The recent hack against FireEye and the U.S. Treasury and Commerce Department affected SolarWinds software for other clients as well (not limited to the U.S. government). SolarWinds has confirmed a cyberattack to its systems...more
Today, July 16, 2020, the EU’s top court, the Court of Justice of the European Union (CJEU), issued its highly anticipated decision in the Schrems II case. In doing so, CJEU has invalidated the EU-US Privacy Shield Framework...more
As the CCPA enforcement date of July 1, 2020 approaches next week, California privacy rights were already on the minds of many businesses. However, just as organizations wrap up month and year-long projects to address those...more
Don’t wait to implement your California Consumer Privacy Act (CCPA) compliance as it could require changes to your operations. CCPA can apply to businesses even if they do not have offices or employees in California. It can...more
This is one of several client alerts in a series counting down to the date when CCPA applies (Almost 1 month to go) -
The California Consumer Privacy Act (CCPA) takes effect for businesses January 1, 2020. Don’t wait to...more
11/27/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Protection ,
Data Sellers ,
Employee Privacy Rights ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Information ,
Privacy Laws ,
Public Comment ,
Website Owner Liability
This is one of several client alerts in a series counting down to the CCPA effectuation date.
Don’t wait to implement your California Consumer Privacy Act (“CCPA”) compliance mechanisms as changes to your operations may be...more
10/24/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Processors ,
Data Protection ,
Online Safety for Children ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Policy ,
Right to Delete ,
State Data Breach Notification Statutes
Don’t wait to implement your California Consumer Privacy Act (CCPA) compliance as it could require changes to your operations. As a reminder, the CCPA takes effect January 1, 2020 and can apply to businesses even if they do...more
9/19/2019
/ Amended Legislation ,
B2B Organizations ,
B2B Transactions ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Fair Credit Reporting Act (FCRA) ,
Governor Newsom ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
If your company holds or collects data in the US, the UK and elsewhere in the EU, you should be mapping out how data flows through those jurisdictions in anticipation of the UK “crashing out” of the European Union in October,...more
Don’t wait to implement your California Consumer Privacy Act (CCPA) compliance as it could require changes to your operations. CCPA can apply to businesses even if they do not have offices or employees in California. It can...more
8/2/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Right to Delete
Five things schools, colleges and universities can do this summer to address data privacy and protect against cybersecurity threats.
Consider these five steps during your summer break to address the protection of...more
7/19/2019
/ Chief Information Security Officer (CISO) ,
Colleges ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Educational Institutions ,
Hackers ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Universities ,
Vendor Contacts
Don’t wait to implement your California Consumer Privacy Act (CCPA) compliance. California’s new privacy law goes into effect January 1, 2020. Consumer lawsuits are expected to follow shortly after implementation. CCPA can...more
Oregon amended its data breach notice statute (ORS §§ 646A.600 – 646A.628) on May 24, 2019. Beginning January 1, 2020, Oregon will be the first state to explicitly require vendors to notify the attorney general about data...more
The California State Assembly has passed several amendments to the California Consumer Privacy Act (CCPA) this legislative session. Among the total of four CCPA amendments that were passed in the Assembly this week, two have...more
6/3/2019
/ Amended Legislation ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Customer Information ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
E-Commerce ,
Employer Liability Issues ,
Employment Litigation
According to the highest court in the state, Georgia state government does not have an inherent obligation to protect citizens’ personal or sensitive data like social security numbers or status on the unemployment rolls. This...more
Most of the reaction to Donald Trump’s sweeping new Executive Order, declaring a national emergency to combat “the ability of foreign adversaries to create and exploit vulnerabilities in information and communications...more
Don’t wait to implement your California Consumer Privacy Act (CCPA) compliance as it could require changes to your operations. CCPA can apply to businesses even if they do not have offices or employees in California. It can...more
California’s Consumer Privacy Act (CCPA) will go into effect on January 1, 2020. CCPA can apply to businesses even if they do not have offices or employees in California. For-profit businesses that collect or use personal...more
Privacy Shield participants must update their privacy notices by March 29, 2019 (if the UK crashes out of the EU then with no deal) to continue to rely on the Privacy Shield for UK to US transfers post-Brexit. Privacy Shield...more
3/19/2019
/ Corporate Counsel ,
Data Protection ,
Data Protection Authority ,
EU-US Privacy Shield ,
International Data Transfers ,
No-Deal Brexit ,
Personal Data ,
Privacy Policy ,
Swiss Privacy Shield ,
UK Brexit ,
Withdrawal Agreement
And if you are collecting, storing or using biometric information of any Parrotheads, you may end up being the only bait in town. A bill to create the Florida Biometric Privacy Act was just introduced in the Sunshine State...more
Illinois, the only state with a statute allowing private actions for unconsented collection of biometric readings, has made plaintiff recovery significantly easier, and defending such cases significantly harder....more
Canada now follows the US trend to require reporting of personal data exposures. Beginning November 1, 2018, a change in the law will require companies subject to Canada’s federal data protection laws to report data breaches...more
The new California Consumer Privacy Act is not the only California privacy law that companies will have to prepare for in 2019. Beginning on January 1, 2020, California will also require a manufacturer of a “connected device”...more
10/10/2018
/ California Consumer Privacy Act (CCPA) ,
Connected Items ,
Data Collection ,
Data Security ,
Governor Brown ,
Internet ,
Internet of Things ,
Manufacturers ,
New Legislation ,
Private Right of Action ,
Smart Devices ,
Software
In July, we published a client alert answering key questions about the CCPA. However, state lawmakers have made additional changes to the law since then. Below is an updated overview showing the amendments in bold...more
9/7/2018
/ Amended Legislation ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
On June 28, 2018, California enacted the California Consumer Privacy Act of 2018 (“CCPA”). CCPA, unlike any other law, requires companies to honor specific privacy rights of California consumers granted under CCPA....more
7/3/2018
/ Consumer Protection Laws ,
Cybersecurity ,
Data Collection ,
Governor Brown ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Portability ,
Privacy Laws ,
Private Right of Action ,
Right to Be Forgotten ,
State and Local Government
The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It...more
5/3/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information