Artificial intelligence continues to remain a focus in 2021, as we predicted at the start of the year. From the FTC, to the EU, to others, regulators of all kinds are paying attention to companies’ use of these tools. In the...more
4/6/2021
/ Artificial Intelligence ,
Business Strategies ,
Cybersecurity ,
Data Privacy ,
Data Security ,
FDIC ,
Federal Trade Commission (FTC) ,
Government Agencies ,
Popular ,
Public Comment ,
Regulatory Requirements
To round out this series on right-sizing a privacy program, our last stop is thinking about the impact of working with third parties. There are many legal requirements to assess and/or to address in third party contracts when...more
1/29/2021
/ Business Development ,
California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Standard Contractual Clauses ,
Strategic Planning ,
Third-Party
An effective privacy program takes into account legal requirements and litigation risk. While this series advocates for starting with strategy and designing a customized approach, this does not mean that legal obligations and...more
One of the biggest difficulties companies may face for effective privacy program implementation arises if they neglect strategy and focus only on the law. Namely, developing policies and procedures that mention legal...more
As we reach the end of January 2021, it is becoming increasingly clear that this will be a busy year in the areas of privacy and data security. Following up on our posts discussing some of the important trends from last year,...more
The HHS Office for Civil Rights released, at the end of last year, findings from audits it conducted in 2016 and 2017 of 166 covered entities and 41 business associates. The report represents the periodic audit that the...more
Apple has launched, in connection with other privacy changes in iOS 14, a requirement for privacy “nutrition labels.” The labels are required for new and existing apps, and are in addition to the existing requirement of...more
12/1/2020
/ Apple ,
Cell Phones ,
Data Collection ,
Data Privacy ,
Disclosure Requirements ,
iPhone Tracking ,
Mobile Apps ,
Mobile Devices ,
Nutrition Facts Labels ,
Privacy Policy ,
Questionnaires ,
Third-Party ,
UDAAP
One of the methods US and EU companies rely on most frequently for the transfer of personal data from the EU to the US are standard contractual clauses. For the method to be acceptable as a valid basis for transfer of...more
12/1/2020
/ Consumer Privacy Rights ,
Data Privacy ,
Data Transfers ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Personal Information ,
Privacy Laws ,
SCC ,
Standard Contractual Clauses
By ballot initiative, California residents recently approved Proposition 24, or the California Privacy Rights Act (CPRA), with approximately 56 percent voting in favor. CPRA significantly amends the CCPA by expanding...more
By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would...more
In a much anticipated ruling, this month the Swiss Data Protection Authority concluded that the EU-US Swiss Privacy Shield was no longer an adequate method for transferring personal information from Switzerland to the US. In...more
On June 1, 2020, the California AG submitted the final text of the proposed CCPA regulations to the Office of Administrative Law (OAL). There were no changes to the final text from the last version released in March, which we...more
On March 11, 2020, the second set of modifications (or the third version) of the CCPA draft regulations were released. While the number of substantive changes dwindled in this version, there are a number of drafting...more
Many organizations are currently focused on updating their privacy policy to include content required by CCPA. While making those edits, now is a good time to take a step back and think more broadly about privacy program and...more
The Network Advertising Initiative, which provides guidance to advertisers who engage in personalized advertising, updated its Code of Conduct (2020 Code) earlier this year to address, inter alia, data collected offline and...more
The EU Commission concluded its third annual review of the EU-U.S. Privacy Shield and found that it continues to provide an adequate level of protection for EU personal data. The program was created as a mechanism to...more
The FTC recently settled with Infotrax Systems, L.C. a technology company providing software to the direct sales industry. The settlement followed a breach suffered by the company, and involved allegations the company had...more
11/21/2019
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Settlement ,
Software Developers ,
Technology Sector
The California attorney general has released draft regulations for CCPA, giving companies further guidance on a variety of topics. The regulations are in draft, and comments are due to the attorney general’s office by...more
One of the CCPA amendments that has gone to the governor’s desk is AB 1564, which addresses the methods companies must make available to consumers to exercise their rights under CCPA. Businesses which operate exclusively...more
10/4/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Subjects Rights ,
Email ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Amendments ,
Toll-Free Numbers ,
Websites
Under GDPR, companies are required to keep certain records of their processing activities. There has been some question about the types of records controllers should keep. To help clarify the questions arising from many...more
9/30/2019
/ CNIL ,
Cybersecurity ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
New Guidance ,
Personal Data ,
Recordkeeping Requirements
Effective October 1, 2019, organizations providing health insurance and related services must notify the Maryland Insurance Administration as part of its breach notification requirements.
In August 2019, the Maryland...more
One of the amendments we’ve been watching over the past months is one that impacts rights of employees -both the company’s and other company’s employees. Under AB25, which passed the California Senate and is now awaiting...more
As we recently reported, New York’s new SHIELD Act contains data security provisions. It also contains a number of key changes to New York’s existing breach notification obligations. These changes will become effective...more
New York recently passed the SHIELD Act, which, among other things, newly establishes data security requirements for companies that collect private information about New York residents. The data security protections required...more
8/27/2019
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
New Legislation ,
Personally Identifiable Information ,
Policies and Procedures ,
Security Risk Assessments ,
SHIELD Act ,
State Data Breach Notification Statutes
Global corporations will soon have another privacy law acronym to address. In one year (August 2020), Brazil will join the fray with its own general privacy law, the Lei Geral de Proteção de Dados Pessaoais (General Data...more
8/21/2019
/ Brazil ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Data Subjects Rights ,
New Legislation ,
Personally Identifiable Information ,
Privacy Laws