Author

Harry Valetk

Browsing

Harry Valetk, a partner in our New York office, joins Brian Hengesbaugh to discuss the global privacy issues surrounding COVID-19 vaccinations. Tune in to hear: the immediate privacy issues to consider in regards to the vaccinewhether a privacy impact assessment is warrantedthe privacy perspective on employers mandating vaccination. https://open.spotify.com/episode/3WevOBKvsQ8pIb9aZMz0F2?si=nyOjalKeS7qLmn0MWdg3Aw

In the privacy world, there is no rest for the weary. In California, while most companies were just getting their programs running to address the California Consumer Privacy Act (“CCPA”), including some last minute changes to address the final version of the regulations issued in late fall 2020, the California Privacy Rights Act (“CPRA”) was officially certified on December 16, 2020 following voter approval in another privacy referendum in the November 2020 elections. CPRA sharpens…

The ICO has issued a statement confirming that organisations should immediately check to see whether they are potentially a victim of the cyber-attack carried out through the SolarWinds Orion IT management platform (see ICO statement). Initial technical research indicates that while the majority of potentially compromised users of Orion are based in the United States of America, there are significant numbers of users in the United Kingdom and EU. The versions of the software that…

Disruptive cyber-attacks aimed at supply chains are on the rise, as the recent SolarWinds security breach has so prominently brought to light. While your immediate IT infrastructure may not have been directly impacted by that breach, now may be a good time to check-in with you key service providers. If they host or in any way process digital assets on your behalf, there is reason for concern in light of the devastating SolarWinds security breach.…

Based on preliminary election results, Californians voted to enact the California Privacy Rights Act (“CPRA”), expanding and revising the California Consumer Privacy Act of 2018 (“CCPA”) effective January 1, 2023 with a one-year look-back to January 1, 2022 for some provisions. Companies around the world with business ties to California should start updating vendor contracts and prepare for new requirements under the statute and revised regulations to be issued by a new California Privacy Protection…

Partners Brian Hengesbaugh and Harry Valetk hosted Practising Law Institute’s Global Data Protection Boot Camp 2020. The program – now in its fifth year – brings together individuals charged with formulating their organization’s global privacy compliance strategy. Harry Valetk chaired the 4-hour* program, which has been designed to help privacy practitioners within every organization – legal, compliance, IT security, and audit –obtain practical information and gain insights into key substantive and procedural compliance recommendations in relation…

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued an advisory to alert companies about potential sanctions risks when making payments in response to ransomware attacks. The advisory is in response to the demand for ransomware payments during the COVID-19 pandemic as cyber criminals have severely debilitated systems that merchants rely on to continue to conduct business. A Threat to National Security Ransomware is a form of malicious software designed…

In response to the July 16, 2020 Schrems II ruling from the European Court of Justice, the US Department of Commerce has issued a formal “Standard Contractual Clauses” White Paper to help organizations assess whether their transfers offer appropriate data protection in accordance with the ECJ’s ruling outlining the robust limits and safeguards in the United States for government access to data. Government data access safeguards post-Schrems II Following the Schrems II ruling, organizations that…

In its “Schrems II” opinion issued July 16, the Court of Justice of the European Union did not reach any findings on the EU Commission’s decisions 2001/497/EC or 2004/915/EC, i.e., the standard contractual clauses for the transfer of personal data to controllers. However, the rationale behind the CJEU’s ruling on the controller-to-processor SCCs, as well as on the EU-U.S. Privacy Shield, suggests two things with respect to controller-to-controller SCCs: The additional measures for transfers under C2P SCCs…

Digital assets vary. They can be a virtual currency that has no analog in the real world, and exists only on the blockchain used as a substitute for money. For this reason, virtual currencies are generally considered to be secure and offering a high degree of privacy. A recent decision from a US federal court of appeals, however, may cast a different light on this generally held view. USA v. Gratkowski In United States v.…