The Colorado Privacy Act (CPA), effective July 1, 2023, provides expansive protections to the personal data of Colorado residents acting in an individual or household context (a “consumer”). Similar to the California Consumer...more
On December 16, 2022, the California Privacy Protection Agency (CPPA) had its final meeting before the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act takes effect on January 1, 2023....more
In June 2022, the California Privacy Protection Agency (CPPA) Board first started discussions about revising the regulations previously released by the California Attorney General....more
On October 21 and 22, the California Privacy Protection Agency (CPPA) Board will meet to discuss possible action regarding the proposed regulations for the California Consumer Privacy Act (CCPA) and California Privacy Rights...more
In July 2020, the Court of Justice of the European Union (CJEU) declared the EU-U.S. Privacy Shield invalid. The EU-U.S. Privacy Shield program was designed to provide European Economic Area (EEA) data transferred to the U.S....more
1. What’s changing?
Under the current version of the California Consumer Privacy Act (“CCPA”), an employer’s obligations related to the personal information it collects from employees, applicants, and contractors residing...more
9/28/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Do Not Sell ,
Employee Rights ,
Job Applicants ,
Notice Requirements ,
Personal Information ,
Privacy Policy
At the start of June, the California Privacy Protection Agency (CPPA), the agency tasked with implementing and enforcing the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act (CCPA), voted...more
On February 23, 2022, the EU Commission published a Proposal for a Regulation on harmonized rules on the access to and use of data as part of its strategy for making the EU a leader in the data-driven society. The “Data Act”...more
Healthcare companies continue to face increased risks of ransomware attacks on their operations. According to the recently released BD Cybersecurity Annual Report for 2021, such attacks are also increasingly sophisticated....more
2/16/2022
/ Breach Notification Rule ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
FBI ,
Healthcare Facilities ,
Incident Response Plans ,
Popular ,
Ransomware ,
Risk Assessment ,
Risk Management ,
U.S. Treasury
The Massachusetts Information Privacy and Security Act (MIPSA) continues to advance through the state legislative process, and is now before the full legislature. While the Act has several hurdles to clear before becoming...more
2/15/2022
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Data Brokers ,
Fair Credit Reporting Act (FCRA) ,
FERPA ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Information ,
Privacy Laws ,
Proposed Legislation ,
Sensitive Personal Information ,
State Attorneys General ,
Third-Party
In the last decade, organizations of varied industries and sizes have heightened their focus on diversity, equity, and inclusion (DEI) initiatives and, since 2020, DEI has become a top priority. COVID-19 pandemic realities,...more
1/28/2022
/ Anti-Discrimination Policies ,
Assessment ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Coronavirus/COVID-19 ,
Data Collection ,
Data Privacy ,
Diversity ,
Diversity and Inclusion Standards (D&I) ,
EEO-1 ,
Equal Employment Opportunity Commission (EEOC) ,
Equity ,
EU ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Popular ,
Record Retention ,
Schrems I & Schrems II
The California Consumer Privacy Act (CCPA), considered one of the most expansive U.S. privacy laws to date, went into effect on January 1, 2020. The CCPA placed significant limitations on the collection and sale of a...more
1/20/2022
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CMIA ,
Consumer Privacy Rights ,
Contractors ,
Cookies ,
Coronavirus/COVID-19 ,
Corporate Counsel ,
Covered Business ,
Data Breach ,
Data Deletion ,
Data Privacy ,
Data Protection ,
Do Not Sell ,
For-Profit Corporations ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Opt-Outs ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Record Retention ,
Sensitive Personal Information ,
Third-Party
The CCPA has reached the two-year mark. This is a good time for businesses to review the success of their compliance programs, recalibrate for the CCPA’s third year, and gear up for the CPRA’s January 1, 2023 effective...more
Earlier this month, New York Governor Kathy Hochul signed into a law a bill that will require New York private sector employers to provide written notice to employees before engaging in electronic monitoring of their...more
11/19/2021
/ Electronic Communications ,
Email ,
Employee Monitoring ,
Employee Privacy Rights ,
Employee Rights ,
Employer Liability Issues ,
Mobile Devices ,
New York ,
Notice Requirements ,
Private Right of Action ,
Written Notice
Globalization, compliance, and the growth in outsourcing have created a myriad of cross-border data transfer scenarios. These scenarios include marketing to and servicing customers, assessing global compliance with diversity...more
The EU Commission is expected to adopt the long awaited updated Standard Contractual Clauses (“SCCs”) on June 4, 2021. In the wake of the Schrems II decision invalidating the EU-U.S. Privacy Shield, the SCCs have played an...more
The SolarWinds hack highlights the critical need for organizations of all sizes to include cyber supply chain risk management as part of their information security program. It is also a reminder that privacy and security...more
5/7/2021
/ CDPA ,
Contact Tracing ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Breach ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
Risk Management ,
SolarWinds ,
Third-Party ,
Vendors
The California Privacy Protection Act (CPRA) amended the California Consumer Privacy Act (CCPA) and has an operative date of January 1, 2023. The CPRA introduces new compliance obligations including a requirement that...more
For the past several years, thousands of businesses have been hit with phishing scams during tax season. Through these social engineering scams, hackers obtain employee Forms W-2 for filing fraudulent tax returns seeking...more
In honor of Data Privacy Day, we provide the following “Top 10 for 2021.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2021...more
1/28/2021
/ Americans with Disabilities Act (ADA) ,
Artificial Intelligence ,
ATDS ,
Biometric Information ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet of Things ,
OCR ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
TCPA
The CCPA has reached the one-year mark. This is a good time for businesses to review the success of their compliance programs and recalibrate for the CCPA’s second year. Here are a few suggestions to kick off that review:...more
Record retention and records management policies are key elements for a company’s data protection program. Numerous recently enacted, or amended, data protection laws adopt data retention or storage limitation principles to...more
The California Privacy Rights Act of 2020 (CPRA) becomes operative on January 1, 2023. Among its numerous amendments and additions to the existing California Consumer Privacy Act (CCPA), the CPRA expands the definition of...more
Businesses are now prohibited from transferring employee personal data from the European Economic Area (EEA) to the U.S. under the EU-U.S. Privacy Shield program. The Court of Justice of the European Union (CJEU) declared the...more
7/28/2020
/ BCRs ,
Cloud Service Providers (CSPs) ,
Court of Justice of the European Union (CJEU) ,
Data Protection ,
Employee Privacy Rights ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
SCC ,
US-EU Safe Harbor Framework
The EU-U.S. Privacy Shield program is invalid, the Court of Justice of the European Union (CJEU) declared on July 16, 2020, in the matter of Data Protection Commissioner v. Facebook Ireland and Schrems (C-311/18) (Schrems...more