Author

Brian Hengesbaugh

Browsing

Harry Valetk, a partner in our New York office, joins Brian Hengesbaugh to discuss the global privacy issues surrounding COVID-19 vaccinations. Tune in to hear: the immediate privacy issues to consider in regards to the vaccinewhether a privacy impact assessment is warrantedthe privacy perspective on employers mandating vaccination. https://open.spotify.com/episode/3WevOBKvsQ8pIb9aZMz0F2?si=nyOjalKeS7qLmn0MWdg3Aw

In the privacy world, there is no rest for the weary. In California, while most companies were just getting their programs running to address the California Consumer Privacy Act (“CCPA”), including some last minute changes to address the final version of the regulations issued in late fall 2020, the California Privacy Rights Act (“CPRA”) was officially certified on December 16, 2020 following voter approval in another privacy referendum in the November 2020 elections. CPRA sharpens…

Disruptive cyber-attacks aimed at supply chains are on the rise, as the recent SolarWinds security breach has so prominently brought to light. While your immediate IT infrastructure may not have been directly impacted by that breach, now may be a good time to check-in with you key service providers. If they host or in any way process digital assets on your behalf, there is reason for concern in light of the devastating SolarWinds security breach.…

Brian Hengesbaugh is joined by Jessica Nall, partner in Baker McKenzie’s San Francisco/Palo Alto office. Jessica and Brian discuss the series of cybersecurity incidents former giant Yahoo experienced in 2013 and 2014, and Jessica’s lessons learned as a lead attorney representing individuals in those cases in the following government investigations in 2016. Listen in to hear: What went wrong in the case, and why those failures remain relevant todayHow companies can avoid becoming a target…

Based on preliminary election results, Californians voted to enact the California Privacy Rights Act (“CPRA”), expanding and revising the California Consumer Privacy Act of 2018 (“CCPA”) effective January 1, 2023 with a one-year look-back to January 1, 2022 for some provisions. Companies around the world with business ties to California should start updating vendor contracts and prepare for new requirements under the statute and revised regulations to be issued by a new California Privacy Protection…

Partners Brian Hengesbaugh and Harry Valetk hosted Practising Law Institute’s Global Data Protection Boot Camp 2020. The program – now in its fifth year – brings together individuals charged with formulating their organization’s global privacy compliance strategy. Harry Valetk chaired the 4-hour* program, which has been designed to help privacy practitioners within every organization – legal, compliance, IT security, and audit –obtain practical information and gain insights into key substantive and procedural compliance recommendations in relation…

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued an advisory to alert companies about potential sanctions risks when making payments in response to ransomware attacks. The advisory is in response to the demand for ransomware payments during the COVID-19 pandemic as cyber criminals have severely debilitated systems that merchants rely on to continue to conduct business. A Threat to National Security Ransomware is a form of malicious software designed…

In response to the July 16, 2020 Schrems II ruling from the European Court of Justice, the US Department of Commerce has issued a formal “Standard Contractual Clauses” White Paper to help organizations assess whether their transfers offer appropriate data protection in accordance with the ECJ’s ruling outlining the robust limits and safeguards in the United States for government access to data. Government data access safeguards post-Schrems II Following the Schrems II ruling, organizations that…

The Court of Justice of the EU issued its judgment in Data Protection Commissioner v Facebook Ireland Limited, Maximilian Schrems on 16 July 2020. This decision has implications on the wider issue of regulation of international data transfers and, by extension, the tech industry. Our panel of experts, consisting of Lothar Determann, Elisabeth Dehareng and Brian Hengesbaugh, examines the intricacies of the ruling and what it means for the TMT sector. https://open.spotify.com/episode/79SqOrfWy9fICVqHE7myVx

It’s difficult to believe that it has only been a short time since the Court of Justice of the European Union invalidated the European Commission adequacy finding for the EU-U.S. Privacy Shield on July 16, 2020. So much has changed. In this final note in the series, we provide seven predictions for the road ahead with “Schrems II” and global data transfers. Some of these may be more controversial than others, but here goes: 1.…