Why should I read this?
A new UK-US data bridge will be available to businesses in the UK looking to transfer personal data to organizations in the United States certified under the UK Extension to the EU-US Data Privacy...more
9/26/2023
/ Corporate Counsel ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Privacy Framework ,
Privacy Laws ,
Standard Contractual Clauses ,
UK ,
UK GDPR ,
US-EU Safe Harbor Framework
On Wednesday February 1, 2023, the NAIC Privacy Protections Working Group (the Working Group) released a draft of a new model law for comment, the Insurance Consumer Privacy Protection Model Law (#674) (the Proposal), which...more
2/10/2023
/ California Consumer Privacy Act (CCPA) ,
Data Security ,
General Data Protection Regulation (GDPR) ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Insurance Industry ,
NAIC ,
Personal Information ,
Privacy Laws ,
Privacy Policy ,
Proposed Rules ,
Working Groups
Connecticut’s new consumer privacy law imposes enhanced privacy disclosures and assessment requirements on businesses, and provides consumer rights similar to those in Europe’s GDPR, the California Privacy Rights Act (CPRA),...more
5/18/2022
/ Consumer Privacy Rights ,
Data Privacy ,
Exemptions ,
Fair Credit Reporting Act (FCRA) ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Jurisdiction ,
Personal Data ,
Sensitive Personal Information ,
State Privacy Laws
Welcome to the latest edition of Updata - the international update from Eversheds Sutherland’s dedicated Privacy and Cybersecurity team.
Updata provides you with a compilation of privacy and cybersecurity regulatory and...more
7/16/2021
/ Adequacy Requirement ,
China ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Data Protection Authority ,
Data Retention ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Netherlands ,
Personal Data ,
Proposed Legislation ,
Russia ,
Social Media ,
Spain ,
Standard Contractual Clauses ,
UK
There are many similarities between the Colorado Privacy Act (ColoPA), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data privacy Act (VCDPA), and Europe’s GDPR,...more
7/15/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Data Controller ,
Data Deletion ,
Data Processors ,
Data Protection ,
Data Subjects Rights ,
Enforcement Authority ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Jurisdiction ,
Personal Data ,
Sensitive Personal Information ,
Standard Contractual Clauses ,
State Privacy Laws ,
Statutory Violations
On March 2, 2021, Governor Northam signed the Virginia Consumer Data Protection Act (CDPA or the Act) making it the country’s second comprehensive data privacy legislation following California’s Consumer Protection Act of...more
3/5/2021
/ California Consumer Privacy Act (CCPA) ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Acts ,
Enforcement Actions ,
General Data Protection Regulation (GDPR) ,
Governor Northam ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
State Data Privacy Laws
On the 10 February 2021, ambassadors in the Council of the European Union Permanent Representatives Committee (COREPER) announced it had agreed a negotiating mandate on a draft ePrivacy Regulation (“the ePrivacy Regulation”)....more
It was a tumultuous year for privacy and cybersecurity, and further uncertainty is all but guaranteed. The key to navigating this volatility, as 2020 proved, is to develop and maintain a proactive, agile and holistic data...more
2/10/2021
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Coronavirus/COVID-19 ,
Cryptocurrency ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
NAIC ,
Popular
Hopes that privacy regulators and litigants would grant a reprieve to businesses during the COVID-19 pandemic may prove ill-founded. On July 21, 2020, the New York Department of Financial Services announced its first...more
If your company, like many other US insurance companies, has an EU or UK affiliate or parent, and you transfer personal data to the US, including employee data or even data of US persons, or if your trusted service providers...more
If you transfer personal data from the EU/UK to countries which lack a so-called “adequacy” determination, like the US or India, or if your trusted service providers do, the Schrems II European Court decision has seismic...more
8/6/2020
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
FISA ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
If you transfer data from the EU to the US, or if your trusted service providers do, the Schrems II European Court decision1 has seismic significance - even if you do not rely on Privacy Shield.
On July 16, 2020, the Court...more
7/29/2020
/ Binding Corporate Rules ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On October 11, 2019, the California Attorney General issued long-awaited draft Regulations to the California Consumer Privacy Act (CCPA). The draft Regulations provide helpful clarity on some core aspects of California’s...more
10/18/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Right to Delete ,
State Attorneys General
As predicted, the start of 2019 provided scant respite from the frenetic pace of privacy and cybersecurity developments during 2018. This past month alone, in a blizzard of activity, regulators amended regulations and...more
2/5/2019
/ Biometric Information Privacy Act ,
CareFirst ,
Class Action ,
CNIL ,
Corporate Fines ,
Cybersecurity ,
Data Privacy ,
General Data Protection Regulation (GDPR) ,
Google ,
Information Systems Security Program (ISSP) ,
Injury-in-Fact ,
National Futures Association ,
Personal Data ,
Popular ,
State Data Breach Notification Statutes ,
Yahoo!
Companies not based in the European Union (EU) now have additional guidance to help them determine whether they have to comply with the General Data Protection Regulation (GDPR). The European Data Protection Board (EDPB), the...more
As this eventful year for new privacy and cybersecurity regulations winds down, multinational companies still need to look ahead to new regulations that will come online in 2019, including Vietnam’s Law on...more
12/5/2018
/ Breach Notification Rule ,
California Consumer Privacy Act (CCPA) ,
Comment Period ,
Corporate Counsel ,
Covered Entities ,
Cybersecurity ,
Foreign Corporations ,
General Data Protection Regulation (GDPR) ,
Multinationals ,
Pending Legislation ,
Personal Data ,
Popular ,
Vietnam
Malaysia will soon be joining the growing number of global jurisdictions that are adding specific data breach notification requirements to companies operating in Malaysia, re-emphasizing the need for multinational companies...more
The number and severity of cyberattacks are on the rise, and companies simply cannot rely on their governments to protect them. In fact, quite the opposite is true....more
On June 28, 2018, California passed a sweeping new privacy bill, AB 375, now known as the California Consumer Privacy Act of 2018 (CCPA).
The California legislature passed the bill in the morning and the governor signed...more
The General Data Protection Regulation (GDPR) took effect after two years of anticipation and preparation by many, but far from all, affected companies across the world. The GDPR is a new data protection and privacy law that...more
With enactment of the Personal Information Protection Act (PIPA), Bermuda can now count itself among the ever-expanding list of jurisdictions with enhanced privacy protections. PIPA, passed on July 27, 2016, and entered into...more
4/13/2018
/ Bermuda ,
Data Breach ,
Data Privacy ,
Data Security ,
Enforcement ,
Fines ,
General Data Protection Regulation (GDPR) ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers ,
Penalties ,
Personal Data ,
Personal Information Protection Act ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
As part of the recently enacted federal spending bill, the US Congress has passed a momentous piece of legislation directly affecting providers of electronic communication services like email service providers and social...more
What is the problem?
Belgian researchers have published information about a vulnerability in the most popular WiFi encryption protocol that makes monitoring of all communications possible, except those communications that...more
The UK is committed to promoting itself as a global data protection gateway, with high standards of data protection law and practice, according to the UK Information Commissioner’s Office’s (ICO) newly released international...more