Elizabeth Harding at Polsinelli

California’s Amended Data Broker Registration Law

In October 2023, California Governor Gavin Newsom signed Senate Bill (S.B.) 362 into law, amending California’s data broker registration law. By January 31, 2024, qualifying data brokers must register with the California...more

1/18/2024 / California , California Consumer Privacy Act (CCPA) , California Privacy Protection Agency (CPPA) , Consumer Privacy Rights , Cybersecurity , Data Brokers , Data Collection , Data Privacy , Data Protection , New Legislation , Registration Requirement , Regulatory Requirements

Generative AI’s ‘Industry Standards’ for Cybersecurity and Data Privacy Could be Here Sooner Rather than Later

AI may be both the most “powerful capability of our time” and the “most powerful weapon of our time." That’s according to Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency, when interviewed...more

7/26/2023 / Artificial Intelligence , Cybersecurity , Data Management , Data Privacy , Data Security , Federal Trade Commission (FTC) , Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) , Innovative Technology , Machine Learning , Personal Information , Security Standards

Will a New Wave of Lawsuits Roll Into a Nationwide Tsunami? Wiretapping Litigation for Website Analytics

2022 has seen a new wave of class action lawsuits targeting companies that use technology to track consumers’ interfaces on their websites. These lawsuits generally allege that the use of technologies such as session replay...more

4/3/2023 / Bots , Data Collection , Data Privacy , Electronic Communications , Electronic Monitoring , Health Insurance Portability and Accountability Act (HIPAA) , PHI , Popular , Risk Mitigation , Third-Party Service Provider , Website Owner Liability , Websites , Wiretap Act , Wiretapping

EU Cyber Resilience Act

On September 15, 2022, the European Commission published its Proposal for a Cyber Resilience Act (CRA) which sets out new requirements for hardware and software products in the EU. The CRA applies to hardware and...more

10/31/2022 / Cybersecurity , Data Privacy , Data Protection , ENISA , EU , EU Data Protection Laws , Hardware , Proposed Regulation , Regulatory Agenda , Regulatory Requirements , Software , Vulnerability Assessments

CPRA and Employee Data – What Businesses Need to Know

The California Privacy Rights Act (“CPRA”) comes into force on January 1, 2023, and will amend and extend the privacy rights under the California Consumer Privacy Act (“CCPA”). Assuming no further applicable extensions or...more

8/31/2022 / California , California Consumer Privacy Act (CCPA) , California Privacy Rights Act (CPRA) , Corporate Counsel , Data Collection , Data Management , Data Protection , Employee Privacy Rights , Employees , Employer Liability Issues , Regulatory Requirements

Five Immediate Steps to Take in Preparation for China’s New Comprehensive Privacy Law

China has recently joined the list of countries that have adopted the world’s strictest data-privacy laws. Given China’s desirability as both a market for and a source of data, companies worldwide have started making early...more

11/2/2021 / China , Consumer Privacy Rights , Corporate Counsel , Data Privacy , Data Processors , Data Protection , Data Security , Extraterritoriality Rules , International Data Transfers , Personal Information , Personal Information Protection Law (PIPL) , Regulatory Reform , Regulatory Requirements

The Privacy Survival Guide - August 2021

Virginia recently adopted a GDPR-inspired comprehensive data protection law for Virginia residents. What Are the Main Points Covered by Virginia’s Consumer Data Protection Act (CDPA)? ...more

8/9/2021 / 21st Century Cures Act , Biometric Information , Biometric Information Privacy Act , CDPA , Consumer Privacy Rights , Critical Infrastructure Sectors , Cybersecurity , Data Collection , Data Localization Law , Data Privacy , Data Protection , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Privacy Rule , HIPAA Security Rule , Information Blocking Rules , New Legislation , Personal Data

Colorado Privacy Bill Moves Closer to Becoming Law

On May 26, 2021, the Colorado State Senate unanimously passed the Colorado Privacy Act bill (CPA) through the state Senate. On June 7, 2021, the Colorado House passed the CPA (by a vote of 57-7). ...more

6/16/2021 / Consumer Privacy Rights , Cybersecurity , Data Collection , Data Management , Data Privacy , Data Protection , Personal Data , Proposed Legislation , Regulatory Agenda , Rulemaking Process , State and Local Government

New EU Standard Contractual Clauses for International Transfers

The European Commission has published its new Standard Contractual Clauses (“SCCs”) for international transfers of personal data. We have pulled out a few key questions and answers to address immediate issues...more

6/7/2021 / Data Protection , EU , General Data Protection Regulation (GDPR) , International Data Transfers , Personal Data , Popular , Schrems I & Schrems II , Standard Contractual Clauses

New Colorado Privacy Act

Like Virginia and Washington before it, on March 19, 2021, Colorado introduced a data privacy bill, the Colorado Privacy Act (CPA). As currently drafted, the CPA would be similar to other U.S. state privacy laws, including...more

4/7/2021 / Consumer Privacy Rights , Cybersecurity , Data Collection , Data Management , Data Privacy , Data Protection , Information Governance , New Legislation , Opt-Outs , Personal Data , Personally Identifiable Information , Regulatory Requirements , State and Local Government

New Virginia Privacy Bill

Any day now, Virginia will likely become the second state, behind California, to adopt a GDPR-inspired comprehensive data protection law for Virginia residents....more

2/16/2021 / California Privacy Rights Act (CPRA) , Consumer Privacy Rights , Cybersecurity , Data Management , Data Protection , General Data Protection Regulation (GDPR) , Information Governance , Legislative Agendas , Personal Data , Personally Identifiable Information , Popular , Regulatory Agenda , Sensitive Personal Information , State and Local Government

Tech Transactions & Data Privacy 2021 Report

As we bid farewell to 2020 and look toward the uncharted territory of 2021, it is hard not to take inventory of all that has changed in such a short period. No one at the beginning of 2020 would have predicted what transpired...more

1/26/2021 / Artificial Intelligence , California Consumer Privacy Act (CCPA) , Communications Decency Act , Contact Tracing , COPPA , Cybersecurity , Data Privacy , Data Protection , DMCA , Employee Monitoring , FERPA , General Data Protection Regulation (GDPR) , Health Insurance Portability and Accountability Act (HIPAA) , Personal Data , Personally Identifiable Information , Ransomware , Van Buren v United States

New EDPB Guidance on International Transfers Following Schrems II

On November 10, the European Data Protection Board (“EDPB”) released its “Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data” (the...more

11/17/2020 / Corporate Counsel , Cybersecurity , Data Protection , EU , European Data Protection Board (EDPB) , General Data Protection Regulation (GDPR) , International Data Transfers , Personal Data , Popular , Schrems I & Schrems II , Standard Contractual Clauses

CPRA – What This Means for Your Business

On November 3, 2020, Californians voted to pass Proposition 24, which modifies and expands the California Consumer Privacy Act (“CCPA”), which came into force on January 1 of this year. The new California Privacy Rights Act...more

11/10/2020 / California Consumer Privacy Act (CCPA) , California Privacy Rights Act (CPRA) , Consumer Privacy Rights , Cybersecurity , Data Collection , Data Management , Data Privacy , Data Sellers , Data-Sharing , Information Governance , Personal Data , Personally Identifiable Information , Popular , State and Local Government

H&M Fined 37.8 Million Dollars for Alleged GDPR Violations

What Happened? On October 1, 2020, the Hamburg Data Protection Commissioner (“Hamburg DPA”) fined clothing retailer H&M 37.8 million dollars (EURO 35.2 million) for several violations of the GDPR....more

10/14/2020 / Data Breach , Data Collection , Data Management , Data Protection , Data Retention , Enforcement Actions , EU , General Data Protection Regulation (GDPR) , H&M , Personal Data , Retailers

Client Update: H&M Fined 37.8 Million Dollars for Alleged GDPR Violations

What Happened? On October 1, 2020, the Hamburg Data Protection Commissioner (“Hamburg DPA”) fined clothing retailer H&M 37.8 million dollars (EURO 35.2 million) for several violations of the GDPR....more

10/13/2020 / Corporate Counsel , Data Collection , Data Management , Data Protection , Data Retention , Enforcement Actions , EU , General Data Protection Regulation (GDPR) , H&M , Personal Data , Retailers

U.S.-EU Privacy Shield Invalidated by CJEU

Yesterday, the Court of Justice of the EU (“CJEU”) issued a judgment with two important outcomes: (1) invalidation of the U.S.-EU Privacy Shield as a basis for transfers of personal data from the EU to the U.S.; and (2)...more

7/17/2020 / Court of Justice of the European Union (CJEU) , EU , EU-US Privacy Shield , Facebook , International Data Transfers , Ireland , Personal Data , Schrems I & Schrems II , Standard Contractual Clauses , Surveillance

Reopening the Economy and Getting Back to Business: Privacy Concerns with Health Data Collection and Contact Tracing

As we continue our series on steps business owners should take to mitigate the risk of reopening, it is clear from the guidance that has been issued by several states that effective screening and contact tracing are issues...more

5/15/2020 / California Consumer Privacy Act (CCPA) , Contact Tracing , Coronavirus/COVID-19 , Cybersecurity , Data Collection , Data Privacy , Data Protection , Data-Sharing , European Data Protection Board (EDPB) , General Data Protection Regulation (GDPR) , Privacy Concerns , Re-Opening Guidelines , Screening Procedures

Federal Privacy Legislation Update: Consumer Data Privacy and Security Act of 2020

On March 13, 2020, Senator Jerry Moran (R-Kansas), Chairman of the Senate Commerce Subcommittee on Consumer Protection, introduced the “Consumer Data Privacy and Security Act of 2020” (the “CDPSA”). The CDPSA joins several...more

3/16/2020 / Administrative Authority , Consumer Protection Laws , Cybersecurity , Data Management , Data Protection , Federal Trade Commission (FTC) , Legislative Agendas , Personal Data , Preemption , Private Right of Action , Proposed Legislation , Rulemaking Process , Small Business

Modifications to CCPA Proposed Regulations Released by California Attorney General

On February 7, 2020, and again on February 10, 2020, California Attorney General Xavier Becerra released modified proposed regulations (“Modified Proposed Regulations”) to the California Consumer Privacy Act of 2018, Cal....more

Five Key Takeaways from the Long-Awaited CCPA Regulations

The California Consumer Privacy Act of 2018 (“CCPA”) established new privacy rights for California consumers but left many unanswered questions on how businesses should implement the new obligations imposed on them. ...more

10/16/2019 / California Consumer Privacy Act (CCPA) , Consumer Contracts , Consumer Privacy Rights , Corporate Counsel , Cybersecurity , Data Collection , Data Management , Data Privacy , Data Protection , Digital Service Providers , Opt-Outs , Personal Data , Personally Identifiable Information , Privacy Laws , Proposed Regulation , Regulatory Agenda , Rulemaking Process , State and Local Government

Nevada Consumers Can Now Opt-Out of a Sale of Personal Information

On May 29, 2019, Nevada Governor Steve Sisolak signed into law Senate Bill 220 (SB 220), which allows a Nevada consumer to “opt-out” of the sale of his or her personal information to a third party. ...more

6/6/2019 / California Consumer Privacy Act (CCPA) , Consumer Protection Laws , Data Collection , Data-Sharing , General Data Protection Regulation (GDPR) , New Legislation , Opt-Outs , Personal Data , Personally Identifiable Information , State and Local Government , State Data Breach Notification Statutes , Third Party Purchaser (TPP)

California Assembly’s Privacy Committee Advances CCPA Employee Carve-Out

On March 25, 2019, California Assembly Member Ed Chau introduced Assembly Bill 25 (AB 25) to amend the definition of “consumer” under the California Consumer Privacy Act of 2018 (CCPA) set to take effect on January 1, 2020....more

4/26/2019 / California Consumer Privacy Act (CCPA) , Carve Out Provisions , Consumer Privacy Rights , Data Collection , Data Privacy , Data Protection , Employee Privacy Rights , Legislative Agendas , Personal Data , Personally Identifiable Information , Privacy Laws , Proposed Legislation

Criminal Record Checks Under the GDPR: An Employer’s Guide.

Does the General Data Protection Regulation (GDPR) allow employers to undertake routine criminal record checks on staff? As with many things GDPR, the answer is more complicated than one would expect....more

12/20/2018 / Corporate Counsel , Criminal Background Checks , Employment Discrimination , General Data Protection Regulation (GDPR) , Hiring & Firing , Job Applicants , Member State , Personal Data , Screening Procedures , UK , Vetting

New Guidelines on GDPR’s Territorial Scope

The European Data Protection Board (“EDPB”) recently released Guidelines 3/2018 on the territorial scope of the GDPR (Article 3). ...more

11/28/2018 / Cybersecurity , Data Protection , EU , European Data Protection Board (EDPB) , General Data Protection Regulation (GDPR) , International Data Transfers , New Guidance , Personal Data , Popular , Public Comment , Regulatory Oversight , Regulatory Requirements

Elizabeth Harding

Polsinelli

Popular Topics by This Author

Latest Publications