The ever-evolving data privacy landscape continues to become more complex as new developments play out on the global stage. In the United States, a number of individual state laws have come into force, with more following in...more
China’s long-awaited Personal Information Protection Law (PIPL), after two rounds of draft versions, was finally passed by the Standing Committee of the National People's Congress on August 20, 2021, with the law effective...more
8/24/2021
/ China ,
Corporate Counsel ,
Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personal Information ,
Popular ,
Regulatory Reform
Following the Schrems II decision last year, there have been many questions about the status of international data transfers between the European Union and United States. The European Commission (the Commission) has now...more
Virginia is on track to become the second state in the United States to pass a comprehensive data privacy law after the Virginia Consumer Data Protection Act (CDPA) quickly passed both houses of Virginia’s state legislature...more
2/19/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Protection ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
State and Local Government
The European Data Protection Board (EDPB) has finally released its much anticipated guidance following the Schrems II decision in July 2020, which invalidated the "Privacy Shield" system that allowed the transfer of personal...more
A majority of California voters approved the California Privacy Rights Act of 2020 (CPRA) on November 3. The CPRA expands provisions of the California Consumer Privacy Act (CCPA), creates new consumer privacy rights,...more
11/11/2020
/ Ballot Measures ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Retention ,
Data Sellers ,
Data-Sharing ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government
In response to the coronavirus (COVID-19) pandemic, technology companies and public health authorities around the world have been developing contact tracing apps as a way to track and thus slow the spread of the virus....more
California recently approved the final regulations to the California Consumer Privacy Act (CCPA), which took effect August 14, 2020. This article highlights some of the most notable changes to the final regulations and...more
9/1/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Office of Administrative Law Judges (OALJ) ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government
The Court of Justice of the European Union (ECJ) has finally issued its decision on the validity of standard contractual clauses (SCCs) in the Irish Data Protection Commissioner’s referral to the ECJ for an opinion on the...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The California Consumer Privacy Act authorizes only the state attorney general to enforce the statute, but a pending statutory amendment and a recent California Supreme Court ruling could end up expanding enforcement power to...more
7/13/2020
/ Abbott Laboratories ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government ,
State Attorneys General ,
Unfair or Deceptive Trade Practices
Despite the coronavirus (COVID-19) pandemic, the California attorney general intends to enforce the California Consumer Privacy Act (CCPA) beginning July 1, 2020, pending the anticipated approval from the California Office of...more
6/26/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Information Governance ,
Office of Administrative Law ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government ,
State Attorneys General
With the July 1 enforcement of the California Consumer Privacy Act (CCPA) less than a month away, the state attorney general has finally submitted the final text of the proposed CCPA regulations to the California Office of...more
6/4/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Office of Administrative Law ,
Personal Data ,
Personally Identifiable Information ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
With the July 1 enforcement of the California Consumer Privacy Act (CCPA) less than a month away, the state attorney general has finally submitted the final text of the proposed CCPA regulations to the California Office of...more
6/4/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Risk Management ,
Rulemaking Process ,
State and Local Government
While the final CCPA regulations remain pending, written comments on the recently released proposed modifications are due by February 25, 2020. This article highlights some of the most notable changes to the proposed...more
2/19/2020
/ Anti-Discrimination Policies ,
California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Mobile Apps ,
Mobile Devices ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Regulatory Requirements ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
The UK Court of Appeal recently upheld a decision by the UK High Court ruling that employers can be vicariously liable for an employee’s misuse of personal data under the control of the employer. Employers should also be...more
The European General Data Protection Regulation, which will come into force on May 25, 2018, requires companies, including investment managers, funds, banks, and broker-dealers, with operations in Europe or information about...more
4/18/2018
/ Banks ,
Broker-Dealer ,
Data Breach ,
Data Protection ,
EU ,
Financial Conduct Authority (FCA) ,
Financial Institutions ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Investment Management ,
Personal Data ,
UK
The GDPR will apply to the UK when it is effective on May 25, 2018, but the government will need to adopt domestic data privacy legislation upon the UK’s pending exit from the EU....more
3/22/2017
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular ,
UK ,
UK Brexit ,
UK Data Protection Act
The new law gives UK intelligence and law enforcement bodies sweeping surveillance powers.
The IPA was introduced in response to recommendations that David Anderson QC made, in his capacity as the Independent Reviewer of...more
Passage of the Act facilitates two data-sharing agreements between the European Union and United States that will improve transatlantic business, privacy, and security.
On February 24, the Judicial Redress Act of 2015...more
The pending legislation would authorize the US Department of Justice to designate foreign countries to allow the citizens of such countries to bring civil actions against certain US agencies to access, amend, or redress...more
A new personal data transfer agreement was announced on February 3, 2016 between EU and US authorities: the EU-US Privacy Shield will replace the invalidated Safe Harbor programme.
Since the landmark decision of the...more
2/4/2016
/ Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
New provisions about encryption, license plate recognition, and breach notification letters.
California has long been a trendsetter with regard to security breach notification standards. In 2002, for example, California...more
Data transfers can be suspended until investigation is complete.
In Maximillian Schrems v. Data Protection Commissioner (case C-362/14), the Advocate General ruled that EU data protection authorities do have powers to...more
9/28/2015
/ Advocate General ,
Binding Corporate Rules ,
Cloud Computing ,
Data Collection ,
Data Privacy ,
Data Protection Authority ,
Data Security ,
Edward Snowden ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Prior Express Consent ,
Privacy Policy ,
Public Disclosure ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework