Cristina Messerschmidt, Author at Connect On Tech

In Data Privacy

Florida Makes Moves on Privacy Legislation

February 23, 2021 by Brian Hengesbaugh, Michael Egan, Harry Valetk, Cristina Messerschmidt, Gary Hunt and Dominic Panakal 6 Mins Read

Florida’s governor, Ron DeSantis, and the speaker of the state’s house of representatives, Chris Sprowls, each recently highlighted proposed new privacy legislation in Florida that resembles the California Consumer Privacy Act (CCPA). This has landscape-changing potential, as House Bill 969 is the first CCPA-like proposal endorsed by a Republican governor. The bill the governor and speaker lauded was filed on February 15th, and if passed would become effective on January 1, 2022. Application/Exceptions House Bill…

In Data Privacy

New York’s ‘Sister Bill’ to the CCPA

February 5, 2021 by Brian Hengesbaugh, Teresa Michaud, Cristina Messerschmidt, Sara Pitt, Gary Hunt and Dominic Panakal 3 Mins Read

The Empire State is making waves in the world of privacy with the introduction of its own version of the now infamous California Consumer Privacy Act (CCPA). SB 567, which was introduced on January 6, 2021, is New York’s attempt to introduce new consumer rights with respect to personal information, as well as regulate the sale of consumer personal information to third parties. Notably, the Bill also introduces a private right of action for consumers…

In Data Privacy

EDPB Publishes Guidelines on Examples Regarding Data Breach Notification

February 4, 2021 by Brian Hengesbaugh, Cristina Messerschmidt, Michael Egan, Harry Valetk, Dominic Panakal, Julia Kaufmann, Francesca Gaudino, Paul Glass, Elisabeth Dehareng and Gary Hunt 4 Mins Read

The European Data Protection Board (EDPB) recently published the draft Guidelines on Examples Regarding Data Breach Notification, a document that encompasses eighteen examples of data security incidents, on a spectrum of risk and necessary mitigating measures. Each example concludes with recommended actions based on the identified risks, mainly: recording the incident in the organization’s internal register, notifying the organization’s supervisory authority, and notifying affected individuals. The Guidelines are currently open for public consultation. The Guidelines…

In Data Privacy

Protecting Privilege over Forensic Incident Reports in Data Breach Cases

February 2, 2021 by Brian Hengesbaugh, Michael Egan, Brian Whisler, Cristina Messerschmidt and Dominic Panakal 6 Mins Read

Adding to an emerging trend of federal cases addressing privilege in the context of forensic reports, the DC District Court ruled last month that forensic reports created in response to a cybersecurity incident were not subject to attorney-client privilege nor attorney work product protection because the reports were created in the ordinary course of business. This decision has significant implications for organizations preparing to respond to cybersecurity incidents and continues a pattern of increased scrutiny…

In California Privacy Law

The California Privacy Rights Act: High-Level Comparison to the CCPA

January 5, 2021 by Brian Hengesbaugh, Michael Egan, Harry Valetk, Cristina Messerschmidt, Jonathan Tam, Lothar Determann and Helena Engfeldt 4 Mins Read

In the privacy world, there is no rest for the weary. In California, while most companies were just getting their programs running to address the California Consumer Privacy Act (“CCPA”), including some last minute changes to address the final version of the regulations issued in late fall 2020, the California Privacy Rights Act (“CPRA”) was officially certified on December 16, 2020 following voter approval in another privacy referendum in the November 2020 elections. CPRA sharpens…

In Data Privacy

Impact of Invalidation of US-EU Privacy Shield on Share-Based Incentive Programs

August 18, 2020 by Lothar Determann, Cristina Messerschmidt, Nicole Calabro and Barbara Klementz 1 Min Read

On 16 July 2020, the European Court of Justice (“ECJ”) ruled that the EU Commission’s 2016 decision regarding the adequacy of data protection in the United States and the EU-US Privacy Shield (“Privacy Shield”)* are invalid. As a result, companies in the EU and United States relying on the Privacy Shield program are scrambling to determine the impact on their operations. Many US companies grant share-based awards to employees of their subsidiaries in the EU…

In California Privacy Law

CPRA Set for November Ballot

June 25, 2020 by Brian Hengesbaugh, Michael Egan, Amy de La Lama, Harry Valetk, Cristina Messerschmidt, Brandon Moseberry and Lothar Determann 3 Mins Read

For those privacy buffs following the status of the California Privacy Rights Act ballot initiative (CPRA), today is the much-anticipated deadline to officially decide whether the CPRA will qualify for the Fall 2020 ballot in November. The final answer? Yes, it will. Background CPRA (which was introduced by the Californians for Consumer Privacy in January 2020) is a ballot initiative that would both expand the scope of the existing California Consumer Privacy Act (CCPA) and…

In California Privacy Law

California Attorney General Submits CCPA Proposed Regulations for Expedited Review

June 3, 2020 by Brian Hengesbaugh, Brandon Moseberry, Harry Valetk, Amy de La Lama, Michael Egan, Lothar Determann, Cristina Messerschmidt and Gary Hunt 1 Min Read

On June 1, 2020, in a surprise, last-minute filing, the office of the California Attorney General submitted the final CCPA final California Consumer Privacy Act (CCPA) proposed regulations to the California Office of Administrative Law (OAL). What does this mean for businesses subject to the CCPA? Under normal circumstances, the OAL would have 30 days to review the proposed regulations for procedural compliance with California’s Administrative Procedure Act; however due to the COVID-19 pandemic, this timeframe…

In Data Privacy

OCR Issues Notification of Enforcement Discretion for Business Associate Disclosures

April 20, 2020 by Amy de La Lama, Brian Hengesbaugh and Cristina Messerschmidt 3 Mins Read

Further to our March 25th update and the guidance issued by the Office of Civil Rights (OCR) in late March, OCR has issued an additional Notification of Enforcement Discretion, allowing for enforcement discretion regarding additional uses and disclosures of protected health information (PHI) for public health and health oversight activities during the COVID-19 pandemic. Under the Health Insurance Portability and Accountability Act (HIPAA)’s Privacy Rule, business associates are generally only permitted to use and disclose…

In Data Privacy

Telehealth Services in the COVID-19 Pandemic: OCR Issues Instructive Guidelines Regarding HIPAA Enforcement

March 25, 2020 by Brian Hengesbaugh, Amy de La Lama and Cristina Messerschmidt 4 Mins Read

In response to the COVID-19 global pandemic, on March 17, 2020, the Office of Civil Rights (OCR) at the US Department of Health and Human Services (HHS), the agency charged with enforcing the Health Insurance Portability and Accountability Act of 1996 (HIPAA), issued the Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency (“Guidance”). On March 20, OCR issued supplemental guidance on provision of telehealth services in the form…