On September 13, 2024, the Colorado Attorney General’s (AG) Office published proposed draft amendments to the Colorado Privacy Act (CPA) Rules. The proposals include new requirements related to biometric collection and use...more
On January 8, 2024, the New Jersey legislature passed the New Jersey Data Privacy Act (NJDPA). The bill, SB 332, will soon head to Governor Phil Murphy’s desk for signing. Assuming the bill is signed quickly, it will go into...more
Data governance is a mission-critical issue for every company and institution in the United States.
GCs face a host of pressing cybersecurity concerns. Triaging them requires time, attention, and a well-rounded strategy...more
8/18/2023
/ Cookies ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Healthcare ,
Legislative Agendas ,
Mobile Apps ,
New Legislation ,
New Rules ,
OCR ,
Personal Information ,
Regulatory Agenda ,
Risk Factors ,
Risk Management ,
State Privacy Laws ,
Technology Sector ,
Tracking Systems
On July 10, 2023, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework (DPF). The decision concluded that the United States does ensure an adequate level of protection for transferring...more
7/14/2023
/ Data Privacy ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
SCC ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
During this session, the panel discussed strategies and business considerations when addressing compliance with the wide array of data protection and privacy laws and regulations across the United States and abroad. The panel...more
There has been a flurry of state privacy activity in the past week, with Colorado becoming the latest state to finalize sweeping data privacy rules and Iowa on the precipice of becoming the sixth state to enact comprehensive...more
We would not blame companies for feeling fatigued after the race to comply with the amended California Consumer Privacy Act (CCPA), the soon-to-be finalized CCPA regulations and the new Virginia Consumer Data Protection Act...more
Since Schrems II invalidated the US/EU Privacy Shield, the flow of personal data from the European Union to the United States has been subject to intense regulatory scrutiny. Companies transferring personal data to the United...more
On September 30, 2022, the Colorado Attorney General’s Office (the AG’s Office) released draft regulations to the Colorado Privacy Act (the CPA). Before these proposed regulations take effect, however, there will be a lengthy...more
10/4/2022
/ Appeals ,
Automation Systems ,
Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Colorado ,
Consent ,
Corporate Counsel ,
Customer-Loyalty Programs ,
Data Protection ,
Data Rights ,
Disclosure Requirements ,
Opt-Outs ,
Privacy Acts ,
Privacy Policy ,
Proposed Regulation ,
Public Comment ,
State Attorneys General
California, Virginia and Colorado have new privacy laws coming into effect in 2023. But now is the time to start preparing your business or organization for compliance.
In this video series, we examine the different aspects...more
2/1/2022
/ Business Associates ,
California Privacy Rights Act (CPRA) ,
Covered Entities ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Exemptions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
PHI ,
Privacy Acts ,
Privacy Laws ,
State Privacy Laws
On July 7, 2021, Colorado Governor Jared Polis signed the Colorado Privacy Act (CPA) into law, the latest in the recent wave of state privacy legislation but unlikely to be the last. The CPA will take effect July 1, 2023, six...more
The regulation of cookies and similar tracking technologies is rapidly evolving, not only in the European Union and United Kingdom but also in the United States and globally. If you have visited a website recently, you might...more
5/10/2021
/ Cookies ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
e-Privacy Directive ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Member State ,
Popular ,
Privacy Laws ,
Risk Mitigation ,
UK ,
Webinars ,
Websites
Virginia’s Consumer Data Protection Act (CDPA) is expected to be signed into law by Governor Ralph Northam and will be the second comprehensive state data privacy law in the United States after the California Consumer Privacy...more
2/24/2021
/ Business Entities ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Data Protection ,
Governor Northam ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Privacy Laws ,
Proposed Legislation ,
Regulatory Oversight ,
State and Local Government ,
State Legislatures
Effective as of January 1, 2020, the California Consumer Privacy Act (CCPA) gives broad rights to people on their personal data in the custody of companies. This focus on data rights significantly raises the compliance burden...more
1/16/2020
/ Automation Systems ,
Best Practices ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Consent ,
Consumer Privacy Rights ,
Continuing Legal Education ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Subject Access Requests ,
Data Subjects Rights ,
Discovery ,
Events ,
Information Security ,
Information Technology ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Requirements ,
Risk Assessment ,
Vendor Contacts ,
Vendors
Effective as of January 1, 2020, the California Consumer Privacy Act (CCPA) gives broad rights to people on their personal data in the custody of companies. This focus on data rights significantly raises the compliance burden...more
1/14/2020
/ Automation Systems ,
Best Practices ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Consent ,
Consumer Privacy Rights ,
Continuing Legal Education ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Subject Access Requests ,
Data Subjects Rights ,
Discovery ,
Events ,
Information Security ,
Information Technology ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Requirements ,
Risk Assessment ,
Vendor Contacts ,
Vendors
On October 10, 2019, the California Attorney General released proposed regulations to implement the California Consumer Privacy Act (CCPA), including substantial new requirements not included in the CCPA. Here we offer a...more
10/15/2019
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Notice Requirements ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Requirements ,
State Attorneys General
The General Data Protection Regulation (GDPR) was the biggest story of 2018 in the field of global privacy and data protection. The GDPR became enforceable in European Union Member States on May 25, 2018, significantly...more
California’s Senate and Assembly unanimously approved AB 375 (also known as the California Consumer Privacy Act of 2018), on June 28, 2018. This new consumer privacy bill will be the most progressive and comprehensive privacy...more
The European Commission recently determined that the Privacy Shield Framework is adequate to legitimize data transfers under EU law, providing a replacement for the Safe Harbor program. The Privacy Shield is designed to...more
8/31/2016
/ Binding Corporate Rules ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Model Clauses ,
Notice Requirements ,
Personal Data ,
Private Right of Action ,
Self-Certification ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
The Judicial Redress Act of 2015 (H.R. 1428) (Judicial Redress Act) is on its way to the U.S. Senate. On October 20th, the U.S. House of Representatives voted in favor of passage.
The Judicial Redress Act extends...more
10/23/2015
/ Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
Information Sharing ,
International Data Transfers ,
Judicial Redress Act ,
Law Enforcement ,
Pending Legislation ,
Personal Data ,
Privacy Legislation ,
US-EU Safe Harbor Framework
Law enforcement requests for electronic information, particularly from technology companies such as Google and Twitter, have skyrocketed in recent years. In response, several states—Maine and Texas in 2013, Utah in 2014 and...more
10/13/2015
/ Cloud Computing ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Communications ,
ECPA ,
Electronic Communications ,
Electronic Devices ,
Electronically Stored Information ,
Email ,
Internet Service Providers (ISPs) ,
Invasion of Privacy ,
Law Enforcement ,
Location Data ,
Metadata ,
Mobile Devices ,
New Legislation ,
Search Warrant ,
Text Messages ,
Third-Party Service Provider
Data security breaches affecting large segments of the U.S. population continue to dominate the news. Over the past few years, there has been considerable confusion among employers with group health plans regarding the...more
In This Issue:
- The President’s Plan for Securing Cyberspace
- The President’s Plan for Safeguarding American Consumers and Families
- Conclusion
- Excerpt from The President’s Plan for Securing...more
The National Institute of Standards and Technology (NIST) recently released an update on its Framework for Improving Critical Infrastructure Cybersecurity (The Framework). The Framework was first issued in February 2014 as a...more
In 2014, regulators around the globe issued guidelines, legislation and penalties in an effort to enhance security and control within the ever-shifting field of privacy and data protection. The Federal Trade Commission...more
12/11/2014
/ Africa ,
Anti-Spam Legislation ,
Canada ,
China ,
Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
Federal Trade Commission (FTC) ,
Latin America ,
Legislative Agendas