Stephen Reynolds, Author at Connect On Tech

In California Privacy Law

Indiana Passes Comprehensive Privacy Law: What Do Businesses Need to Know?

May 17, 2023 by Nick Merker, Stephen Reynolds and Helena Engfeldt 7 Mins Read

In Brief On May 1, 2023, Governor Eric Holcomb’s signed Indiana’s Consumer Data Protection Act into law, making Indiana the seventh US state to pass comprehensive consumer data privacy law — joining California, Iowa, Utah, Connecticut, Virginia, and Colorado (Tennessee has since enacted a consumer privacy statute; and Montana and Texas have passed laws that are currently awaiting their respective governors’ signatures). The Consumer Data Protection Act closely tracks prevailing trends in US state privacy…

In Cybersecurity

Ransomware Attacks: Who You Gonna Call? – TechStrongTV CISO Talk Episode

May 10, 2023 by Stephen Reynolds 1 Min Read

Every CISO knows it’s not a matter of ‘if’ a cybersecurity incident will occur, but ‘when.’ Fortunately, there’s one name at the top of every CISO’s incident response list: Stephen Reynolds, partner in Baker McKenzie’s Intellectual Property & Technology Practice. Reynolds built a well-deserved reputation as a bulwark between organizations and the cybercriminals who attack them, and he is rightly seen as the man who can make the difference between an organization living on to…

In Data Privacy & Security

China Standard Contractual Clauses: June 1 Adoption Deadline is Approaching

May 1, 2023 by Zhenyu "Jay" Ruan, Brian Hengesbaugh, Rachel Ehlers, Manisha Reddy, Adam Aft, Cynthia Cole, Nick Merker, Stephen Reynolds and Harry Valetk 2 Mins Read

In brief Companies that export personal data out of China have roughly one month to adopt China’s Standard Contractual Clauses (“SCCs”) to comply with the Cyberspace Administration of China’s (“CAC”) deadline of June 1, 2023. As outlined in previous client alerts, the SCCs are one of three mechanisms in place for cross-border data transfers from mainland China to other jurisdictions. Many multinationals will be impacted by these requirements because Chinese employment data, which is…

In Data Privacy & Security

Data Protection Day – Key developments and trends for 2023

January 26, 2023 by Benjamin Slinn, Vinod Bange, Dr Lukas Feiler, Alissa Forstner, Liz Grimwood-Taylor, Anne-Marie Allgrove, Anne Petterd, Caitlin Whale, Adrian Lawrence, Toby Patten, Guillermo José Cervio, Valentina Salas, Valentina Biondi Grane, Elisabeth Dehareng, Caroline Serbanescu, Flavia Rebello, Theo Ling, Conrad Flaczyk, Nadia Rauf, Carolina Pardo, Magalie Dansac Le Clerc, Yann Padova, Florian Tannen, Dr Michaela Nebel, Prof. Dr. Michael Schmidl, Jiří Čermák, Milena Hoffmanová, Lenka Bešťáková, Francesca Gaudino, Yuki Kondo, Daisuke Tatsuno, Kensaku Takase, Dr. Csaba Vári, Marcia Lee, Benjamin Lau, Daniel Villanueva-Plasencia, Carlos Vela-Trevino, Elvia Aragon, Nathalja Doing, Teresa Tovar, Bienvenido A. Marquez III, Frederick August I. Jose, Radoslaw Nozykowski, Patricia Pérez, Peder Oxhammar, William Höglund, Emelie Ageby Svensson, Margarita Kozlov, Johanna Moesch (Mösch), Nadine Charrière, Muriel Binder, Jo-Fan Yu, Dhiraphol Suwanprateep, Pattaraphan Paiboon, Kritiyanee Buranatrevedhya, Thananya Chaikamonsuk, Can Sozer, Yigit Acar, Ecem Elver, Aybuke Gundel, Kellie Blyth, Maher Ghalloussi, Lucrezia Lorenzini, Alex Toh, Ken Chia, Cristina Messerschmidt, Rachel Ehlers, Cynthia Cole, Brian Hengesbaugh, Stephen Reynolds, Nick Merker, Harry Valetk, Lothar Determann, Jonathan Tam, Helena Engfeldt, Maria Eugenia Salazar-Furiati, Manh Hung Tran and Jacqueline Wong 102 Mins Read

28 January 2023 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. To mark Data Protection Day 2023, Baker McKenzie’s Global Data Privacy and Security Team is pleased to present this special edition update of key data protection and privacy developments and trends across the globe, as well summarising future legislative changes, predictions, and enforcement priorities to look out for during 2023.…

In Data Privacy & Security

European Commission Moves Towards U.S. Adequacy Decision for Data Transfers

On December 13, the European Commission (“EC”) announced a draft decision on the adequacy of the U.S data protection regime to protect the personal data of European Union (“EU”) residents, the EU-U.S. Data Privacy Framework (“DPF”). The DPF, which was initially announced in March 2022 as a political agreement between the EU and the U.S., and then bolstered by President Biden’s Executive Order (“EO”) in October 2022, opens the door for an EU-U.S. data transfer…

In Data Privacy & Security

Critical Steps for Increased Legal Certainty for EU to U.S. Personal Data Flows

In March 2022, U.S. and EU leaders reached an agreement in principle on a new accord to protect data flows entitled the Trans-Atlantic Data Privacy Framework (“EU-U.S. DPF”). Today, the US Government has taken important steps to implement this critical data flow framework, and strengthen legal certainty for EU to US personal data transfers. First, President Biden signed an Executive Order on “Enhancing Safeguards for United States Signals Intelligence Activities” (“EO”). The EO enhances privacy…

In California Privacy Law

United States: How to comply with CCPA while the new Agency revises Regulations

August 16, 2022 by Loic Coutelier, Lothar Determann, Helena Engfeldt, Elizabeth Gladstone, Jonathan Tam, Andrea Tovar, Vivian Tse, Tom Tysowsky, Brian Hengesbaugh, Cristina Messerschmidt, Harry Valetk, Nick Merker and Stephen Reynolds 7 Mins Read

In brief The California Privacy Rights Act of 2020 (CPRA) amended the California Consumer Privacy Act of 2018 (CCPA) with most changes taking effect on 1 January 2023 with a twelve-month look-back. Limited exceptions concerning the personal data of employees and business contacts will expire. The new California Privacy Protection Agency (CPPA) has published draft regulations that will, once finalized, expand on the rules in the statute and existing regulations from the California Attorney General. The CPPA is…

In Podcast

Podcast Episode: Class Action and Regulatory Trends: Significant Developments and Predictions

May 26, 2022 by Paul Glass, Teresa Michaud and Stephen Reynolds 1 Min Read

In this episode, Paul Glass, head of Cybersecurity in the UK, is joined by Teresa Michaud, co-chair of the North America Class Action subgroup, and Stephen Reynolds, partner based in Chicago, as they discuss consumer class actions in relation to data breaches and security incidents. Listen in to hear about: overriding themes that have characterized the last year of US class action litigationcybersecurity and data privacy trends and significant developments in the class action space,…

In Cybersecurity

Podcast Episode: Strengthening American Cybersecurity Act – What You Need to Know

May 12, 2022 by Brian Hengesbaugh and Stephen Reynolds 1 Min Read

In this episode, Brian Hengesbaugh, Global Chair of Data Privacy and Security, is joined by Stephen Reynolds, partner in Chicago, as they discuss the Strengthening American Cybersecurity Act, a law recently signed by President Biden, which requires key businesses to report certain ransomware incidents to the Cybersecurity and Infrastructure Security Agency (CISA). Listen in to hear about: An overview of the new law, including key elements such as mandatory reporting requirements, timelines and which “critical…

In Cybersecurity

Congress Publishes “Game-Changer” Breach Reporting Law, Compliance Requirements Unclear

March 18, 2022 by Cyrus R. Vance Jr., Brian Hengesbaugh, Nick Merker, Teresa Michaud, Jessica Nall, Stephen Reynolds, Jerome Tomas, Harry Valetk, Cristina Messerschmidt and Mason Clark 6 Mins Read

After years of legislative debate, Congress passed a new law requiring key businesses to report certain data breaches—or “covered incidents”—to the government. Signed by President Biden on March 15, 2022, the law, part of the Strengthening American Cybersecurity Act, requires companies that operate critical infrastructure—financial institutions, utilities, and other organizations—to share information with the Cybersecurity and Infrastructure Security Agency (CISA) about certain cybersecurity incidents within 72 hours and ransomware payments to cyber criminals within 24…