Many supervisory authorities across Europe have reported increasing numbers of data breach notifications since the introduction of GDPR. While most companies are now familiar with the 72-hour reporting obligation for...more
2/1/2021
/ Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Employee Training ,
Employer Liability Issues ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Notification Requirements ,
Policies and Procedures
Many in the world have been watching the Brexit deal closely, including privacy lawyers and others who deal with global data transfers. Under the recently-announced deal, a temporary solution will allow companies to continue...more
12/29/2020
/ Cross-Border Transactions ,
Data Protection ,
Data Transfers ,
EU ,
European Economic Area (EEA) ,
Exceptions ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
UK ,
UK Brexit
By ballot initiative, California residents recently approved Proposition 24, or the California Privacy Rights Act (CPRA), with approximately 56 percent voting in favor. CPRA significantly amends the CCPA by expanding...more
By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would...more
Companies who transfer data from the EU to the U.S. are struggling to determine the appropriate basis under which they can make these transfers. Continuing our examination of the outcome of this decision, we think now about...more
On July 16, 2020, in the case colloquially known as “Schrems II,” the Court of Justice of the European Union (CJEU) struck down the EU-US Privacy Shield, finding it an invalid mechanism for transferring data from the EU to...more
On June 1, 2020, the California AG submitted the final text of the proposed CCPA regulations to the Office of Administrative Law (OAL). There were no changes to the final text from the last version released in March, which we...more
At the end of March, Washington, D.C. signed the Security Breach Protection Amendment Act of 2019, which adds some significant changes to D.C.’s existing data breach law, first enacted in 2007. The law is projected to take...more
During COVID-19, in certain areas of the law, we have seen significant flexibility from regulators and government agencies in how they are addressing typical approval processes and/or compliance requirements. In the context...more
A number of private and government entities have released apps and software development kits (SDKs) relying on location tracking data to help tackle the COVID-19 pandemic. While the use of such technologies are being hotly...more
On March 11, 2020, the second set of modifications (or the third version) of the CCPA draft regulations were released. While the number of substantive changes dwindled in this version, there are a number of drafting...more
The FTC recently summarized three major changes it made to its orders in data security cases. In a blog signaling these changes, the FTC Indicated that some of the things it has been requiring of companies in 2019 are here to...more
1/15/2020
/ C-Suite Executives ,
Certificates of Compliance ,
Chief Information Security Officer (CISO) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Employee Training ,
Encryption ,
Federal Trade Commission (FTC) ,
Information Security ,
Internal Data Controls ,
Security Risk Assessments ,
Third-Party Liability
The EU Commission concluded its third annual review of the EU-U.S. Privacy Shield and found that it continues to provide an adequate level of protection for EU personal data. The program was created as a mechanism to...more
The FTC recently settled with Infotrax Systems, L.C. a technology company providing software to the direct sales industry. The settlement followed a breach suffered by the company, and involved allegations the company had...more
11/21/2019
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Settlement ,
Software Developers ,
Technology Sector
Effective October 1, 2019, organizations providing health insurance and related services must notify the Maryland Insurance Administration as part of its breach notification requirements.
In August 2019, the Maryland...more