Michael Egan, Author at Connect On Tech

In Data Privacy

Protecting Privilege over Forensic Incident Reports in Data Breach Cases

February 2, 2021 by Brian Hengesbaugh, Michael Egan, Brian Whisler, Cristina Messerschmidt and Dominic Panakal 6 Mins Read

Adding to an emerging trend of federal cases addressing privilege in the context of forensic reports, the DC District Court ruled last month that forensic reports created in response to a cybersecurity incident were not subject to attorney-client privilege nor attorney work product protection because the reports were created in the ordinary course of business. This decision has significant implications for organizations preparing to respond to cybersecurity incidents and continues a pattern of increased scrutiny…

In California Privacy Law

The California Privacy Rights Act: High-Level Comparison to the CCPA

January 5, 2021 by Brian Hengesbaugh, Michael Egan, Harry Valetk, Cristina Messerschmidt, Jonathan Tam, Lothar Determann and Helena Engfeldt 4 Mins Read

In the privacy world, there is no rest for the weary. In California, while most companies were just getting their programs running to address the California Consumer Privacy Act (“CCPA”), including some last minute changes to address the final version of the regulations issued in late fall 2020, the California Privacy Rights Act (“CPRA”) was officially certified on December 16, 2020 following voter approval in another privacy referendum in the November 2020 elections. CPRA sharpens…

In Data Privacy

SolarWinds Fallout Warrants Vendor Pulse Check

December 22, 2020 by Brian Hengesbaugh, Michael Egan, Mike Stoker, Jerome Tomas and Harry Valetk 4 Mins Read

Disruptive cyber-attacks aimed at supply chains are on the rise, as the recent SolarWinds security breach has so prominently brought to light. While your immediate IT infrastructure may not have been directly impacted by that breach, now may be a good time to check-in with you key service providers. If they host or in any way process digital assets on your behalf, there is reason for concern in light of the devastating SolarWinds security breach.…

In California Privacy Law

California Privacy Rights Act enacted by Popular Ballot at General Election

November 17, 2020 by Lothar Determann, Brian Hengesbaugh, Ed Totino, Jonathan Tam, Michael Egan, Helena Engfeldt, Teresa Michaud, Harry Valetk and Andrea Tovar 7 Mins Read

Based on preliminary election results, Californians voted to enact the California Privacy Rights Act (“CPRA”), expanding and revising the California Consumer Privacy Act of 2018 (“CCPA”) effective January 1, 2023 with a one-year look-back to January 1, 2022 for some provisions. Companies around the world with business ties to California should start updating vendor contracts and prepare for new requirements under the statute and revised regulations to be issued by a new California Privacy Protection…

In Data Privacy

What ‘Schrems II’ means for controller-to-processor SCCs

July 20, 2020 by Michael Egan and Francesca Gaudino 2 Mins Read

The decision by the Court of Justice of the European Union in “Schrems II” provides that the controller-to-processor standard contractual clauses are a viable mechanism for data transfers from the EU to third countries but identified further conditions that need to be considered when implementing them to address the requirement to provide “adequate protection” to such transfers. The CJEU put the onus on data exporters to determine whether the exporter’s implementation of the C2P SCCs…

In California Privacy Law

CPRA Set for November Ballot

June 25, 2020 by Brian Hengesbaugh, Michael Egan, Amy de La Lama, Harry Valetk, Cristina Messerschmidt, Brandon Moseberry and Lothar Determann 3 Mins Read

For those privacy buffs following the status of the California Privacy Rights Act ballot initiative (CPRA), today is the much-anticipated deadline to officially decide whether the CPRA will qualify for the Fall 2020 ballot in November. The final answer? Yes, it will. Background CPRA (which was introduced by the Californians for Consumer Privacy in January 2020) is a ballot initiative that would both expand the scope of the existing California Consumer Privacy Act (CCPA) and…

In California Privacy Law

California Attorney General Submits CCPA Proposed Regulations for Expedited Review

June 3, 2020 by Brian Hengesbaugh, Brandon Moseberry, Harry Valetk, Amy de La Lama, Michael Egan, Lothar Determann, Cristina Messerschmidt and Gary Hunt 1 Min Read

On June 1, 2020, in a surprise, last-minute filing, the office of the California Attorney General submitted the final CCPA final California Consumer Privacy Act (CCPA) proposed regulations to the California Office of Administrative Law (OAL). What does this mean for businesses subject to the CCPA? Under normal circumstances, the OAL would have 30 days to review the proposed regulations for procedural compliance with California’s Administrative Procedure Act; however due to the COVID-19 pandemic, this timeframe…

In California Privacy Law

New Revisions to the CCPA Draft Implementing Regulations: Key Updates for Businesses

March 26, 2020 by Brian Hengesbaugh, Amy de La Lama, Michael Egan, Harry Valetk, Lothar Determann, Vincent Schroder, Mike Stoker and Gary Hunt 3 Mins Read

On March 11, 2020, the California Attorney General released another set of revisions to the California Consumer Privacy Act (CCPA) draft implementing regulations. The regulations are not yet finalized (a public comment period for this most recent version is open until March 27, 2020), but below we highlight key changes and takeaways for businesses under the latest version of the regulations. Note that this round of revisions to the regulations largely consist of updates to…

In Data Privacy

COVID-19 and the Cybersecurity and Privacy Risks in Increased Teleworking

March 13, 2020 by Michael Egan, Brian Hengesbaugh, Amy de La Lama, Brandon Moseberry and Harry Valetk 5 Mins Read

With the advent of the novel coronavirus COVID-19, many organizations around the world are undergoing a seismic shift on an accelerated timeline towards telework or remote working for some or all employees. In addition to ensuring that the networks, VPNs, and other IT resources are capable of supporting such a shift, organizations that have not built such teleworking into their disaster preparedness plans should be aware of, and take steps to mitigate, the cybersecurity and…

In Data Privacy

Employee and Visitor Screenings: A Privacy Guide for US Employers Dealing with COVID-19

March 9, 2020 by Brian Hengesbaugh, Harry Valetk, Amy de La Lama, Brandon Moseberry and Michael Egan 6 Mins Read

Many employers in the US are grappling with appropriate efforts to contain and protect the workforce against COVID-19. Those efforts include employee and visitor screening activities that range from requiring all personnel to provide an affirmation upon admission to a worksite to taking vital signs or other hands-on screenings. But are those screening activities lawful under applicable privacy and confidentiality laws in the US? And what should employers do when they have reason to suspect…