Amy de La Lama, Author at Connect On Tech

In California Privacy Law

Revised CCPA Draft Implementing Regulations: What’s New for Businesses?

February 18, 2020 by Brian Hengesbaugh, Harry Valetk, Amy de La Lama, Michael Egan, Mike Stoker, Brandon Moseberry, Gary Hunt, Lothar Determann and Vincent Schroder 6 Mins Read

On February 7, 2020, the California Attorney General released its revised draft implementing regulations for the California Consumer Privacy Act. The revised regulations are not yet final. The California AG will accept written comments regarding the updated regulations until 5:00 pm (PST) on Tuesday, February 25, 2020. The following is a high-level overview of the key new requirements under the updated regulations that are important for businesses to consider in connection with their CCPA compliance…

In California Privacy Law

Data Breach Notification Developments in California, Illinois, Oregon and Texas

February 11, 2020 by Amy de La Lama and Sankalp Kandaswamy 5 Mins Read

Along with changes brought by the CCPA, companies should be aware of other important privacy developments that went into effect in early 2020. Notable changes to data breach notification laws in California, Illinois, Oregon, and Texas promise to have a significant impact on businesses experiencing security incidents and signal a movement towards stricter and more demanding requirements in this space. California Amends Definition of Personal Information for Breach Notification The definition of personal information…

In Data Privacy

Privacy is Coming: Preparing for the Storm of Privacy Bills Looming in 2020

February 10, 2020 by Amy de La Lama, Brian Hengesbaugh and Cristina Messerschmidt 5 Mins Read

With the world’s attention on the California Consumer Privacy Act (CCPA), it’s easy to overlook the privacy storm that is brewing throughout the rest of the country. As of February 10th, eleven other states (in addition to California and Nevada) have either released new or revived old data privacy and protection bills that did not pass during last year’s legislative sessions. Although the status of the majority of these bills is uncertain – as many…

In Data Privacy

Data Protection Commissioner v Facebook Ireland (Schrems II): Advocate general’s opinion signals legal changes to standard contractual clauses

December 19, 2019 by Brian Hengesbaugh, Wouter Seinen, Francesca Gaudino, Harry Small, Elisabeth Dehareng, Andre Walter, Michael Egan, Amy de La Lama and Lothar Determann 4 Mins Read

The European Union’s highest court, the Court of Justice of the European Union (CJEU), is evaluating the legitimacy of the EU standard contractual clauses (SCC). SCCs have been the bedrock of cross-border personal data transfers outside the EU for many years. Today, the advocate general (a.g.) has rendered an opinion on the Schrems II case. By way of brief background, Schrems II is a case before the Court of Justice of the European Union (CJEU)…

In Data Privacy

Navigating Disclosures and Sales of Personal Information under the CCPA

September 3, 2019 by Amy de La Lama and Brian Hengesbaugh 7 Mins Read

The requirements of the California Consumer Privacy Act enter into force 1 January 2020, and impose an array of requirements on companies that are subject to the law. Among them are obligations related to the sharing of “personal information” [Section 1798.140(o)] that obligate businesses to push down contractual limitations on service providers and other recipients of personal information and to offer California “consumers” [Section 1798.140(g)] the right to opt out of disclosures that qualify as…

In California Privacy Law

US State Omnibus Privacy Laws – a primer

July 5, 2019 by Amy de La Lama and Brian Hengesbaugh 2 Mins Read

In 2018, California enacted the California Consumer Privacy Act (“CCPA”), the first state-level “omnibus” privacy law, which imposes broad obligations on businesses to provide state residents with transparency and control of their personal data. This year, Maine and Nevada have followed suit and passed legislation focused on consumer privacy, and Pennsylvania has a consumer privacy bill currently under legislative review. Other states in which US companies do business saw similar legislation, such as Hawaii, Illinois,…

In California Privacy Law

CCPA – It’s Time to Get Started

June 26, 2019 by Amy de La Lama, Michael Egan and Brian Hengesbaugh 5 Mins Read

The best time to plant a tree was 20 years ago. The second best time is now. – Chinese ProverbIn fewer than 6 months, the requirements of the California Consumer Privacy Act (“CCPA”) come into operation. With no sign that CCPA’s obligations will be materially watered down or preempted by federal legislation, companies that have not started preparing for CCPA need to do so as quickly as possible in order to meet the January 1,…

In Privacy Shield

Portuguese DPA Statement On Transatlantic Data Transfers

November 14, 2015 by Amy de La Lama 3 Mins Read

On 23 October 2015, the Portuguese Data Protection Authority (the “CNPD”) issued a statement (available in Portuguese only) outlining its position on transfers of personal data to the U.S. following the Schrems judgement. Businesses that are subject to Portuguese data protection law and engage in transatlantic data transfers would be prudent to assess and adapt those data transfers in light of the statement.What Does The CNPD Say?The CNPD makes the following key statements:Data flows under…