DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
In 2018, there were two comprehensive state data privacy bills introduced across the United States and a whopping zero were in effect. Fast forward six years and there have been 41 new data privacy bills considered this year...more
New Jersey rang in the new year with the signing of a state privacy bill. On Jan. 16, Gov. Phil Murphy signed SB No. 322, stating he was proud that New Jersey had joined the ranks of states with consumer privacy bills....more
The Office of the Privacy Commissioner of Canada (OPC) recently released findings stemming from a customer complaint that Home Depot of Canada (Home Depot) had violated the Personal Information Protection and Electronic...more
The California Consumer Privacy Act ("CCPA") was enacted in early 2018 as a political compromise to stave off a poorly drafted, and plaintiff’s friendly ballot initiative. Although the CCPA is scheduled to go into force in...more
The European Union’s top court ruled last week that the operator of a Facebook fan page is a “joint controller,” along with Facebook, with respect to personal data collected on such pages. The decision has implications for...more
Yesterday, DHHS’s Office for Civil Rights (OCR) announced a $100,000 settlement with a dissolved medical records moving and storage company in Illinois. This is another example of OCR bringing enforcement actions against a...more
Any entity processing personal data on your behalf (i.e., your vendors) must have a written contract in place. The GDPR requires specific language in your vendor contracts. Review steps 1–4 below to bring your vendor...more
In the online advertising sector, achieving a successful advertising campaign often involves implementing cookies (small files stored on computers or mobile devices that contain information on the user's browsing history),...more
Notice Requirements - The Privacy Shield notice requirements are more specific and detailed than what was required by the Safe Harbor regime. Safe Harbor required a privacy policy to provide information on data...more
The EU Data Protection Directive 95/46/EC (the “Directive”) creates the legal framework for the national data-protection laws in each EU member state. The Directive states that personal data may only be transferred to...more
More than 5,000 companies had taken advantage of the now defunct U.S.-EU Safe Harbor Framework. Those companies are now considering whether to join the newly approved “Privacy Shield,” and are trying to understand the...more