A Less is More Strategy for Data Risk Mitigation
Data Retention and Document Holds
Healthcare Document Retention
The NYDFS Updates Its Stringent Cybersecurity Regulations. Is This a Bellwether of Coming Industry Change? - The Consumer Finance Podcast
Spring Cleaning for Legal Teams: The Cloud and Defensible Deletion of Data
M365 in 5 – Part 7: Teams Audio/Video (A/V) Conferencing
M365 in 5 – Part 6: Teams Channels – The virtual collaboration workspace
M365 in 5 – Part 5: Teams Chats – Modern communications
M365 in 5 – Part 4: Teams – An introduction to collaboration
M365 in 5 – Part 3: OneDrive for Business – Protected personal collaboration
M365 in 5 – Part 2: SharePoint Online – The new file-share environment
M365 in 5 – Part 1: Exchange Online – Not just a mailbox
Sitting with the C-Suite: Information Governance and eDiscovery - Key Compliance Issues for In-House Counsel
Sitting with the C-Suite: Trial Teams – Narrowing Data through Centric Search
Sitting with the C-Suite: Normalizing Business Practices through Litigation Data
Compliance Perspectives: Regulatory Conflicts in Data Privacy Laws
Jones Day Presents: Effect of GDPR, CCPA, and FTC on Blockchains
[WEBINAR] Public Records Act - Taming the Email Tiger
E14: The Three Pillars of GDPR
Three Key Data Retention Questions
As of January 1, 2025, the Israeli Privacy Protection Regulations (Instructions for data being transferred to Israel from the European Economic Area) will also apply to data being stored or processed in Israel or in other...more
The Federal Trade Commission (FTC) announced two significant enforcement actions last week – one against data broker Mobilewalla, Inc. and the other against data analytics provider Gravy Analytics, Inc. (and its subsidiary...more
Introduction - As a federal state with law-making powers shared between federal and provincial/territorial governments, Canada has both federal and provincial/territorial privacy laws that govern the private and public...more
In Argentina, data protection is governed by comprehensive legislation aimed at safeguarding individuals' personal data. Below you will find an outline of the key aspects including governing legislation, exploring their scope...more
On December 20, 2023, the Federal Trade Commission (FTC) published its Notice of Proposed Rulemaking to update the Children's Online Privacy Protection Act (COPPA), the latest step in a process that started in 2019 with an...more
In joined Cases C‑26/22 and C‑64/22, related to the German Credit Reference Agency Schufa (see A&O blog on the automated decision making case), the CJEU considered the retention of personal data regarding individuals who had...more
On September 12, 2023, Delaware became the 13th state to adopt a consumer data privacy act, joining Florida, another state to recently adopt consumer privacy laws, and others in providing resident consumers with rights...more
On 4 May 2023, the European Court of Justice (CJEU) delivered its highly anticipated judgement in Österreichische Post (Case C-300/21) on a crucial issue: the extent to which data subjects affected by a breach of the GDPR...more
...Just when we were getting used to the idea of the California Consumer Privacy Act (CCPA), a new law was passed in November 2020, which will supercede it. Fortunately, there is time to prepare since the California Privacy...more
A majority of California voters approved the California Privacy Rights Act of 2020 (CPRA) on November 3. The CPRA expands provisions of the California Consumer Privacy Act (CCPA), creates new consumer privacy rights,...more
United Kingdom, French and Belgian national security laws (and such laws of other EU Member States) fell under the scrutiny of the Court of Justice of the European Union (CJEU), which on October 6, 2020, ruled on whether such...more
What Happened? On October 1, 2020, the Hamburg Data Protection Commissioner (“Hamburg DPA”) fined clothing retailer H&M 37.8 million dollars (EURO 35.2 million) for several violations of the GDPR....more
Every organization needs to develop an effective data retention policy to gain visibility and control over its information. But given the increasing complexity of today’s data systems and the constantly evolving regulatory...more
Everyone has been talking about the California Consumer Privacy Act (CCPA) lately, namely because the 2018 law became enforceable as of July 1, 2020. This law provides California consumers with a number of privacy-related...more
BIPA (Biometric Information Privacy Act) was first introduced by Illinois in 2008 and requires informed consent of the collection of biometric data prior to collection, prohibits companies from profiting from biometric data,...more
As businesses have scrambled to obtain compliance with the California Consumer Privacy Act (CCPA) in recent months, questions surrounding its constitutionality have arisen. As a broad, sometimes unclear state law that imposes...more
The Lithuanian data protection inspectorate issued a 61,500 EUR fine against a payment services provider for violations of the data minimization, adequate security measures and data breach reporting requirements of GDPR....more
In this month's edition of our Privacy & Cybersecurity Update, we examine Brazil's new data protection regulation, the French data protection authority's warning to two companies of potential GDPR violations and the U.S....more
This article is Part 4 of our series on the GDPR for U.S.-based companies. Part 1 assisted U.S.-based companies in determining whether the GDPR applies to them; Part 2 provided an overview of the GDPR’s key concepts and...more
This issue of Privacy Matters examines the flow of personal data. Creating a data map is a quick way to identify, understand and record what happens to any personal data you have. Data maps should be kept on file and should...more
Today, the Spanish data protection agency (AEPD) fined Facebook 1.2 million euros ($1.4 million USD) in connection with how the company collects personal data for advertising purposes. The AEPD said Facebook did not get...more
We’ve written extensively about the numerous lawsuits, dismissals and settlements surrounding the Illinois Biometric Information Privacy Act (BIPA). The statute, generally speaking, prohibits an entity from collecting,...more
Data minimization can be a powerful – and seemingly simple – data security measure. The term refers to retaining the least amount of personal information necessary in order for an organization to function. Less information...more