The National Institute of Standards and Technology (NIST) Privacy Framework, published in January 2020, is quickly becoming the mainstream control set for organizations to align with when assessing their data privacy posture,...more
On July 19, 2021, the California Attorney General announced the launch of a new online Consumer Privacy Interactive Tool which allows consumers to directly notify businesses of potential noncompliance that do not have a “Do...more
A new trend in privacy and cybersecurity laws is the introduction of safe harbor clauses for aligning data protection controls to recognized data privacy and cybersecurity frameworks.
OHIO HB376: In July 2021, Ohio...more
8/4/2021
/ California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
Popular ,
Privacy Laws ,
Proposed Legislation ,
Safe Harbors
Authors: David Manek, Joe Shepley and Mark Melnychenko The California Privacy Rights Act (CPRA) which goes live January 1, 2023 introduces data retention and deletion requirements very similar to those that we see in the...more
7/20/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Data Deletion ,
Data Storage ,
Disclosure Requirements ,
General Data Protection Regulation (GDPR) ,
Governance Standards ,
Personal Data ,
Risk Management ,
Rulemaking Process ,
Sensitive Personal Information
Organizations are becoming increasingly reliant on external parties to manage parts of their business. The centralized knowledge, expertise, and economies of scale that third parties provide enables organizations to focus...more
7/5/2021
/ Anti-Bribery ,
California Consumer Privacy Act (CCPA) ,
Collaboration ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Due Diligence ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
NYDFS ,
Risk Management ,
Software ,
Third-Party Risk ,
Transparency ,
Vendors
The Virginia Consumer Data Protection Act (CDPA) overwhelmingly passed both legislative chambers this month and is expected to be signed by the Governor in the coming weeks with an effective date of January 1, 2023. Best...more
6/28/2021
/ Adtech ,
California Consumer Privacy Act (CCPA) ,
CDPA ,
Cookies ,
COPPA ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Personal Data ,
Popular ,
Privacy Laws ,
Sensitive Personal Information ,
Third-Party Service Provider ,
Virginia
After much anticipation, the European Commission has published new Standard Contractual Clauses (SCCs). Under the General Data Protection Regulation (GDPR), when personal data of individuals in the European Economic Area...more
6/14/2021
/ Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
National Security ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
In an era of increased M&A transactions, organizations must understand the risks and potential liabilities associated with the personal information they obtain on their customers, vendors, and employees....more
6/8/2021
/ Acquisition Agreements ,
Corporate Sales Transactions ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Retention ,
Due Diligence ,
Funding Opportunities ,
Information Technology ,
Investors ,
Merger Agreements ,
Seed Financing
Organizations are closely tracking which of their vendors previously relied on Privacy Shield. Separately, they are preparing Transfer Impact Assessments (“TIAs”) to evaluate and address risks associated with personal data...more
6/1/2021
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
FISA ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Mitigation ,
Schrems I & Schrems II ,
Standard Contractual Clauses
A data inventory is the fundamental building block for an effective privacy program. In its simplest form, a data inventory can be thought of as a matrix which documents 1) what personal data is being collected by the...more
5/27/2021
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Retention ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Governance ,
Popular