On December 18, 2020, the Financial Crimes Enforcement Network (FinCEN) issued a Notice of Proposed Rulemaking (NPRM) to establish new requirements for convertible virtual currency (CVC) and legal tender digital asset (LTDA)...more
The massive SolarWinds security breach, which affected not only the private sector, but federal, state and local governments, has caused some to question whether to share data with the government. On Friday, December 18, the...more
As tens of billions of additional Internet of Things (IoT) devices are poised to enter the market and infuse our supply chains, on December 4, 2020, President Donald Trump signed the first-ever federal law governing IoT...more
Working from home since the onset of the pandemic, you check your social media on a work laptop, in violation of your company’s Acceptable Use Policy. Have you just committed a federal crime?...more
On November 3, 2020, California voters passed Proposition 24, the California Privacy Rights Act (CPRA), by approximately 56-44%. This act will amend and supersede the still recent California Consumer Privacy Act (CCPA), once...more
11/10/2020
/ Administrative Agencies ,
Amended Legislation ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Corporate Counsel ,
Cybersecurity ,
Enforcement Authority ,
Minors ,
New Legislation ,
Opt-Outs ,
Personal Information ,
Popular ,
Private Right of Action ,
Sensitive Personal Information
Hopes that privacy regulators and litigants would grant a reprieve to businesses during the COVID-19 pandemic may prove ill-founded. On July 21, 2020, the New York Department of Financial Services announced its first...more
If your company, like many other US insurance companies, has an EU or UK affiliate or parent, and you transfer personal data to the US, including employee data or even data of US persons, or if your trusted service providers...more
If you transfer personal data from the EU/UK to countries which lack a so-called “adequacy” determination, like the US or India, or if your trusted service providers do, the Schrems II European Court decision has seismic...more
8/6/2020
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
FISA ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On July 30, 2020, the Financial Crimes Enforcement Network (FinCEN) released an advisory that signals its focus on cybercrime arising from vulnerabilities potentially created by the COVID-19 pandemic. The “Advisory on...more
If you transfer data from the EU to the US, or if your trusted service providers do, the Schrems II European Court decision1 has seismic significance - even if you do not rely on Privacy Shield.
On July 16, 2020, the Court...more
7/29/2020
/ Binding Corporate Rules ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
According to one blockchain and cryptocurrency security firm, this year is on pace to be the second highest in cryptocurrency theft, hacking and fraud, with January through May 2020 already seeing $1.36 billion stolen in...more
6/10/2020
/ Bank Secrecy Act ,
Bitcoin ,
Blockchain ,
Cryptocurrency ,
Enforcement Actions ,
Fraud ,
Hackers ,
Misappropriation ,
Money Laundering ,
Money Services Business ,
OCC ,
Theft
On May 5, 2020, the NAIC’s Privacy Protections (D) Working Group met via conference call. The Working Group was formed on October 1, 2019, under the Market Regulation and Consumer Affairs (D) Committee on a referral from...more
Many general counsels, as well as their privacy and cybersecurity teams, are understandably focused on their company’s coronavirus safety measures - and that is good news to the hackers.
Hackers thrive amidst confusion and...more
In the scramble to come into compliance before the January 1, 2020 deadline, companies may have overlooked a key - and potentially costly - requirement in the California Attorney General draft regulations to the California...more
On February 10, 2020, the California Attorney General published revisions to the proposed regulations (Revised Regulations) to implement the California Consumer Privacy Act of 2018 (CCPA). The changes largely clarify and...more
With companies increasingly worried about what the California Attorney General, and private litigants, will do once the California Consumer Privacy Act comes into effect, they should not lose sight of what the Federal Trade...more
In the run-up to January 1, 2020, the California legislature and Attorney General are rushing to provide clarity to the California Consumer Privacy Act of 2018 (CCPA) - and businesses are rushing to interpret and implement...more
11/18/2019
/ Amended Legislation ,
Anti-Discrimination Policies ,
B2B Transactions ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Brokers ,
Data Deletion ,
Data Privacy ,
Data Security ,
E-Commerce ,
Fair Credit Reporting Act (FCRA) ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Proposed Amendments ,
State Data Breach Notification Statutes ,
Subject Access Request (SAR)
On October 11, 2019, the California Attorney General issued long-awaited draft Regulations to the California Consumer Privacy Act (CCPA). The draft Regulations provide helpful clarity on some core aspects of California’s...more
10/18/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Right to Delete ,
State Attorneys General
Along with other regulators, the Securities and Exchange Commission (the “SEC”) has been signaling its intention to pursue those in the cryptocurrency sphere that it believes are capitalizing on the excitement and novelty of...more
While many breathed a sigh of relief when the California legislature provided only a limited private right of action for data breaches under its sweeping new privacy law - the California Consumer Privacy Act (CCPA) -...more
9/5/2019
/ Arbitration ,
California Consumer Privacy Act (CCPA) ,
Civil Code ,
Consumer Privacy Rights ,
Data Breach ,
Enforcement Authority ,
Federal Arbitration Act ,
Personal Information ,
Private Right of Action ,
Right To Cure ,
Risk Management ,
Statutory Damages ,
Unfair Competition Law (UCL)
As difficult as it is to pass laws, especially potentially controversial laws, sunset provisions on national security legislation provide an opportunity to re-assess effectiveness, impacts on privacy, and opportunity...more
While the California Consumer Privacy Act (CCPA) and its potential amendments are still a top concern for businesses, other states are showing that they will not be left behind when it comes to enhanced privacy legislation....more
6/7/2019
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Exemptions ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Legislative Agendas ,
Pending Legislation ,
Personal Data ,
Privacy Laws ,
Private Right of Action ,
Proposed Amendments ,
Proposed Legislation
Companies in all industries and of all sizes are increasingly using biometric data—fingerprints, voiceprints, and facial structure, to name three—as a faster, more reliable, and more economical alternative to passwords and...more
4/12/2019
/ Biometric Information ,
Biometric Information Privacy Act ,
Consent ,
Data Collection ,
Data Privacy ,
Extraterritoriality Rules ,
Facial Recognition Technology ,
Fingerprints ,
Gramm-Leach-Blilely Act ,
IL Supreme Court ,
Notice Requirements ,
Personal Data ,
Private Sector ,
Risk Mitigation ,
Standard of Care
As predicted, the start of 2019 provided scant respite from the frenetic pace of privacy and cybersecurity developments during 2018. This past month alone, in a blizzard of activity, regulators amended regulations and...more
2/5/2019
/ Biometric Information Privacy Act ,
CareFirst ,
Class Action ,
CNIL ,
Corporate Fines ,
Cybersecurity ,
Data Privacy ,
General Data Protection Regulation (GDPR) ,
Google ,
Information Systems Security Program (ISSP) ,
Injury-in-Fact ,
National Futures Association ,
Personal Data ,
Popular ,
State Data Breach Notification Statutes ,
Yahoo!
In a unanimous decision handed down on January 25, 2019, the Illinois Supreme Court reversed a lower court opinion and held that a plaintiff need not show actual harm to seek relief under the Biometric Information and Privacy...more