Welcome to the latest edition of Updata – the international update from Eversheds Sutherland’s dedicated Privacy and Cybersecurity team.
Updata provides you with a compilation of privacy and cybersecurity regulatory and...more
The year 2023 will continue to have cybersecurity and data privacy front of mind for General Counsels. With sweeping new US and global laws and regulations coming online and the California Privacy Protection Agency (CPPA)...more
3/3/2023
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Personal Data ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
Sensitive Personal Information
On February 1, 2023, the Colorado Division of Insurance (CDI) released a draft of the first of several regulations to implement S.B. 21-169, Colorado’s 2021 law prohibiting insurers from using external consumer data and...more
Connecticut’s new consumer privacy law imposes enhanced privacy disclosures and assessment requirements on businesses, and provides consumer rights similar to those in Europe’s GDPR, the California Privacy Rights Act (CPRA),...more
5/18/2022
/ Consumer Privacy Rights ,
Data Privacy ,
Exemptions ,
Fair Credit Reporting Act (FCRA) ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Jurisdiction ,
Personal Data ,
Sensitive Personal Information ,
State Privacy Laws
On March 24, 2022, the Utah governor signed a consumer privacy law (the Utah Consumer Privacy Act, UCPA), marking the fourth state law to create enhanced data privacy rights and protections for consumers. The law will go into...more
There are many similarities between the Colorado Privacy Act (ColoPA), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data privacy Act (VCDPA), and Europe’s GDPR,...more
7/15/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Data Controller ,
Data Deletion ,
Data Processors ,
Data Protection ,
Data Subjects Rights ,
Enforcement Authority ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Jurisdiction ,
Personal Data ,
Sensitive Personal Information ,
Standard Contractual Clauses ,
State Privacy Laws ,
Statutory Violations
If you transfer personal data from the EU/UK to countries which lack a so-called “adequacy” determination, like the US or India, or if your trusted service providers do, the Schrems II European Court decision has seismic...more
8/6/2020
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
FISA ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
If you transfer data from the EU to the US, or if your trusted service providers do, the Schrems II European Court decision1 has seismic significance - even if you do not rely on Privacy Shield.
On July 16, 2020, the Court...more
7/29/2020
/ Binding Corporate Rules ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
While the California Consumer Privacy Act (CCPA) and its potential amendments are still a top concern for businesses, other states are showing that they will not be left behind when it comes to enhanced privacy legislation....more
6/7/2019
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Exemptions ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Legislative Agendas ,
Pending Legislation ,
Personal Data ,
Privacy Laws ,
Private Right of Action ,
Proposed Amendments ,
Proposed Legislation
Companies in all industries and of all sizes are increasingly using biometric data—fingerprints, voiceprints, and facial structure, to name three—as a faster, more reliable, and more economical alternative to passwords and...more
4/12/2019
/ Biometric Information ,
Biometric Information Privacy Act ,
Consent ,
Data Collection ,
Data Privacy ,
Extraterritoriality Rules ,
Facial Recognition Technology ,
Fingerprints ,
Gramm-Leach-Blilely Act ,
IL Supreme Court ,
Notice Requirements ,
Personal Data ,
Private Sector ,
Risk Mitigation ,
Standard of Care
As predicted, the start of 2019 provided scant respite from the frenetic pace of privacy and cybersecurity developments during 2018. This past month alone, in a blizzard of activity, regulators amended regulations and...more
2/5/2019
/ Biometric Information Privacy Act ,
CareFirst ,
Class Action ,
CNIL ,
Corporate Fines ,
Cybersecurity ,
Data Privacy ,
General Data Protection Regulation (GDPR) ,
Google ,
Information Systems Security Program (ISSP) ,
Injury-in-Fact ,
National Futures Association ,
Personal Data ,
Popular ,
State Data Breach Notification Statutes ,
Yahoo!
Companies not based in the European Union (EU) now have additional guidance to help them determine whether they have to comply with the General Data Protection Regulation (GDPR). The European Data Protection Board (EDPB), the...more
On June 28, 2018, California passed a sweeping new privacy bill, AB 375, now known as the California Consumer Privacy Act of 2018 (CCPA).
The California legislature passed the bill in the morning and the governor signed...more
The General Data Protection Regulation (GDPR) took effect after two years of anticipation and preparation by many, but far from all, affected companies across the world. The GDPR is a new data protection and privacy law that...more
With enactment of the Personal Information Protection Act (PIPA), Bermuda can now count itself among the ever-expanding list of jurisdictions with enhanced privacy protections. PIPA, passed on July 27, 2016, and entered into...more
4/13/2018
/ Bermuda ,
Data Breach ,
Data Privacy ,
Data Security ,
Enforcement ,
Fines ,
General Data Protection Regulation (GDPR) ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers ,
Penalties ,
Personal Data ,
Personal Information Protection Act ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
On June 19, a jury sitting in federal court in the United States District Court for the Northern District of California awarded plaintiffs $60 million after finding that the defendant, TransUnion, LLC, violated provisions of...more
On February 2, 2016, the European Commission (EC) and the U.S. Department of Commerce (Commerce) announced that they had reached agreement on a new data transfer safe harbor arrangement for the transfer of personal data from...more
2/12/2016
/ Article 29 Working Party (WP29) ,
Binding Corporate Rules ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Judicial Redress Act ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework