Author

Harry Valetk

Browsing

On Wednesday, October 6, 2021, Baker McKenzie partners Harry Valetk and Brian Hengesbaugh, Global Chair of the Firm’s Data Privacy & Security Business Unit, presented at the Global Data Protection Boot Camp 2021 hosted by the Practising Law Institute. The boot camp boasted an impressive line-up of data privacy experts from both government and industry to share practical insights. The half-day program was comprised of the following four segments: Introduction and Legislative Developments in Data Protection LawsNuts and Bolts…

In this episode of TMT Talk, Harry Valetk, is joined by Tiago Zapater, a litigation partner at Trench Rossi Watanabe in Brazil, to discuss the monetization challenges in video games. Listen in to learn how video games sell and make money, loot boxes and their significance in the region, recent decisions and class actions in Brazil and much more. https://open.spotify.com/episode/1gQHSoWdjUlwNrvYgpXbCt

As predicted in our Connect on Tech discussion in March, the U.S. Securities and Exchange Commission (“SEC”) is ramping up its examination and enforcement focus on cybersecurity at financial institutions, including scrutiny on actual implementation and deployment of published procedures in response to discovery of cyber breach incidents. Furthermore, the SEC appears to signal its expectation that multi-factor authentication (“MFA”) for email accounts containing sensitive client and customer information should be in place. Email Account…

Colorado has joined the growing list of US states passing new comprehensive privacy laws by enacting the Colorado Privacy Act (the “CPA”). Governor Jared Polis signed the CPA into law on July 7, 2021, making it the third comprehensive state privacy law enacted in the US. With other states also considering proposals on comprehensive privacy legislation, CPA is another signal that companies must be prepared for more (not less) privacy regulatory risks. Like the California…

The new standard contractual clauses for data transfers to third countries (“Ex-EU SCCs”) and standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”) issued by the European Commission provide for, both, chances and challenges for EU service providers supporting EU and non-EU customers, some of which are outlined below. 1. When do the Ex-EU SCCs apply? EU service providers supporting non-EU customers might want to enter into the new Ex-EU SCCs with…

The European Commission (“EC”) recently issued a set of standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”). The Intra-EU SCCs accompany a wider set of clauses issued for extra-EU/EEA personal data transfers (“Extra-EU SCCs”), covering transfers between different types of data processing actors (processors, controllers, sub-processors etc.). Both of them were published in the Official Journal of the European Union on June 7, 2021. The clauses for intra-EU data processing arrangements…

The Securities and Exchange Commission fined a real estate services company for inadequate disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed hundreds of thousands of sensitive customer records. Background In 2019, a cybersecurity journalist discovered and notified the real estate services company about a vulnerability with its document and images sharing app that exposed over 800 million images dating back to 2003, including documents that contained sensitive personal information such as…

The European Commission (“EC”) recently issued its revised standard contractual clauses for data transfers to third countries (“Ex-EU SCCs”) and a companion set of standard clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”). Both are now published in the Official Journal. The following is an introduction to the core elements of the Ex-EU SCCs and a brief overview of the Intra-EU SCCs. Legal Context The Ex-EU SCCs are a mechanism that companies can…

The Supreme Court of the United States has addressed a contentious split among federal circuit courts of appeals on the definition of “autodialer” under the Telephone Consumer Protection Act (TCPA) with a decision that should greatly reduce the amount of TCPA litigation in the US. The TCPA prohibits any person from placing phone calls (including text messages) to a wireless number using an “autodialer,” among other things, without the recipient’s prior express consent (or, for…

Our Labor and Employment, Global Immigration and Mobility, and Data Privacy lawyers discuss vaccine passports — what they are, how countries are already using them domestically and for international travelers, data privacy concerns related to the use of digital health documentation, and what employers should keep top-of-mind as vaccine passports become more common. Click here to watch Our Labor and Employment blog, The Employer Report, complements our video series, providing written legal updates on reopening and other hot topics.…