Tag

Compliance

Browsing

Join us for an in-person event with special guest, EEOC Commissioner Keith Sonderling Commissioner Sonderling is recognized for his thought leadership on inclusive AI. He is at the forefront of advocating for rational AI enforcement that meets the mandate of equality without disrupting innovation. He has noted the value of learning the perspectives of innovators, and legal and human resource professionals in this space through an open dialogue. A brief introduction video to Commissioner Sonderling can be found here.…

Businesses that have implemented compliance measures to comply with the California Consumer Privacy Act of 2018, as amended by the California Consumer Rights Act of 2020 (“CCPA”) can leverage existing vendor contract terms, website disclosures and data subject right processes to satisfy requirements under Nevada’s Revised Statutes Chapter 603A (www.leg.state.nv.us/Division/Legal/LawLibrary/NRS/NRS-603A.html). Most companies will not need to expand the scope of CCPA-focused privacy notices, because the Nevada laws are much more narrowly framed. But, companies may…

*Article originally posted on IAPP.org* On Aug. 31, hopes were dashed when the California legislative session ended without enacting Assembly Bill 1102. The bill would have extended grace periods for certain business-to-business and human resources personal information under the California Consumer Privacy Act as amended by the California Privacy Rights Act. CCPA/CPRA will become fully operational on Jan. 1, 2023, for B2B and HR personal information and will be subject to the same rigorous California privacy regulations…

Records and data retention can be complicated, particularly when balancing competing statutory requirements from around the globe, industry best practices, business needs, and the growing importance of privacy considerations. When faced with these realities, many organizations seek solutions that will make retention easier and more streamlined. While there are several ways to achieve this, organizations need to proceed with caution when choosing which aspects of their retention policies and procedures to simplify. One aspect organizations…

In recent years, the world of cross-border data flows has changed dramatically, driven by the exponential growth of data and the increasing ability and desire to harness and exploit it, as well as the growing number of regulatory developments that have created a patchwork of varying approaches across jurisdictions, which organizations must now navigate. Cross-border data transfers have become an increasingly complex issue, intersecting different areas of regulatory focus, including not only privacy and cybersecurity,…

Numerous data privacy and security laws govern the private sector’s collection and use of health data in the USA. These laws vary in scope and substance but some combination of them would probably apply to your company if, for example, it does any of the following in the country: Diagnoses or treats patients’ health conditions;Offers an app intended to promote the health or wellness of consumers;Provides health insurance or helps to process health insurance claims;Collects…

After years of legislative debate, Congress passed a new law requiring key businesses to report certain data breaches—or “covered incidents”—to the government. Signed by President Biden on March 15, 2022, the law, part of the Strengthening American Cybersecurity Act, requires companies that operate critical infrastructure—financial institutions, utilities, and other organizations—to share information with the Cybersecurity and Infrastructure Security Agency (CISA) about certain cybersecurity incidents within 72 hours and ransomware payments to cyber criminals within 24…

In Brief China has strengthened its commitment to protect personal information by adopting the new Personal Information Protection Law (PIPL 《中华人民共和国个人信息保护法》) which gives data subjects the power to control and determine how, with whom and for what purposes their personal information can be shared, analyzed or handled. Our Firm has previously released a more detailed discussion on the PIPL, which took effect on 1 November 2021. In the context of compliance investigations, typical activities can include accessing and…

On Wednesday, October 6, 2021, Baker McKenzie partners Harry Valetk and Brian Hengesbaugh, Global Chair of the Firm’s Data Privacy & Security Business Unit, presented at the Global Data Protection Boot Camp 2021 hosted by the Practising Law Institute. The boot camp boasted an impressive line-up of data privacy experts from both government and industry to share practical insights. The half-day program was comprised of the following four segments: Introduction and Legislative Developments in Data Protection LawsNuts and Bolts…

Whether you want to call it “design thinking,” “human-centered design,” or “user experience design,” the approach, goals, and strategy are all very much the same. It is a way of putting the user at the centre of your design process every step of the way, to develop and deliver the best possible solution and experience. While user experience is often thought of through the lens of providing customers with products or services, there is no…