Category

Data Privacy & Security

Category

On midnight January 31, 2020, the United Kingdom’s law formally governing its exit from the European Union went into effect.  From a data protection perspective, however, Brexit has not resulted in any changes in law.  In fact, The EU Withdrawal Agreement implements a transition period to resolve post Brexit concerns and other formalities through December 31, 2020.  During that time period, most EU law (including GDPR) will continue to apply, and, presumably, the UK will…

In the flurry of bills relating to the California Consumer Privacy Act (CCPA), the California Legislature also enacted a law requiring data brokers to register, following a similar (but not identical) law in Vermont (see, https://iapp.org/news/a/analysis-vermonts-data-broker-regulation/) and attention by Congress, the FTC and advocates to data brokers in prior years (https://iapp.org/news/a/ftc-calls-for-legislative-action-to-regulate-data-brokers/). California lawmakers placed the broker law right before CCPA in the California Civil Code and clarified in Cal. Civ. Code §1798.99.88 that “Nothing ……

On January 7, 2020, the U.S. Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) announced its 2020 Examination Priorities that included cybersecurity practices. Soon after the publication of the OCIE Examination Priorities, on January 27, 2020, OCIE followed-up with a report entitled Cybersecurity and Resiliency Observations These two OCIE releases, along with prior SEC alerts and actions, provide strong indications that the SEC, in 2020, will be ramping up its focus…

In this episode, your host Brian Hengesbaugh is joined by Benjamin Slinn, a senior associate in our London office, to discuss how data protection may look in a post-Brexit Europe. In this episode, you will learn about: What to expect during the transition period, which lasts until December 31, 2020Potential changes in international data transfers after the transition period expiresPractical steps from a data protection perspective that companies should consider taking to prepare for the end…

After January 31, 2020 the UK ceases to be a Member State of the European Union and, under the terms of the Withdrawal Agreement agreed between the UK and the EU-27, a transition period applies until December 31, 2020. From a data protection perspective, this has a number of implications. We have summarised the key points below, including what happens after the UK leaves the EU on January 31, the implications for international data transfers,…

In recent years, South Korea has become synonymous with some of the strictest data protection laws and regulatory requirements in the region. The laws are regulated by the Korea Communications Commission (KCC), the Ministry of the Interior and Safety (MOIS), and other sector-specific supervisory authorities. Recent amendments to these three laws have resulted in stricter penalties, as well as criminal prosecution for data security breaches. Privacy Officer found guilty of criminal negligence for failing to…

For many companies, January 1, 2020 became synonymous with the operative date of the California Consumer Privacy Act. However, manufacturers of Internet-connected devices must also keep in mind legislation that was signed into law on September 28, 2018 and became operative on January 1, 2020. This new law (2018 Cal. Legis. Serv. Ch. 886 (S.B. 327) (to be codified at Cal. Civ. Code § 1798.91.04(a)) (“IoT Law”) makes California the first state to specifically regulate…

The Federal Trade Commission (FTC) finalized settlements with five companies for claiming EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield certification. Those companies included organizations focused on providing workforce solutions, collaboration platforms, artificial intelligence analytics, clinical trial management, and other IT providers. The actions In each case, the FTC alleged that each company wrongfully claimed current certification under either the EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield. Both frameworks establish a mechanism for companies to legally…

On January 8, 2020 the ICO published its draft Direct Marketing Code of Practice for public consultation, which is open until 4 March 2020. We are summarized the status of the draft code, the key areas which are new compared to the ICO’s current direct marketing guidance, and the next steps. What is the draft code and its status? The Information Commissioner is required to publish a statutory direct marketing code under the Data Protection…