Category

Data Privacy & Security

Category

Based on preliminary election results, Californians voted to enact the California Privacy Rights Act (“CPRA”), expanding and revising the California Consumer Privacy Act of 2018 (“CCPA”) effective January 1, 2023 with a one-year look-back to January 1, 2022 for some provisions. Companies around the world with business ties to California should start updating vendor contracts and prepare for new requirements under the statute and revised regulations to be issued by a new California Privacy Protection…

Digital transformation enables organizations to better understand and manage the data they hold, and has now become intertwined with the concept of business agility. Our new 2020 Digital Transformation & Cloud Survey: The Future of Enterprise Data explores the links between digital transformation and the use of data through a global lens of respondents in legal, technology and procurement roles, across a large cross-section of major industries. In this post, we draw out the benefits…

Partners Brian Hengesbaugh and Harry Valetk hosted Practising Law Institute’s Global Data Protection Boot Camp 2020. The program – now in its fifth year – brings together individuals charged with formulating their organization’s global privacy compliance strategy. Harry Valetk chaired the 4-hour* program, which has been designed to help privacy practitioners within every organization – legal, compliance, IT security, and audit –obtain practical information and gain insights into key substantive and procedural compliance recommendations in relation…

In today’s digital economy, companies are seeking ways to leverage the data they collect. From contracts to privacy and intellectual property, there are many issues at stake for which businesses should seek guidance to avoid common pitfalls and adhere to best practices. Another equally relevant business opportunity: using influencers on social media to boost brand recognition and sales. This session will also cover the mistakes to avoid in the increasingly scrutinized field of influencer advertising,…

In two decisions on October 6, 2020, the Court of Justice of the European Union (CJEU) has once again provided a strict framework for national surveillance laws applicable to electronic communications and online service providers, and the investigative and intelligence measures related thereto.  This is the second time since July (C-311/18, “Schrems II” which has invalidated the “Privacy Shield”  due to the inadequacies of the US law) that the CJEU has ruled on these issues.…

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued an advisory to alert companies about potential sanctions risks when making payments in response to ransomware attacks. The advisory is in response to the demand for ransomware payments during the COVID-19 pandemic as cyber criminals have severely debilitated systems that merchants rely on to continue to conduct business. A Threat to National Security Ransomware is a form of malicious software designed…

In response to the July 16, 2020 Schrems II ruling from the European Court of Justice, the US Department of Commerce has issued a formal “Standard Contractual Clauses” White Paper to help organizations assess whether their transfers offer appropriate data protection in accordance with the ECJ’s ruling outlining the robust limits and safeguards in the United States for government access to data. Government data access safeguards post-Schrems II Following the Schrems II ruling, organizations that…

Questions continue to arise over the interplay of the second Payment Services Directive (PSD2) with the General Data Protection Regulation (GDPR). Both PSD2 and the GDPR are complex legislation and the relationship between distinct provisions of each law and how they work together is not altogether clear, which has led to uncertainty for payment service providers, including banks. For example, when is “consent” required to access payment data and what does consent mean? To this…

**Originally published by Bloomberg Law.** On July 1, 2020 California’s attorney general started enforcing the California Consumer Privacy Act by sending letters to companies with requests to cure alleged violations, as contemplated by the CCPA. The legislation took effect on Jan. 1, 2020, as part of the California Civil Code, and called on the attorney general to enforce the law within six months of enacting regulations or July 1, 2020 the latest. The CCPA regulations…

On 10 July 2020, the Colombia National Police Intelligence Directorate (DIPOL) initiated a public bidding process for the procurement of an AI based cyber-intelligence system for DIPOL. Such system would provide the police with access to social media accounts and instant messaging services. The cyber intelligence system should allow the dynamic monitoring of activity in social media and instant messaging networks that have public links. Additionally, the system should allow the identification of the following…