In December 2023, European Union (EU) lawmakers reached an agreement on the EU AI Act. In our article titled An Introduction to the EU AI Act, we focused on applicability, thresholds, timing, and penalties related to the EU...more
4/19/2024
/ Artificial Intelligence ,
Cybersecurity ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Machine Learning ,
Regulatory Oversight ,
Reporting Requirements ,
Risk Management ,
Risk-Based Approaches ,
Technology Sector
On December 8, 2023, European Union (EU) lawmakers reached an agreement on the EU’s AI Act. The EU AI Act has many similar themes to the EU’s General Data Protection Regulation (GDPR) and reflects a big step forward in the...more
1/25/2024
/ Artificial Intelligence ,
Biometric Information ,
Critical Infrastructure Sectors ,
EU ,
Fines ,
General Data Protection Regulation (GDPR) ,
Governance Standards ,
New Legislation ,
Noncompliance ,
Risk Management ,
Threshold Requirements
Startups face unique challenges that can impact their success and sustainability. Obstacles such as financial constraints (inadequate funding or limited cash flow) and resource constraints often result in small teams having...more
10/17/2023
/ Compliance ,
Data Collection ,
Data Privacy ,
Data Protection Impact Assessments (DPIAs) ,
Data Storage ,
Databases ,
Due Diligence ,
General Data Protection Regulation (GDPR) ,
Personal Information ,
Popular ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management ,
Risk Mitigation ,
Software ,
Startups ,
Sustainability
The collection of personal data by organizations in the sports industry creates unique data privacy challenges. Generally, a business-to-consumer organization is focused on the personal data of its customers and separately...more
3/15/2023
/ California Privacy Rights Act (CPRA) ,
Collective Bargaining Agreements (CBA) ,
Compliance ,
Data Collection ,
Data Privacy ,
Data Protection Impact Assessments (DPIAs) ,
EU ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Revenue ,
Risk Management ,
Sports
As data privacy regulatory obligations continue to expand, more and more organizations are integrating privacy centers within their public-facing websites. Privacy Centers are portals embedded within the organizations’...more
The latest proposed Federal Privacy Law, titled the American Data Privacy and Protection Act (“ADPPA”), continues to gain momentum and in late July 2022, the House Committee on Energy and Commerce voted to advance the bill to...more
7/28/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Corrective Actions ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Data Privacy ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Notification Requirements ,
Policies and Procedures ,
Privacy Laws ,
Privacy Policy ,
Proposed Legislation
This is the first of a multi-article series focused on privacy impact assessments. This first article provides an overview of privacy impact assessments, the existing and pending privacy laws which require privacy impact...more
The National Institute of Standards and Technology (NIST) Privacy Framework, published in January 2020, is quickly becoming the mainstream control set for organizations to align with when assessing their data privacy posture,...more
A new trend in privacy and cybersecurity laws is the introduction of safe harbor clauses for aligning data protection controls to recognized data privacy and cybersecurity frameworks.
OHIO HB376: In July 2021, Ohio...more
8/4/2021
/ California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
Popular ,
Privacy Laws ,
Proposed Legislation ,
Safe Harbors
Authors: David Manek, Joe Shepley and Mark Melnychenko The California Privacy Rights Act (CPRA) which goes live January 1, 2023 introduces data retention and deletion requirements very similar to those that we see in the...more
7/20/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Data Deletion ,
Data Storage ,
Disclosure Requirements ,
General Data Protection Regulation (GDPR) ,
Governance Standards ,
Personal Data ,
Risk Management ,
Rulemaking Process ,
Sensitive Personal Information
Organizations are becoming increasingly reliant on external parties to manage parts of their business. The centralized knowledge, expertise, and economies of scale that third parties provide enables organizations to focus...more
7/5/2021
/ Anti-Bribery ,
California Consumer Privacy Act (CCPA) ,
Collaboration ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Due Diligence ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
NYDFS ,
Risk Management ,
Software ,
Third-Party Risk ,
Transparency ,
Vendors
The Virginia Consumer Data Protection Act (CDPA) overwhelmingly passed both legislative chambers this month and is expected to be signed by the Governor in the coming weeks with an effective date of January 1, 2023. Best...more
6/28/2021
/ Adtech ,
California Consumer Privacy Act (CCPA) ,
CDPA ,
Cookies ,
COPPA ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Personal Data ,
Popular ,
Privacy Laws ,
Sensitive Personal Information ,
Third-Party Service Provider ,
Virginia
After much anticipation, the European Commission has published new Standard Contractual Clauses (SCCs). Under the General Data Protection Regulation (GDPR), when personal data of individuals in the European Economic Area...more
6/14/2021
/ Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
National Security ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Organizations are closely tracking which of their vendors previously relied on Privacy Shield. Separately, they are preparing Transfer Impact Assessments (“TIAs”) to evaluate and address risks associated with personal data...more
6/1/2021
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
FISA ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Mitigation ,
Schrems I & Schrems II ,
Standard Contractual Clauses
A data inventory is the fundamental building block for an effective privacy program. In its simplest form, a data inventory can be thought of as a matrix which documents 1) what personal data is being collected by the...more
5/27/2021
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Retention ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Governance ,
Popular