Cristina Messerschmidt, Author at Connect On Tech

In California Privacy Law

United States: How to comply with CCPA while the new Agency revises Regulations

August 16, 2022 by Loic Coutelier, Lothar Determann, Helena Engfeldt, Elizabeth Gladstone, Jonathan Tam, Andrea Tovar, Vivian Tse, Tom Tysowsky, Brian Hengesbaugh, Cristina Messerschmidt, Harry Valetk, Nick Merker and Stephen Reynolds 7 Mins Read

In brief The California Privacy Rights Act of 2020 (CPRA) amended the California Consumer Privacy Act of 2018 (CCPA) with most changes taking effect on 1 January 2023 with a twelve-month look-back. Limited exceptions concerning the personal data of employees and business contacts will expire. The new California Privacy Protection Agency (CPPA) has published draft regulations that will, once finalized, expand on the rules in the statute and existing regulations from the California Attorney General. The CPPA is…

In Data Privacy

First Look: California Privacy Protection Agency Publishes Draft Regulations

June 3, 2022 by Brian Hengesbaugh, Gary Hunt, Cristina Messerschmidt and Harry Valetk 4 Mins Read

In advance of its June 8 public board meeting, the California Privacy Protection Agency (“CPPA”) has released draft regulations intended to implement and interpret new requirements under the California Privacy Rights Act (“CPRA”). In addition to codifying the new obligations under the CPRA (e.g., the right to correct, right to opt out of “sharing”), the Draft Regs include helpful illustrative examples and also provide details regarding certain new obligations, which we’ve summarized below. Key Takeaways…

In Cybersecurity

Congress Publishes “Game-Changer” Breach Reporting Law, Compliance Requirements Unclear

March 18, 2022 by Cyrus R. Vance Jr., Brian Hengesbaugh, Nick Merker, Teresa Michaud, Jessica Nall, Stephen Reynolds, Jerome Tomas, Harry Valetk, Cristina Messerschmidt and Mason Clark 6 Mins Read

After years of legislative debate, Congress passed a new law requiring key businesses to report certain data breaches—or “covered incidents”—to the government. Signed by President Biden on March 15, 2022, the law, part of the Strengthening American Cybersecurity Act, requires companies that operate critical infrastructure—financial institutions, utilities, and other organizations—to share information with the Cybersecurity and Infrastructure Security Agency (CISA) about certain cybersecurity incidents within 72 hours and ransomware payments to cyber criminals within 24…

In Data Privacy

Data Protection Day – Key developments and looking ahead to 2022

January 27, 2022 by Benjamin Slinn, Dr Michaela Nebel, Florian Tannen, Prof. Dr. Michael Schmidl, Magalie Dansac Le Clerc, Hugo Roy, Dr Lukas Feiler, Beat Koenig, Elisabeth Dehareng, Francesca Gaudino, Radoslaw Nozykowski, Nathalja Doing, Dr. Csaba Vári, Ilay Yilmaz, Can Sozer, Yigit Acar, Anne-Marie Allgrove, Liz Grimwood-Taylor, Dhiraphol Suwanprateep, Manh Hung Tran, Ken Chia, Alex Toh, Jacqueline Wong, Paolo Sbuttoni, Zhenyu Ruan, Kensaku Takase, Daisuke Tatsuno, Kellie Blyth, Arjun Patel, Theo Ling, Conrad Flaczyk, Nadia Rauf, Cristina Messerschmidt, Brian Hengesbaugh, Stephen Reynolds, Nick Merker, Harry Valetk, Michael Egan, Gary Hunt, Dominic Panakal, Alex Crowley, Justin Burgess, Daniel Villanueva-Plasencia, Carlos Vela-Trevino, Flavia Rebello, Suha Alwan and Nadine Bosshard 66 Mins Read

Friday 28 January 2022 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. To mark Data Protection Day 2022, our Global Data Privacy and Security Team have provided a roundup of key trends and developments across the globe from a data protection perspective as well as looking ahead to what to expect in 2022. There are new laws and developments to keep…

In Cybersecurity

Apache Log4j Vulnerability

December 22, 2021 by Brian Hengesbaugh, Stephen Reynolds, Dominic Panakal and Cristina Messerschmidt 4 Mins Read

A flaw in a widely used software threatens system security and makes companies vulnerable to cyber threats. The Apache Software Foundation released an advisory that Apache Log4j versions up to and including 2.14.1 has a defect that may allow threat actors to execute arbitrary code and deploy viruses including ransomware on that IT infrastructure. Entities that directly or indirectly leverage this software should act with haste to mitigate the risk of a data incident. These…

In Data Privacy

Consideration for EU Service Providers Supporting EU and Non-EU Customers

The new standard contractual clauses for data transfers to third countries (“Ex-EU SCCs”) and standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”) issued by the European Commission provide for, both, chances and challenges for EU service providers supporting EU and non-EU customers, some of which are outlined below. 1. When do the Ex-EU SCCs apply? EU service providers supporting non-EU customers might want to enter into the new Ex-EU SCCs with…

In EU GDPR

Intra-EU/EEA Standard Contractual Clauses: What you need to know

The European Commission (“EC”) recently issued a set of standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”). The Intra-EU SCCs accompany a wider set of clauses issued for extra-EU/EEA personal data transfers (“Extra-EU SCCs”), covering transfers between different types of data processing actors (processors, controllers, sub-processors etc.). Both of them were published in the Official Journal of the European Union on June 7, 2021. The clauses for intra-EU data processing arrangements…

In Data Privacy

The New European Commission Standard Contractual Clauses: What you need to know

The European Commission (“EC”) recently issued its revised standard contractual clauses for data transfers to third countries (“Ex-EU SCCs”) and a companion set of standard clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”). Both are now published in the Official Journal. The following is an introduction to the core elements of the Ex-EU SCCs and a brief overview of the Intra-EU SCCs. Legal Context The Ex-EU SCCs are a mechanism that companies can…

In Data Privacy

Virginia Signs Privacy Bill Into Law

March 4, 2021 by Brian Hengesbaugh, Adam Aft, Michael Egan, Cristina Messerschmidt, Gary Hunt, Dominic Panakal, Harry Valetk and Lothar Determann 4 Mins Read

The roller coaster of comprehensive state data privacy laws continues in earnest. California has now double dipped: first with the California Consumer Privacy Act (CCPA) and second with the California Privacy Rights Act (CPRA). With all eyes on New York, Washington State, and other potential early movers for more state legislation, Virginia has surprised the nation by coming out very quickly with its own version of comprehensive privacy law, which Governor Ralph Northam signed into…

In Data Privacy

Data Privacy at the Airport: Is it Possible to Protect Sensitive Data?

March 3, 2021 by Cristina Messerschmidt 1 Min Read

In this Mobility Minute, immigration attorney Matthew Gorman and data privacy attorney Cristina Messerschmidt team up to examine the issue of data privacy, or lack thereof, at US ports of entry, including international airports. We will review a recent court decision that appears to further minimize protections for travelers entering the United States, as well as consider what can be done to protect sensitive data, if anything, and how a potential COVID vaccination chip and…