The new Colorado Privacy Act (CPA) will take effect on July 1, 2023, requiring companies that operate within the state to comply with heightened privacy requirements. Colorado joins several other states with comprehensive...more
Since the implementation of the EU’s General Data Protection Regulation (GDPR), the European Commission’s (EC) approved Standard Contractual Clauses (SCC) have been vital to the transfer of personal data to third countries...more
If the past two years of ramping up compliance for the California Consumer Privacy Act (CCPA) wasn't fun enough, businesses have new compliance challenges ahead in the next couple of years. This past November, California...more
1/22/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Popular
As anticipated by many experts in the field, the data security-focused private right of action under the California Consumer Privacy Act (CCPA) has resulted in claims alleging potential unauthorized access. FinTech data...more
9/23/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
FinTech ,
Health Technology ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Private Right of Action
In a decision issued on July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-U.S. Privacy Shield Framework, one of the primary tools used by companies in the European Union (EU) to transfer...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Businesses subject to the California Consumer Privacy Act (CCPA) have found themselves in an odd position with respect to their compliance efforts. The CCPA was effective on January 1, 2020 but enforcement will not begin...more
2/13/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Risk Management ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
On January 16, 2020, the National Institute of Standards and Technology (NIST) issued its NIST Privacy Framework Version 1.0 (Privacy Framework). The Privacy Framework follows the same type of structure as the NIST Framework...more
1/24/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Cybersecurity Framework ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Privacy ,
Data Protection ,
Data Security ,
Framework Agreement ,
General Data Protection Regulation (GDPR) ,
NIST ,
Personal Data ,
Popular ,
Privacy Act of 1974 ,
Risk Management
On June 28, 2018, California enacted the California Consumer Privacy Act of 2018 (CCPA), which provides what is arguably the most restrictive privacy law in the U.S. and would likely have some effect on most businesses across...more
7/3/2018
/ Biometric Information ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
State and Local Government
Companies that routinely collect or process data of European Union residents have likely spent the past couple of years preparing for May 25, 2018. ...more
The European Court of Justice has declared invalid the Safe Harbor data-transfer agreement that has governed EU data flows across the Atlantic for the last 15 years. Thousands of U.S. companies have relied on the Safe Harbor...more
10/23/2015
/ Article 29 Working Party (WP29) ,
Binding Corporate Rules ,
Cybersecurity ,
Data Protection Authority ,
Edward Snowden ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
European Economic Area (EEA) ,
Facebook ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Ireland ,
Model Contracts ,
National Security ,
National Security Agency (NSA) ,
Personal Data ,
Privacy Laws ,
Right to Privacy ,
Safe Harbors ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework
Highly regulated industries such as banking and healthcare have been at the forefront with robust data security regulations for a number of years. Regulators are now focusing on other industries as data breach incidents...more