Author

Brian Hengesbaugh

Browsing

The Supreme Court of the United States has addressed a contentious split among federal circuit courts of appeals on the definition of “autodialer” under the Telephone Consumer Protection Act (TCPA) with a decision that should greatly reduce the amount of TCPA litigation in the US. The TCPA prohibits any person from placing phone calls (including text messages) to a wireless number using an “autodialer,” among other things, without the recipient’s prior express consent (or, for…

Partners Peter Chan and Valerie Mirko join Brian Hengesbaugh to discuss the SEC and cybersecurity, leveraging their own experiences with the agency to give an overview of the past, present and future. Listen to learn about: The evolution of the SEC’s focus on cybersecurity, particularly with regard to financial institutionsAn insider’s take on what may trigger SEC investigationWhat’s in store with the Biden administration and how companies should prepare https://open.spotify.com/episode/5Z4nHbjxtrntljyEBMRRqF?si=J3ucfdTRQF6lArxRf540FA Related Resources: SEC Announces 2021…

*Article originally posted on IAPP.org* We are all hopeful the U.S. government can reach an agreement with the European Commission and other EU authorities on a so-called “Privacy Shield 2.0” in the near term. Such an updated arrangement is essential to provide certainty to trans-Atlantic business and assure a high level of protection for personal data transfers. But what’s next? Over recent years, we have witnessed the Court of Justice of the European Union invalidate…

In the wake of “Schrems II,” the future of data transfers is on shaky ground. True, the Biden administration has demonstrated that it is taking trans-Atlantic data flows seriously after appointing Christopher Hoff, CIPP/E, CIPP/US, CIPM, in January, not long after Joe Biden was inaugurated. And though both the US Department of Commerce and European Commission are working together in earnest, short of changing its national security laws, what else can be done to prevent another…

The roller coaster of comprehensive state data privacy laws continues in earnest.  California has now double dipped: first with the California Consumer Privacy Act (CCPA) and second with the California Privacy Rights Act (CPRA).  With all eyes on New York, Washington State, and other potential early movers for more state legislation, Virginia has surprised the nation by coming out very quickly with its own version of comprehensive privacy law, which Governor Ralph Northam signed into…

Florida’s governor, Ron DeSantis, and the speaker of the state’s house of representatives, Chris Sprowls, each recently highlighted proposed new privacy legislation in Florida that resembles the California Consumer Privacy Act (CCPA). This has landscape-changing potential, as House Bill 969 is the first CCPA-like proposal endorsed by a Republican governor. The bill the governor and speaker lauded was filed on February 15th, and if passed would become effective on January 1, 2022. Application/Exceptions House Bill…

Bradford Newman joins Brian Hengesbaugh to cover the latest in the use of artificial intelligence in hiring and recruiting. Listen to hear: how the use of AI in hiring and recruiting can open companies up to new liabilitieswhat the December 8th letter to the EEOC on AI hiring tools reveals about potential scrutiny of these tools under the Biden administrationBrad’s suggestions for companies using or considering using AI-powered hiring tools https://open.spotify.com/episode/5Zf6CrTGQlNkbGqu8Ueqpo?si=umGbTj_2TeuQl705QJrsJg For more AI topics,…

The Empire State is making waves in the world of privacy with the introduction of its own version of the now infamous California Consumer Privacy Act (CCPA).  SB 567, which was introduced on January 6, 2021, is New York’s attempt to introduce new consumer rights with respect to personal information, as well as regulate the sale of consumer personal information to third parties.  Notably, the Bill also introduces a private right of action for consumers…

The European Data Protection Board (EDPB) recently published the draft Guidelines on Examples Regarding Data Breach Notification, a document that encompasses eighteen examples of data security incidents, on a spectrum of risk and necessary mitigating measures.  Each example concludes with recommended actions based on the identified risks, mainly: recording the incident in the organization’s internal register, notifying the organization’s supervisory authority, and notifying affected individuals.  The Guidelines are currently open for public consultation. The Guidelines…

Privacy professionals must answer mission-critical questions daily. Is it OK to share data with this strategic third party? Can we deploy this new marketing feature? Can we place this function in the cloud? Can we deploy this new monitoring tool into our workforce environment? Are we required to delete this data, and if so, what does this mean? Do we need to notify regulators and individuals of this event? Over the years, I’ve observed that…