Author

Harry Valetk

Browsing

While director and officer liability (D&O) claims arising out of cybersecurity events are not new, COVID-19 has increased those risks and created fertile ground for litigation and personal liability. Executive oversight of cybersecurity protocols and practices will no doubt be tested by the myriad of new challenges related to post-COVID exit strategies, including heightened monitoring of individuals, and disclosure requirements in the context of contact tracing. These challenges are more pronounced following the directive…

COVID-19 will end, that much we know. But when will it end, and what lasting effects will it have on our society remain the pressing questions for all of us. While many questions persist, it is certain that we have yet to see the full effects this global crisis will have on the economy. Many businesses, and perhaps entire industries, will not survive this prolonged shutdown or the changes in consumer behaviors following the exit…

The European Commission has published a Recommendation for use of technology and data to combat and exit from the COVID-19 crisis, in particular concerning mobile apps and use of anonymised mobility data. What does the Recommendation cover? The Recommendation establishes a process for developing a common approach (Toolbox) to use digital measures to address the COVID-19 crisis.  The Toolbox will include practical measures for making effective use of technology and data, focusing on a: Pan-European…

On March 11, 2020, the California Attorney General released another set of revisions to the California Consumer Privacy Act (CCPA) draft implementing regulations. The regulations are not yet finalized (a public comment period for this most recent version is open until March 27, 2020), but below we highlight key changes and takeaways for businesses under the latest version of the regulations. Note that this round of revisions to the regulations largely consist of updates to…

With the advent of the novel coronavirus COVID-19, many organizations around the world are undergoing a seismic shift on an accelerated timeline towards telework or remote working for some or all employees. In addition to ensuring that the networks, VPNs, and other IT resources are capable of supporting such a shift, organizations that have not built such teleworking into their disaster preparedness plans should be aware of, and take steps to mitigate, the cybersecurity and…

Many employers in the US are grappling with appropriate efforts to contain and protect the workforce against COVID-19. Those efforts include employee and visitor screening activities that range from requiring all personnel to provide an affirmation upon admission to a worksite to taking vital signs or other hands-on screenings. But are those screening activities lawful under applicable privacy and confidentiality laws in the US? And what should employers do when they have reason to suspect…

On February 25, 2020, the Federal Trade Commission released its 2019 Privacy and Security Update summarizing the year’s privacy and data security enforcement actions. And, by all accounts, it was a busy year for the privacy enforcement community. Privacy Enforcement Actions The most significant FTC enforcement action in 2019 – in fact, the largest consumer privacy fine ever imposed on any company in the world – was the Commission’s $5 billion penalty against a social…

In the United States, a significant legislative trend is on the horizon for insurers in 2020: a new breed of state privacy and cybersecurity laws. In the absence of federal intervention, a growing number of state legislatures are enacting laws and regulations modeling California’s Consumer Privacy Act for all businesses, and, in parallel, prescribing privacy and cybersecurity requirements directed at insurers. To help insurers stay ahead of the curve, we summarize below several cybersecurity measures…

On February 7, 2020, the California Attorney General released its revised draft implementing regulations for the California Consumer Privacy Act. The revised regulations are not yet final. The California AG will accept written comments regarding the updated regulations until 5:00 pm (PST) on Tuesday, February 25, 2020. The following is a high-level overview of the key new requirements under the updated regulations that are important for businesses to consider in connection with their CCPA compliance…

On midnight January 31, 2020, the United Kingdom’s law formally governing its exit from the European Union went into effect.  From a data protection perspective, however, Brexit has not resulted in any changes in law.  In fact, The EU Withdrawal Agreement implements a transition period to resolve post Brexit concerns and other formalities through December 31, 2020.  During that time period, most EU law (including GDPR) will continue to apply, and, presumably, the UK will…