Author

Harry Valetk

Browsing

Many employers in the US are grappling with appropriate efforts to contain and protect the workforce against COVID-19. Those efforts include employee and visitor screening activities that range from requiring all personnel to provide an affirmation upon admission to a worksite to taking vital signs or other hands-on screenings. But are those screening activities lawful under applicable privacy and confidentiality laws in the US? And what should employers do when they have reason to suspect…

On February 25, 2020, the Federal Trade Commission released its 2019 Privacy and Security Update summarizing the year’s privacy and data security enforcement actions. And, by all accounts, it was a busy year for the privacy enforcement community. Privacy Enforcement Actions The most significant FTC enforcement action in 2019 – in fact, the largest consumer privacy fine ever imposed on any company in the world – was the Commission’s $5 billion penalty against a social…

In the United States, a significant legislative trend is on the horizon for insurers in 2020: a new breed of state privacy and cybersecurity laws. In the absence of federal intervention, a growing number of state legislatures are enacting laws and regulations modeling California’s Consumer Privacy Act for all businesses, and, in parallel, prescribing privacy and cybersecurity requirements directed at insurers. To help insurers stay ahead of the curve, we summarize below several cybersecurity measures…

On February 7, 2020, the California Attorney General released its revised draft implementing regulations for the California Consumer Privacy Act. The revised regulations are not yet final. The California AG will accept written comments regarding the updated regulations until 5:00 pm (PST) on Tuesday, February 25, 2020. The following is a high-level overview of the key new requirements under the updated regulations that are important for businesses to consider in connection with their CCPA compliance…

On midnight January 31, 2020, the United Kingdom’s law formally governing its exit from the European Union went into effect.  From a data protection perspective, however, Brexit has not resulted in any changes in law.  In fact, The EU Withdrawal Agreement implements a transition period to resolve post Brexit concerns and other formalities through December 31, 2020.  During that time period, most EU law (including GDPR) will continue to apply, and, presumably, the UK will…

On January 7, 2020, the U.S. Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) announced its 2020 Examination Priorities that included cybersecurity practices. Soon after the publication of the OCIE Examination Priorities, on January 27, 2020, OCIE followed-up with a report entitled Cybersecurity and Resiliency Observations These two OCIE releases, along with prior SEC alerts and actions, provide strong indications that the SEC, in 2020, will be ramping up its focus…

In recent years, South Korea has become synonymous with some of the strictest data protection laws and regulatory requirements in the region. The laws are regulated by the Korea Communications Commission (KCC), the Ministry of the Interior and Safety (MOIS), and other sector-specific supervisory authorities. Recent amendments to these three laws have resulted in stricter penalties, as well as criminal prosecution for data security breaches. Privacy Officer found guilty of criminal negligence for failing to…

The Federal Trade Commission (FTC) finalized settlements with five companies for claiming EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield certification. Those companies included organizations focused on providing workforce solutions, collaboration platforms, artificial intelligence analytics, clinical trial management, and other IT providers. The actions In each case, the FTC alleged that each company wrongfully claimed current certification under either the EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield. Both frameworks establish a mechanism for companies to legally…

The Federal Trade Commission finalized a settlement with cloud software provider InfoTrax Systems, L.C. following claims that it failed to enact sufficient data security policies, enabling a hacker to access sensitive personal data. The security incident According to the FTC, a hacker was able to access InfoTrax System’s server over 20 times from May 2014 to March 2016, successfully obtaining sensitive personal data, which could be used to commit identity theft and fraud. The FTC…

What does this mean for covered businesses? Two important privacy law developments took place last week in California. On 10 October 2019, the California Attorney General (AG) published its proposed regulations under the California Consumer Privacy Act (CCPA), and on 11 October 2019, Governor Gavin Newsom signed several bills that were passed in mid-September amending the CCPA (click here for a summary of those amendments). In this alert, we summarize some of the key requirements…