On August 1st, the Hamburg Commissioner for Data Protection and Freedom of Information announced that the Hamburg Data Protection Commission (HDPC) had opened an administrative procedure to prohibit Google from carrying out...more
Don’t wait to implement your California Consumer Privacy Act (CCPA) compliance as it could require changes to your operations. CCPA can apply to businesses even if they do not have offices or employees in California. It can...more
8/2/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Right to Delete
Last week, the New York State Senate, at the request of the state attorney general, passed the “Stop Hacks and Improve Electronic Data Security Act” (the “Shield” Act). The bill is currently working its way through the New...more
Don’t wait to implement your California Consumer Privacy Act (CCPA) compliance as it could require changes to your operations. CCPA can apply to businesses even if they do not have offices or employees in California. It can...more
Privacy Shield participants must update their privacy notices by March 29, 2019 (if the UK crashes out of the EU then with no deal) to continue to rely on the Privacy Shield for UK to US transfers post-Brexit. Privacy Shield...more
3/19/2019
/ Corporate Counsel ,
Data Protection ,
Data Protection Authority ,
EU-US Privacy Shield ,
International Data Transfers ,
No-Deal Brexit ,
Personal Data ,
Privacy Policy ,
Swiss Privacy Shield ,
UK Brexit ,
Withdrawal Agreement
Tacking an entirely new direction from other US states, Ohio has decided to offer defensive legal protection to businesses who have built a cybersecurity regime around well-known industry standards, even where those...more
11/7/2018
/ Blockchain ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Federal Information Security Modernization Act (FISMA) ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
NIST ,
Popular ,
Safe Harbors ,
Smart Contracts
You may be paying for cyber insurance that will not cover the most significant cyber risks faced by your business.
Recent studies call into question whether a company can insure against the unprecedented huge fines for...more
9/20/2018
/ Corporate Counsel ,
Cyber Insurance ,
Cybersecurity ,
Data Protection ,
Data Security ,
EU ,
Extraterritoriality Rules ,
Fines ,
General Data Protection Regulation (GDPR) ,
Member State ,
Popular
In July, we published a client alert answering key questions about the CCPA. However, state lawmakers have made additional changes to the law since then. Below is an updated overview showing the amendments in bold...more
9/7/2018
/ Amended Legislation ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
Throughout history, people have waged sectarian fights to protect their beliefs. The Europeans, sitting at a crossroads of two major religions charged with converting the unenlightened, have a particularly combative...more
8/16/2018
/ Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular
The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It...more
5/3/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information
In February 2014 the U.S. National Institute of Standards in Technology (‘NIST’) published the ?rst NIST Cybersecurity Framework, responding to an Executive Order on improving critical infrastructure cybersecurity issued by...more
4/23/2018
/ Cloud Service Providers (CSPs) ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Data Protection Officers (DPOs) ,
Executive Orders ,
Hackers ,
Internet of Things ,
NIST ,
Point of Sale Terminals ,
Popular ,
Public Safety ,
Regulatory Requirements ,
Risk Management ,
Self-Regulatory Organizations ,
Trump Administration
Follow our three-question flowchart to answer the question: “Does GDPR Apply to You?” If “Yes” then you may be required to designate a Data Protection Officer (“DPO”) by May 25, 2018, when the GDPR applies.
Follow our...more
The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It...more
Your business may have been victim to the latest ransomware attack, or it may be caught in the next wave.
On May 12, 2017, the “WannaCry” ransomware attack compromised over 70,000 organizations in nearly 100...more
We all know why selecting appropriate data security standards is difficult. No two business are the same. Different businesses have different assets to protect and different bank accounts to tap. Different sized businesses...more
In the third privacy-related enforcement action of the year, the FCC Enforcement Bureau entered into a $595,000 settlement with Cox Communications to resolve an investigation into the company’s loss of customer personal data....more
We leave breadcrumbs of biometric information scattered around our daily lives, which may be collected and used by private entities, often without our knowledge or consent. The sound of your voice when you call your bank’s...more
10/26/2015
/ Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Consent ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Driver's Licenses ,
FERPA ,
New Legislation ,
Parental Consent ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Shutterfly ,
Social Networks ,
Students
A new privacy law requires companies to make specific statements about what information is collected on its website. Like California, it also requires that companies state in writing whether they respect “Do Not Track”...more
10/8/2015
/ Cloud Computing ,
Data Privacy ,
Data Protection ,
Data Security ,
Do Not Track ,
e-Books ,
Marketing ,
Mobile Apps ,
New Legislation ,
Online Privacy Protection Act ,
Online Safety for Children ,
Personally Identifiable Information ,
Popular ,
Prior Express Consent ,
Privacy Policy ,
Third-Party ,
Websites