On March 2, 2021, Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law. This made Virginia the second state to enact a consumer privacy and data security law, and follows hot the heels of...more
On April 21, 2021, the European Commission released a highly-anticipated proposal for a regulation governing artificial intelligence (AI). The proposal has been drafted by the Commission and its advisers, and plays a central...more
5/11/2021
/ Artificial Intelligence ,
Data Protection ,
Data Security ,
Enforcement ,
EU ,
European Commission ,
Facial Recognition Technology ,
Proposed Regulation ,
Registration Requirement ,
Regulatory Oversight ,
Transparency
On 12 March 2021, the United Nations Open-ended Working Group (“OEWG”), established by General Assembly Resolution 73/27 and consisting of all United Nations Member States, adopted by consensus its Final Substantive Report on...more
January 28 is Data Privacy Day, and on this 14th annual Data Privacy Day, I find myself reflecting on the question of data ethics.
Far from being an academic concept, “data ethics” presents a model for data management...more
Last week saw major innovations in the law of data transfer from the European Economic Area (EEA) to other countries, including the United States. This alert covers one of them: new guidelines from the European Data...more
On July 16, 2020, the European Court of Justice issued one of its most important decisions on data privacy law (Schrems II), holding that the EU-US Privacy Shield is no longer a viable mechanism for EU-US data transfers under...more
7/17/2020
/ Corporate Counsel ,
Data Privacy ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
National Security ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
What do businesses need to do to comply with privacy and data security laws? The first place to look is to relevant statutes. If you store or process the personal information of Massachusetts residents, then you will at...more
5/4/2020
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Enforcement ,
Equifax ,
Personal Information ,
Popular ,
Privacy Laws ,
State and Local Government ,
WISP
Businesses scrambling to move their workforces into remote environments are rightly concerned about the smooth and productive flow of information, including question about whether there will be any government support for...more
That sixth sense you have that someone is listening – could it be your smart speaker? There’s a chance the answer is yes, even when you don’t ask it to. A new study from Northeastern University finds that smart speakers...more
2/21/2020
/ Audio Recording ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Connected Items ,
Data Collection ,
General Data Protection Regulation (GDPR) ,
Internet of Things ,
Personal Data ,
Personal Information ,
Privacy Policy ,
Smart Devices ,
Technology Sector
On Friday, February 7, 2020, California’s Attorney General’s Office released revisions to the proposed regulations (the “Modified Draft Regulations”) for the California Consumer Privacy Act (“CCPA”). The CCPA is a...more
The new decade has barely begun, and the world of privacy already seems set to change quickly. Here is a brief overview:
New Laws In Effect as of January 1 -
On January 1, 2020, new data breach notification requirements...more
1/14/2020
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Opt-Outs ,
State Data Breach Notification Statutes
Data scraping is a technique where information on one platform is exported onto another. The practice is widespread and is used for all sort of reasons, like market analysis or advertising. The kind of information located and...more
9/11/2019
/ Cease and Desist ,
Computer Fraud and Abuse Act (CFAA) ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Rights ,
Data Use Policies ,
LinkedIn ,
Notification Requirements ,
Online Platforms ,
Personal Information ,
Personally Identifiable Information ,
Public Information ,
Web Scraping ,
Websites
Shifting how businesses think about privacy.
Let’s stop thinking about privacy policies alone, and let’s start thinking about data governance plans.
For the ordinary business trying to generate revenue and minimize risk,...more
8/27/2019
/ Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Governance ,
Personal Data ,
Popular ,
Privacy Laws ,
Privacy Policy ,
Risk Management
If you are doing business in California, the way you handle personal data could soon change in significant ways. The California Consumer Privacy Act (“CCPA”) goes into effect on January 1, 2020, and the time to start...more
Imagine this scenario: you’ve had a productive and mutually advantageous ongoing contractual relationship of several years with another party. You have built up quite a bit of trust over the years, and communicate regularly...more
4/29/2019
/ Best Practices ,
Corporate Liability ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybertheft ,
Data Privacy ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Phishing Scams ,
Risk Mitigation ,
Wire Fraud ,
Wire Transfers
In 2018, privacy and data security crossed a number of thresholds. In the public mind, through high-profile data breaches and revelations about unexpected uses of personal information, questions of privacy became much more...more
4/26/2019
/ Attorney General ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Cryptocurrency ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Energy Sector ,
Enforcement Actions ,
FCC ,
FERC ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Political Advertising ,
Popular ,
Privacy Concerns ,
Securities and Exchange Commission (SEC)
You probably are employed by an organization that has a website privacy policy. I am. That’s because most organizations process personal information through their websites in some way, such as through online forms that ask...more
4/10/2019
/ Best Practices ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Use Policies ,
Personal Data ,
Privacy Policy ,
Risk Assessment ,
Risk Mitigation ,
Websites
The California Consumer Privacy Act of 2018 (the “CCPA”) was signed into law on June 28, 2018. Although it is a state law, it has national and international ramifications. ...more
The California Consumer Privacy Act of 2018 (the “CCPA”) was signed into law on June 28, 2018. Although it is a state law, it has national and international ramifications. Here are some key aspects to be aware of....more
The long-anticipated decision in LabMD v. FTC has finally arrived. The 11th Circuit held that the FTC’s cease-and-desist order against LabMD is unenforceable...more
On January 17, 2018, the Massachusetts Securities Division Enforcement Section filed a complaint against the company Caviar and its founder Kirill Bensonoff for violations of the Massachusetts Uniform Securities Act in...more
The worldwide WannaCry attack from May 2017 has been officially blamed on North Korea. In a press briefing publicly announcing the Administration’s declaration of North Korean culpability, the Department of Homeland Security...more
The end of net neutrality — for now — is big news, because it’s a big deal; there’s just no getting around the fact that the way consumers experience the internet is going to change. What are some of the practical...more
After repeated requests from various states, the Department of Homeland Security informed state governments which states had their election systems hacked or otherwise compromised during the 2016 general election. According...more
Kaspersky Lab, a Russian-owned cybersecurity company that sells anti-virus software and other kinds of IT systems security products, has been banned from use by the federal government. This latest development comes by way of...more