On 10 July 2023, the European Commission (EC) adopted its eagerly expected adequacy decision on data transfers under the EU-U.S. Data Privacy Framework (DPF). The adequacy decision was preceded by substantial changes to U.S....more
On 13 December 2022, the European Commission (“EC”) published its draft adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”) that is intended to foster trans-Atlantic data flows and address the concerns raised by...more
On July 19, California’s recently appointed Attorney General, Rob Bonta, launched an interactive tool to aid consumers with drafting notices of noncompliance for businesses who fail to publish the “Do Not Sell My Personal...more
The California Privacy Rights Act (CPRA) will require businesses to update their privacy notices with additional disclosures and post website links that allow consumers to exercise their new rights under the CPRA. In this...more
As we have previously highlighted, the California Privacy Rights Act (CPRA) has created several new consumer rights that will require businesses to change existing California Consumer Privacy Act (CCPA) compliance programs. ...more
Virginia is on track to be the second U.S. state to enact comprehensive consumer privacy legislation. Both the Virginia House of Delegates and the Virginia Senate have passed nearly identical versions of the Consumer Data...more
2/10/2021
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
Risk Management ,
State and Local Government
California voters have approved the California Privacy Rights Act (CPRA or Proposition 24), a new law coming into effect on January 1, 2023 that will significantly amend the California Consumer Privacy Act (CCPA). ...more
11/6/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data-Sharing ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government
On October 12, the California Attorney General announced a new set of proposed modifications to the CCPA regulations. Although this third set of proposed modifications is relatively brief, they would reinstate some provisions...more
10/27/2020
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
State and Local Government ,
State Attorneys General
After a long period of uncertainty about the effective date of Brazil’s General Data Protection law (LGPD), Brazil’s Congress on Wednesday dramatically approved a last-minute amendment to legislation that accelerated the...more
On Friday, the California Attorney General issued the final implementing regulations for the California Consumer Privacy Act (CCPA). The final regulations—which had been under review by the California Office of Administrative...more
8/18/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Office of Administrative Law Judges (OALJ) ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Requirements ,
State and Local Government
The table below sets out the guidance provided by data protection authorities (DPA) in response to the European Court of Justice’s landmark judgment in Case C-311/18 Data Protection Commissioner v. Facebook Ireland and...more
7/23/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On June 1, The California Attorney General (CA AG) submitted the final text of the CCPA regulations to the California Office of Administrative Law (OAL) for approval. ...more
6/2/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
Businesses spent the latter months of 2019 working hard to prepare for the January 1, 2020 implementation of the California Consumer Privacy Act (CCPA). ...more
5/7/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
On March 11, the Word Health Organization officially characterized the coronavirus (COVID-19) outbreak as a pandemic. During the outbreak, many employers around the world are seeking to prioritize the well-being and safety of...more
3/16/2020
/ Business Continuity Plans ,
Business Interruption ,
China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Cybersecurity ,
Data Protection ,
Emergency Management Plans ,
Infectious Diseases ,
Information Security ,
Malware ,
Policies and Procedures ,
Popular ,
Public Health ,
Risk Management
On March 11, The California Attorney General (CA AG) released a second set of modifications to the proposed regulations implementing the California Consumer Privacy Act (CCPA)....more
3/13/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Digital Service Providers ,
Information Governance ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Right to Delete ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
On October 10, California Attorney General Xavier Becerra (CA AG) released proposed regulations to implement certain provisions of the California Consumer Privacy Act (CCPA). The CA AG also released a Notice of Proposed...more
10/14/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Information Sharing ,
Non-Discrimination Rules ,
NPRM ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Regulation ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
On July 25, New York Governor Andrew Cuomo signed into law a pair of bills establishing new requirements for businesses that process certain personal information related to New York residents. The changes include expanding...more
8/8/2019
/ Biometric Information ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Governor Cuomo ,
Hackers ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Security Standards ,
SHIELD Act ,
State and Local Government ,
State Data Breach Notification Statutes