As drafted the new measures specify security assessment and contract requirements but leave ample room for Chinese authorities to heavily restrict cross-border data transfers.
At the end of October, China’s top privacy...more
The updated rule also includes new exemptions, expands the definition of “financial institution,” and creates new accountability requirements.
On October 27th the Federal Trade Commission (“FTC”) adopted and published...more
11/11/2021
/ Customer Information ,
Cybersecurity ,
Data Security ,
Equifax ,
Exemptions ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Personally Identifiable Information ,
Regulatory Requirements ,
Safeguards Rule
Contracts entered into prior to Sept. 27 will need to be amended to adopt the new standard contractual clauses by Dec. 27, 2022.
As of Sept. 27, entities entering new contracts that are subject to the General Data...more
Interested parties have until November 8 to submit comments on proposed topics of CPRA rulemaking including new automated decisionmaking, risk assessments, new consumer rights, and sensitive personal information.
On...more
10/13/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Comment Period ,
Corporate Counsel ,
Opt-Outs ,
Personal Information ,
Right to Delete ,
Right-To-Access ,
Rulemaking Process ,
Sensitive Personal Information ,
State Privacy Laws
Bill 64 largely tracks with already existing privacy regulations in other jurisdictions and will take effect over the course of the next three years, with some provisions taking effect in September 2022.
On September 21...more
10/1/2021
/ Canada ,
Consent ,
Data Privacy ,
Data Protection ,
Data Protection Officers (DPOs) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Notice Requirements ,
Personal Information ,
PIPEDA ,
Policies and Procedures ,
Privacy Laws ,
Private Right of Action
As the collection and use of health data drastically expands, the agency issued a recent guidance to officially put health apps and connected medical devices “on notice.”
On September 15, the Federal Trade Commission...more
9/30/2021
/ App Developers ,
Breach Notification Rule ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Enforcement Authority ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Devices ,
Mobile Health Apps ,
PHI ,
Policy Statement ,
Risk Assessment
The law will take effect on November 1, 2021 giving companies under two months to ensure their privacy policies and systems comply.
On August 20, the Standing Committee of the 13th National People’s Congress of China...more
Legislation was introduced this week that, if passed, would create the Ohio Personal Privacy Act.
HB 376, initiated by Lt. Governor Jon Husted, was introduced this week by Representative Rick Carfagna (R- Westerville) and...more
The European Commission’s long-awaited updates to the Standard Contractual Clauses (“SCCs”) have arrived. Data protection lawyers globally have eagerly anticipated these changes, which are necessary to address a legal...more
6/15/2021
/ Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK