Category

Data Privacy & Security

Category

The roller coaster of comprehensive state data privacy laws continues in earnest. California has now double dipped: first with the California Consumer Privacy Act (CCPA) and second with the California Privacy Rights Act (CPRA). With all eyes on New York, Washington State, and other potential early movers for more state legislation, Virginia has surprised the nation by coming out very quickly with its own version of comprehensive privacy law, which Governor Ralph Northam signed into…

In this Mobility Minute, immigration attorney Matthew Gorman and data privacy attorney Cristina Messerschmidt team up to examine the issue of data privacy, or lack thereof, at US ports of entry, including international airports. We will review a recent court decision that appears to further minimize protections for travelers entering the United States, as well as consider what can be done to protect sensitive data, if anything, and how a potential COVID vaccination chip and…

Florida’s governor, Ron DeSantis, and the speaker of the state’s house of representatives, Chris Sprowls, each recently highlighted proposed new privacy legislation in Florida that resembles the California Consumer Privacy Act (CCPA). This has landscape-changing potential, as House Bill 969 is the first CCPA-like proposal endorsed by a Republican governor. The bill the governor and speaker lauded was filed on February 15th, and if passed would become effective on January 1, 2022. Application/Exceptions House Bill…

The Empire State is making waves in the world of privacy with the introduction of its own version of the now infamous California Consumer Privacy Act (CCPA).  SB 567, which was introduced on January 6, 2021, is New York’s attempt to introduce new consumer rights with respect to personal information, as well as regulate the sale of consumer personal information to third parties.  Notably, the Bill also introduces a private right of action for consumers…

The European Data Protection Board (EDPB) recently published the draft Guidelines on Examples Regarding Data Breach Notification, a document that encompasses eighteen examples of data security incidents, on a spectrum of risk and necessary mitigating measures.  Each example concludes with recommended actions based on the identified risks, mainly: recording the incident in the organization’s internal register, notifying the organization’s supervisory authority, and notifying affected individuals.  The Guidelines are currently open for public consultation. The Guidelines…

Privacy professionals must answer mission-critical questions daily. Is it OK to share data with this strategic third party? Can we deploy this new marketing feature? Can we place this function in the cloud? Can we deploy this new monitoring tool into our workforce environment? Are we required to delete this data, and if so, what does this mean? Do we need to notify regulators and individuals of this event? Over the years, I’ve observed that…

Adding to an emerging trend of federal cases addressing privilege in the context of forensic reports, the DC District Court ruled last month that forensic reports created in response to a cybersecurity incident were not subject to attorney-client privilege nor attorney work product protection because the reports were created in the ordinary course of business. This decision has significant implications for organizations preparing to respond to cybersecurity incidents and continues a pattern of increased scrutiny…

Happy Data Protection Day! The 28 January each year is celebrated as Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. To mark Data Protection Day 2021, we have summarised some of the key trends and developments in the EU, UK and beyond from a data protection perspective and looking ahead to what to expect for 2021. You can jump to specific country…

Many bold decisions were taken by TMT players in 2020 to protect their workforces and to ensure that they continue to be able to deliver technology, connectivity and digital transformation across sectors. Significant trends are now expected to impact the TMT industry in 2021. In the 2021 edition of TMT Looking Ahead, our industry expert lawyers identify key global trends, provide helpful insights and offer practical tips for TMT businesses in the following areas: Digital Transformation…

There have been a number of EU and UK developments affecting transfers of personal data. We summarise the key ones below and set out some practical steps to take in light of these developments. Any organisation which transfers personal data to or from the EU27 will need to work out what changes are required to address these new developments. We won’t have full clarity until the European Commission and EDPB finalise their current drafts but…