DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
by Becky Achten New guidance from the Employee Benefits Security Administration (EBSA) affirms that both sides—retirement plans and welfare plans—must take steps to secure participant data from cybercrime. In 2021 the...more
The Personal Information Protection Act ("PIPA") comes into full force on 1 January 2025. All organisations in Bermuda are expected to be in compliance with it by that date – time is running out! The Privacy Commissioner...more
On February 21, 2024, California Attorney General Rob Bonta ("Cal AG") announced that his office reached a settlement with DoorDash, the food delivery service company, for violating the California Consumer Privacy Act...more
On February 1, the Federal Trade Commission (FTC or “the Commission”) announced that it had reached a settlement with Blackbaud, a software company, resolving claims related to a 2020 data breach that resulted in the...more
With the first month of 2024 now behind us, it is time for organizations to start seriously considering key comprehensive state data privacy compliance obligations for 2024. In total, seven states passed data privacy laws...more
Keypoint: The past two months have seen many courts dismiss privacy claims as judges appear to be more critical of plaintiffs’ theories while other judges have allowed cases to proceed past the motion to dismiss stage....more
Personal information from federal lawmakers and congressional staff members was available on the dark web following a breach of DC Health Link, the health insurance marketplace for Washington, D.C. In an internal memo sent to...more
With only four months left before most changes to the federal Standards for Safeguarding Customer Information (“Safeguards Rule”) – a component of the Gramm-Leach Bliley Act (“GLBA”) that provides for the protection of...more
The ability to verify compliance with applicable law, notice and opt-out requirements for subcontractors, and flowing through data minimization principles are key requirements under new US state data protection laws. As...more
The Office of the Privacy Commissioner of Canada (OPC) recently released findings stemming from a customer complaint that Home Depot of Canada (Home Depot) had violated the Personal Information Protection and Electronic...more
Some states will affirmatively require annual audits of a business’s data collection and processing practices and—in some cases—to submit those audits to state regulators. With new US state data protection laws taking...more
In a revised opinion issued September 8, 2022, an en banc panel of the Eleventh Circuit Court of Appeals reversed last year’s controversial opinion which potentially spelled trouble for debt collectors utilizing third-party...more
Hackers have increasingly focused on third-party vendors as avenues to data held by associated businesses. On August 25, 2022, DoorDash announced that it had experienced a data breach which impacted the personal...more
On August 24, 2022, California Attorney General (“CA AG”) Rob Bonta announced a settlement with Sephora USA, Inc. that includes a $1.2 million fine—the first monetary penalty imposed under the CCPA. The settlement also...more
American Data Privacy and Protection Act would require organizations to limit collection of personal information, grant consumers access to their own data, enhance data protections for children, mandate implementation of...more
Keypoint: The California Privacy Protection Agency issued a first set of draft regulations that contain a number of notable provisions but do not address all of the CPRA’s rulemaking topics....more
The latest update surrounding Hunstein v. Preferred Collection and Management Services, Inc., Case No. 19-14434 centers not on the Eleventh Circuit or the Hunstein decision itself but on the district courts nationwide that...more
Since 2018, a consistent stream of newly adopted privacy laws and other regulatory developments (such as GDPR, CCPA, Schrems II, and the new EU Standard Contractual Clauses) has required companies to make regular updates to...more
The Eleventh Circuit Court of Appeals has issued its ruling on the motion for rehearing in Hunstein v. Preferred Collection and Management Services, Inc., Case No. 19-14434 but most of the troublesome aspects of the Court’s...more
On October 27, 2021, the Federal Trade Commission (FTC) announced a newly updated rule under the Gramm-Leach-Bliley Act (GLBA) intended to require financial institutions to strengthen their data security safeguards to protect...more
In a surprise to many, an arguably rogue panel of the U.S. Court of Appeals for the Eleventh Circuit has now reaffirmed its earlier decision from Hunstein v. Preferred Collection, 994 F.3d 1341, holding that (1) a plaintiff...more
In the recent and significant Warren v DSG Retail Ltd [2021] EWHC 2168 (QB) decision the High Court in England clarified the limited circumstances in which claims for breach of confidence, misuse of private information and...more
Data breaches by large companies have been in the news for some time. Over the last several years several companies, including Marriott, Yahoo and Volkswagon, have been victimized by hackers who have broken into a company’s...more
On November 3, 2020, Californians voted to pass Proposition 24, expanding and modifying the California Consumer Privacy Act (“CCPA”), which came into force on January 1, 2020. The new California Privacy Rights Act (“CPRA”)...more
It’s been, as the song goes, a long, long time coming. In April, the Department of Labor issued its first ever formal cybersecurity guidance for retirement plan sponsors and retirement plan fiduciaries, and for the service...more