The California attorney general has created a tool for consumers to report situations where companies sell information but do not have an opt-out of sale link on their website. The release of the tool came at the same time as...more
The FTC recently announced the removal of Aristotle International, Inc. from the list of seven approved safe harbor programs under the Children’s Online Privacy Protection Act. Programs that are approved by the FTC must place...more
Colorado recently joined Virginia and California in passing a more comprehensive privacy law. The Colorado Privacy Act (CPA) will go into effect July 1, 2023. This is six months after Virginia’s law (CDPA) and California’s...more
7/14/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Colorado ,
Consumer Privacy Rights ,
Data Protection ,
Data Security ,
Enforcement ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
General Data Protection Regulation (GDPR) ,
Liability ,
New Legislation ,
Privacy Laws ,
State and Local Government
The New York State Department of Financial Services recently announced new guidance addressing ransomware attacks, and highlighting cybersecurity measures to significantly reduce the risk of an attack. The guidance comes as...more
7/13/2021
/ Confidential Information ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
FBI ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
New Guidance ,
NYDFS ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Supply Chain
The Portuguese data protection authority issued a recent resolution ordering the Portuguese National Institute of Statistics (or INE) to stop sending personal census information to any countries outside of the EU that do not...more
In a notable application of the European Court of Justice’s “Schrems II” decision, the data protection authority for the German state of Bavaria recently held that use by a German entity of US-based MailChimp (which use...more
As the first quarter of 2021 comes to a close, cyberattacks are only gaining momentum. As we reported last month, these attacks have become big business for threat actors, and companies are working hard to be prepared. Taking...more
To round out this series on right-sizing a privacy program, our last stop is thinking about the impact of working with third parties. There are many legal requirements to assess and/or to address in third party contracts when...more
1/29/2021
/ Business Development ,
California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Standard Contractual Clauses ,
Strategic Planning ,
Third-Party
As mentioned in the prior post in this series, a strategically developed privacy program can help support companies in a rapidly changing legislative and enforcement environment. As part of taking a strategic approach,...more
Later this week, January 28, 2021 will mark International Privacy Day: a day corporations release educational efforts around privacy and data protection. There are many reasons to approach privacy proactively in 2021: (1)...more
The travel giant Sabre Corp. has reached an agreement with multiple State Attorneys General to pay $2.4 million and make certain changes in its cybersecurity policies to settle a multi-state investigation into a 2017 data...more
1/5/2021
/ Credit Cards ,
Customers ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Investigations ,
Online Marketplace ,
Online Payments ,
Online Platforms ,
Settlement ,
State Attorneys General
Many in the world have been watching the Brexit deal closely, including privacy lawyers and others who deal with global data transfers. Under the recently-announced deal, a temporary solution will allow companies to continue...more
12/29/2020
/ Cross-Border Transactions ,
Data Protection ,
Data Transfers ,
EU ,
European Economic Area (EEA) ,
Exceptions ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
UK ,
UK Brexit
As 2020 comes to a close, we take this opportunity to look back at some of the more significant developments that we discussed in the blog this year. The first is the EU Court of Justice’s Schrems II decision, finding that...more
By ballot initiative, California residents recently approved Proposition 24, or the California Privacy Rights Act (CPRA), with approximately 56 percent voting in favor. CPRA significantly amends the CCPA by expanding...more
By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would...more
Late this summer the New York Department of Financial Services (NYDFS) announced its first enforcement action since the cybersecurity rules went into effect in March 2017. The action was brought against First American Title...more
9/24/2020
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Enforcement Actions ,
Financial Services Industry ,
First American Title Insurance Co. ,
Internal Investigations ,
Non-Public Information ,
NYDFS ,
Popular ,
State Attorneys General
In a much anticipated ruling, this month the Swiss Data Protection Authority concluded that the EU-US Swiss Privacy Shield was no longer an adequate method for transferring personal information from Switzerland to the US. In...more
Companies who transfer data from the EU to the U.S. are struggling to determine the appropriate basis under which they can make these transfers. Continuing our examination of the outcome of this decision, we think now about...more
On July 16, 2020, in the case colloquially known as “Schrems II,” the Court of Justice of the European Union (CJEU) struck down the EU-US Privacy Shield, finding it an invalid mechanism for transferring data from the EU to...more
On June 1, 2020, the California AG submitted the final text of the proposed CCPA regulations to the Office of Administrative Law (OAL). There were no changes to the final text from the last version released in March, which we...more
On March 11, 2020, the second set of modifications (or the third version) of the CCPA draft regulations were released. While the number of substantive changes dwindled in this version, there are a number of drafting...more
During their COVID-19 preparations, companies are dusting off -and deploying- their business continuity plans. Also worth revisiting are incident response plans. Teams working remotely, if faced with a data breach, will still...more
The European Data Protection Board recently requested comments on its data protection “by design and default” guidelines. Comments are due by mid-January of next year. The Guidelines provide clarity about how to address...more
The EU Commission concluded its third annual review of the EU-U.S. Privacy Shield and found that it continues to provide an adequate level of protection for EU personal data. The program was created as a mechanism to...more
The FTC recently settled with Infotrax Systems, L.C. a technology company providing software to the direct sales industry. The settlement followed a breach suffered by the company, and involved allegations the company had...more
11/21/2019
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Settlement ,
Software Developers ,
Technology Sector