On November 12, 2020, the European Commission (“EC”) published a draft implementing decision on standard contractual clauses (“SCCs”) for the transfer of personal data to third countries pursuant to the General Data...more
12/7/2020
/ Cross-Border Transactions ,
Data Controller ,
Data Processors ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
As many organizations continue to struggle with the fallout from the July 2020 Schrems II decision from the European Court of Justice (“CJEU”), in November, the European Data Protection Board (“EDPB”) published two pieces of...more
12/2/2020
/ Audits ,
Data Transfers ,
Due Diligence ,
European Court of Justice (ECJ) ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
Executive Orders ,
FISA ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
While the world anxiously awaited the results of the November 2020 U.S. federal elections, California silently passed California Proposition 24, the California Privacy Rights Act (CPRA). Labeled on the ballot simply as...more
11/13/2020
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Data Mapping ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Policies and Procedures ,
Safe Harbors ,
Sensitive Personal Information
On October 28, 2020, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) issued a joint warning that they...more
10/30/2020
/ Coronavirus/COVID-19 ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Health and Human Services (HHS) ,
FBI ,
Germany ,
Health Care Providers ,
Hospitals ,
New Guidance ,
Pennsylvania ,
Ransomware
“Because that’s where the money is,” was the famous quote fictitiously attributed to Willie Sutton when asked why he robbed banks. Given the trillions of dollars held by employee benefit plans, these plans are prime targets...more
On August 14, 2018, the Brazilian government approved the Brazilian General Data Protection Law, known as the Lei Geral de Proteção de Dados Pessoais (“LGPD”). Enforcement was set to begin on August 15, 2020 but then, due to...more
9/11/2020
/ Binding Corporate Rules ,
Brazil ,
Certifications ,
Coronavirus/COVID-19 ,
Data Protection ,
Data Protection Officers (DPOs) ,
Economic Sanctions ,
EU ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Noncompliance ,
Penalties ,
Personal Data
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
9/8/2020
/ Compliance ,
Corporate Counsel ,
Data Breach ,
Good Faith ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Information ,
Personally Identifiable Information ,
Popular ,
Safe Harbors ,
State Data Breach Notification Statutes ,
Substantial Risk of Harm
On July 16, 2020, the Court of Justice of the European Union (CJEU) issued its anxiously-awaited judgment in the Schrems II case. The CJEU’s decision upheld the Standard Contractual Clauses (SCCs) but, somewhat surprisingly,...more
7/21/2020
/ Court of Justice of the European Union (CJEU) ,
Data Collection ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
Executive Orders ,
Federal Trade Commission (FTC) ,
FISA ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
Like many industries, the automotive sector was hard hit by COVID-19. With plant closures, retooling of manufacturing lines for the production of necessary personal protection equipment, and the declining purchase demand for...more
As industry continues to adapt to the evolving realities of shelter-in-place orders, companies face challenges in supporting an unprecedented remote workforce while balancing compliance with a variety of regulatory agencies....more
5/4/2020
/ CARES Act ,
Centers for Disease Control and Prevention (CDC) ,
Centers for Medicare & Medicaid Services (CMS) ,
Consumer Financial Protection Bureau (CFPB) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Popular ,
Safe Harbors ,
World Health Organization
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
On March 19, 2020, the European Data Protection Board (EDPB) adopted a statement on the processing of personal data in the context of the COVID-19 outbreak. The EDPB made it clear that while the EU’s General Data Protection...more
As industry continues to adapt to the evolving realities of shelter-in-place orders, companies face challenges in supporting an unprecedented remote workforce while balancing compliance with a variety of regulatory agencies....more
4/9/2020
/ Business Interruption ,
California Consumer Privacy Act (CCPA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Regulatory Standards ,
Remote Working ,
Small Business ,
State of Emergency
The COVID-19 pandemic continues to disrupt business dramatically throughout the world, causing some companies to suspend operations entirely. Businesses able to remain open, in many cases, must accommodate remote-working...more
3/30/2020
/ Business Closures ,
Business Interruption ,
CARES Act ,
Coronavirus/COVID-19 ,
Federal Loans ,
Financial Stimulus ,
Paycheck Protection Program (PPP) ,
Payroll Taxes ,
Relief Measures ,
SBA ,
SBA Lending Programs ,
Securities and Exchange Commission (SEC) ,
Small Business ,
Tax Relief ,
Unemployment Insurance
As the coronavirus (also known as COVID-19) continues to impact all organizations globally and create uncertainty, cyber criminals are looking to exploit these vulnerabilities and fears and pose heightened cybersecurity...more
Beginning with the California Online Privacy Protection Act (CalOPPA) in 2004, California has led the U.S. in adopting laws to protect the privacy of its residents. California continued this trend by enacting the California...more
Under the ePrivacy Directive, in conjunction with the GDPR, the use of nonessential cookies (e.g., advertising and analytics) requires an affirmative, opt-in consent.
Pre-ticked check boxes and other defaults that do not...more
10/15/2019
/ Consent ,
Cookies ,
Court of Justice of the European Union (CJEU) ,
Data Subjects Rights ,
e-Privacy Directive ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Germany ,
Online Gaming ,
Opt-In ,
Personal Data
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
Welcome to Foley’s new Manufacturing MarketTrends newsletter. In each edition, we will highlight key trends to watch out for in 2019, making it a year of change for manufacturers. ...more
4/18/2019
/ China ,
Cybersecurity ,
Due Diligence ,
Economic Sanctions ,
Manufacturers ,
North Korea ,
Office of Foreign Assets Control (OFAC) ,
Section 301 ,
Supply Chain ,
Tariffs ,
US Trade Policies
...On April 4, 2019, California Assembly Member Wicks proposed sweeping changes to bill AB 1760, effectively repealing the California Consumer Privacy Act of 2018 (CCPA) and replacing it with the Privacy for All Act of 2019...more
4/11/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Disclosure Requirements ,
Opt-In ,
Personal Data ,
Private Right of Action ,
Proposed Amendments ,
Regulatory Oversight ,
Right to Be Forgotten ,
Third-Party Service Provider
On January 25, 2019, the Illinois Supreme Court handed down a key ruling that will make it significantly easier for consumers and workers to sue and recover damages for mere non-compliance with the requirements of the state’s...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
New state laws that took effect January 1, 2019, likely will have a broader impact on how U.S. companies collect, process, and secure consumers’ personal information, in addition to how and when they report data breaches....more
1/11/2019
/ Consumer Privacy Rights ,
Consumer Protection Act ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Digital Service Providers ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
State and Local Government ,
State Data Breach Notification Statutes ,
Third-Party
On September 26, 2018, a record settlement was reached between Uber and the attorneys general of all 50 states and the District of Columbia over the company’s 2016 data breach. While this case presents an extreme example of...more
...On June 28, 2018, California passed AB 375, the California Consumer Privacy Act of 2018 (CCPA), which will become effective January 1, 2020. Introduced just a week earlier in an effort to defeat a much stricter...more
7/3/2018
/ Consumer Protection Laws ,
Cybersecurity ,
Data Collection ,
General Data Protection Regulation (GDPR) ,
Governor Brown ,
New Legislation ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Portability ,
Right to Be Forgotten ,
State and Local Government