There are many similarities between the Colorado Privacy Act (ColoPA), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data privacy Act (VCDPA), and Europe’s GDPR,...more
7/15/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Data Controller ,
Data Deletion ,
Data Processors ,
Data Protection ,
Data Subjects Rights ,
Enforcement Authority ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Jurisdiction ,
Personal Data ,
Sensitive Personal Information ,
Standard Contractual Clauses ,
State Privacy Laws ,
Statutory Violations
While there are efforts afoot to broaden the impact and reach of US law on hackers, particularly with the US Department of Justice (the DOJ) planning to coordinate ransomware attack investigations with similar protocols it...more
Amidst the ever-worsening onslaught of cyberattacks, companies are longing to go on the offensive, whether by “hacking-back” or by going after malicious actors in United States courts. While Congress has previously refused to...more
Updata is an international report produced by Eversheds Sutherland’s dedicated Privacy and Cybersecurity team – it provides you with a compilation of key privacy and cybersecurity regulatory and legal developments from the...more
3/11/2021
/ California Consumer Privacy Act (CCPA) ,
China ,
Coronavirus/COVID-19 ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Privacy ,
Data Security ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
Hong Kong Monetary Authority (HKMA) ,
Popular ,
Schrems I & Schrems II ,
State Privacy Laws ,
Surveillance ,
Virus Testing
On March 2, 2021, Governor Northam signed the Virginia Consumer Data Protection Act (CDPA or the Act) making it the country’s second comprehensive data privacy legislation following California’s Consumer Protection Act of...more
3/5/2021
/ California Consumer Privacy Act (CCPA) ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Acts ,
Enforcement Actions ,
General Data Protection Regulation (GDPR) ,
Governor Northam ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
State Data Privacy Laws
On the 10 February 2021, ambassadors in the Council of the European Union Permanent Representatives Committee (COREPER) announced it had agreed a negotiating mandate on a draft ePrivacy Regulation (“the ePrivacy Regulation”)....more
In a closely watched decision, the US Court of Appeals for the First Circuit confirmed the government’s expansive authority to search cell phones, laptops, and other electronic devices at the border. On February 9, 2021, the...more
2/19/2021
/ Appeals ,
Border Searches ,
Customs and Border Protection ,
Department of Homeland Security (DHS) ,
Electronic Devices ,
Fourth Amendment ,
Immigration and Customs Enforcement (ICE) ,
Mobile Devices ,
National Security ,
Reasonable Suspicion ,
Search & Seizure ,
Search Warrant
It was a tumultuous year for privacy and cybersecurity, and further uncertainty is all but guaranteed. The key to navigating this volatility, as 2020 proved, is to develop and maintain a proactive, agile and holistic data...more
2/10/2021
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Coronavirus/COVID-19 ,
Cryptocurrency ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
NAIC ,
Popular
On December 18, 2020, the Financial Crimes Enforcement Network (FinCEN) issued a Notice of Proposed Rulemaking (NPRM) to establish new requirements for convertible virtual currency (CVC) and legal tender digital asset (LTDA)...more
The massive SolarWinds security breach, which affected not only the private sector, but federal, state and local governments, has caused some to question whether to share data with the government. On Friday, December 18, the...more
As tens of billions of additional Internet of Things (IoT) devices are poised to enter the market and infuse our supply chains, on December 4, 2020, President Donald Trump signed the first-ever federal law governing IoT...more
Working from home since the onset of the pandemic, you check your social media on a work laptop, in violation of your company’s Acceptable Use Policy. Have you just committed a federal crime?...more
On November 3, 2020, California voters passed Proposition 24, the California Privacy Rights Act (CPRA), by approximately 56-44%. This act will amend and supersede the still recent California Consumer Privacy Act (CCPA), once...more
11/10/2020
/ Administrative Agencies ,
Amended Legislation ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Corporate Counsel ,
Cybersecurity ,
Enforcement Authority ,
Minors ,
New Legislation ,
Opt-Outs ,
Personal Information ,
Popular ,
Private Right of Action ,
Sensitive Personal Information
Hopes that privacy regulators and litigants would grant a reprieve to businesses during the COVID-19 pandemic may prove ill-founded. On July 21, 2020, the New York Department of Financial Services announced its first...more
If your company, like many other US insurance companies, has an EU or UK affiliate or parent, and you transfer personal data to the US, including employee data or even data of US persons, or if your trusted service providers...more
If you transfer personal data from the EU/UK to countries which lack a so-called “adequacy” determination, like the US or India, or if your trusted service providers do, the Schrems II European Court decision has seismic...more
8/6/2020
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
FISA ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On July 30, 2020, the Financial Crimes Enforcement Network (FinCEN) released an advisory that signals its focus on cybercrime arising from vulnerabilities potentially created by the COVID-19 pandemic. The “Advisory on...more
If you transfer data from the EU to the US, or if your trusted service providers do, the Schrems II European Court decision1 has seismic significance - even if you do not rely on Privacy Shield.
On July 16, 2020, the Court...more
7/29/2020
/ Binding Corporate Rules ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
According to one blockchain and cryptocurrency security firm, this year is on pace to be the second highest in cryptocurrency theft, hacking and fraud, with January through May 2020 already seeing $1.36 billion stolen in...more
6/10/2020
/ Bank Secrecy Act ,
Bitcoin ,
Blockchain ,
Cryptocurrency ,
Enforcement Actions ,
Fraud ,
Hackers ,
Misappropriation ,
Money Laundering ,
Money Services Business ,
OCC ,
Theft
On May 5, 2020, the NAIC’s Privacy Protections (D) Working Group met via conference call. The Working Group was formed on October 1, 2019, under the Market Regulation and Consumer Affairs (D) Committee on a referral from...more
Many general counsels, as well as their privacy and cybersecurity teams, are understandably focused on their company’s coronavirus safety measures - and that is good news to the hackers.
Hackers thrive amidst confusion and...more
In the scramble to come into compliance before the January 1, 2020 deadline, companies may have overlooked a key - and potentially costly - requirement in the California Attorney General draft regulations to the California...more
On February 10, 2020, the California Attorney General published revisions to the proposed regulations (Revised Regulations) to implement the California Consumer Privacy Act of 2018 (CCPA). The changes largely clarify and...more
With companies increasingly worried about what the California Attorney General, and private litigants, will do once the California Consumer Privacy Act comes into effect, they should not lose sight of what the Federal Trade...more
In the run-up to January 1, 2020, the California legislature and Attorney General are rushing to provide clarity to the California Consumer Privacy Act of 2018 (CCPA) - and businesses are rushing to interpret and implement...more
11/18/2019
/ Amended Legislation ,
Anti-Discrimination Policies ,
B2B Transactions ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Brokers ,
Data Deletion ,
Data Privacy ,
Data Security ,
E-Commerce ,
Fair Credit Reporting Act (FCRA) ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Proposed Amendments ,
State Data Breach Notification Statutes ,
Subject Access Request (SAR)