Author

Cristina Messerschmidt

Browsing

On 16 July 2020, the European Court of Justice (“ECJ”) ruled that the EU Commission’s 2016 decision regarding the adequacy of data protection in the United States and the EU-US Privacy Shield (“Privacy Shield”)* are invalid. As a result, companies in the EU and United States relying on the Privacy Shield program are scrambling to determine the impact on their operations.  Many US companies grant share-based awards to employees of their subsidiaries in the EU…

For those privacy buffs following the status of the California Privacy Rights Act ballot initiative (CPRA), today is the much-anticipated deadline to officially decide whether the CPRA will qualify for the Fall 2020 ballot in November. The final answer? Yes, it will. Background CPRA (which was introduced by the Californians for Consumer Privacy in January 2020) is a ballot initiative that would both expand the scope of the existing California Consumer Privacy Act (CCPA) and…

On June 1, 2020, in a surprise, last-minute filing, the office of the California Attorney General submitted the final CCPA final California Consumer Privacy Act (CCPA) proposed regulations to the California Office of Administrative Law (OAL). What does this mean for businesses subject to the CCPA? Under normal circumstances, the OAL would have 30 days to review the proposed regulations for procedural compliance with California’s Administrative Procedure Act; however due to the COVID-19 pandemic, this timeframe…

Further to our March 25th update and the guidance issued by the Office of Civil Rights (OCR) in late March, OCR has issued an additional Notification of Enforcement Discretion, allowing for enforcement discretion regarding additional uses and disclosures of protected health information (PHI) for public health and health oversight activities during the COVID-19 pandemic. Under the Health Insurance Portability and Accountability Act (HIPAA)’s Privacy Rule, business associates are generally only permitted to use and disclose…

In response to the COVID-19 global pandemic, on March 17, 2020, the Office of Civil Rights (OCR) at the US Department of Health and Human Services (HHS), the agency charged with enforcing the Health Insurance Portability and Accountability Act of 1996 (HIPAA), issued the Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency (“Guidance”). On March 20, OCR issued supplemental guidance on provision of telehealth services in the form…

With the world’s attention on the California Consumer Privacy Act (CCPA), it’s easy to overlook the privacy storm that is brewing throughout the rest of the country. As of February 10th, eleven other states (in addition to California and Nevada) have either released new or revived old data privacy and protection bills that did not pass during last year’s legislative sessions. Although the status of the majority of these bills is uncertain – as many…

In recent years, South Korea has become synonymous with some of the strictest data protection laws and regulatory requirements in the region. The laws are regulated by the Korea Communications Commission (KCC), the Ministry of the Interior and Safety (MOIS), and other sector-specific supervisory authorities. Recent amendments to these three laws have resulted in stricter penalties, as well as criminal prosecution for data security breaches. Privacy Officer found guilty of criminal negligence for failing to…

For many companies, January 1, 2020 became synonymous with the operative date of the California Consumer Privacy Act. However, manufacturers of Internet-connected devices must also keep in mind legislation that was signed into law on September 28, 2018 and became operative on January 1, 2020. This new law (2018 Cal. Legis. Serv. Ch. 886 (S.B. 327) (to be codified at Cal. Civ. Code § 1798.91.04(a)) (“IoT Law”) makes California the first state to specifically regulate…

The California legislative session ended with a bang on September 13, when legislators passed several noteworthy amendments to the California Consumer Privacy Act (CCPA). The California governor has until October 13 to act on these amendments. We have outlined below the amendments that materially alter the original scope or requirements of the CCPA and that will impact CCPA compliance activities for many organizations. Limited Personnel ExemptionAssembly Bill 25, the amendment exempting personal information collected from…