to the CCPA to the California governor’s desk. The amendments include a one-year exemption for access and deletion rights to employee data and B2B...more
9/16/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Popular ,
Privacy Laws ,
Right to Delete
The Danish and Polish data protection authorities issued their first GDPR fines last month. The cases serve as indicators of the kinds of technical violations enforcement officials are looking to deter as they police the EU’s...more