On November 22, 2024, the California Privacy Protection Agency (CPPA) formally proposed new regulations implementing the California Consumer Privacy Act (CCPA). Although the CCPA itself and previous CCPA regulations largely...more
In its most recent step to combat cybersecurity risks to employee benefit plans, the U.S. Department of Labor (DOL) clarified on September 6, 2024, that its guidance on cybersecurity applies to health and welfare plans as...more
11/13/2024
/ Benefit Plan Sponsors ,
Compensation & Benefits ,
Cybersecurity ,
Data Protection ,
Department of Labor (DOL) ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Fiduciary Duty ,
Personal Data ,
Retirement Plan Providers ,
Risk Management
Employers had a big win in late June 2023 when a trial court in Sacramento enjoined until March 29, 2024, enforcement of the final regulations under the California Privacy Rights Act (CPRA), the only one of 14 recently...more
2/21/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cooperative Compliance Regime ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Employer Liability Issues ,
Information Governance ,
Personal Data ,
Popular ,
Regulatory Requirements
With the governor’s signing of New Jersey’s privacy law on January 16, 2024, New Jersey became the 14th U.S. state to pass a comprehensive data protection law. This accelerating legislative trend may have employment counsel...more
Multinationals with employees in the People’s Republic of China (PRC) continue to confront a November 30 deadline to implement China’s new cross-border data transfer mechanism—the Standard Contract. This implementation...more
U.S.-based multinationals with employees in the People’s Republic of China (PRC) are confronting a November 30 deadline to implement China’s new cross-border data transfer mechanism—the Standard Contract. This implementation...more
9/25/2023
/ China ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Employer Liability Issues ,
International Data Transfers ,
Multinationals ,
Personal Information Protection Law (PIPL) ,
Personally Identifiable Information ,
Popular
This is the second in a series of articles about the implications of the California Privacy Rights Act for employers. -
The California Privacy Rights Act (“CPRA”), which goes into effect on January 1, 2023, grants six new...more
9/7/2021
/ California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Selling ,
Data-Sharing ,
Human Resources Professionals ,
Information Governance ,
Opt-Outs ,
Personal Data ,
Regulatory Standards
At long last, the European Commission, on June 4, 2021, adopted new Standard Contractual Clauses (“new SCCs”) to permit lawful transfers of personal data from the European Union (EU) to third countries such as the United...more
Less than a year after the California Consumer Privacy Act (CCPA) went into effect, California’s electorate approved a ballot measure that will substantially expand the privacy obligations the CCPA imposes on employers. On...more
11/6/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data-Sharing ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government
California’s governor may soon sign into law a one-year delay of the California Consumer Privacy Act’s (CCPA) full application to human resources data. On August 28, 2020, California’s legislature passed A.B. 1281, which...more
9/4/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
CPREA ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Exemptions ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government
The Court of Justice of the European Union (“CJEU”), on July 16, 2020, invalidated the European Union-U.S. Privacy Shield Framework (“Privacy Shield”), which more than 5,300 U.S. organizations had relied on to lawfully...more
7/21/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses