Covered institutions will need to review their cybersecurity and incident response policies and procedures ahead of the applicable compliance deadline. ...more
8/12/2024
/ Broker-Dealer ,
Brokers ,
Compliance ,
Covered Entities ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Incident Response Plans ,
Investment Companies ,
New Rules ,
Policies and Procedures ,
Registered Investment Advisors ,
Regulation S-P ,
Securities and Exchange Commission (SEC) ,
Transfer Agents
Covered institutions will need to review their cybersecurity and incident response policies and procedures ahead of the applicable compliance deadline.
The Securities and Exchange Commission (SEC) recently adopted...more
8/9/2024
/ Broker-Dealer ,
Compliance ,
Compliance Dates ,
Cyber Incident Reporting ,
Cybersecurity ,
Incident Response Plans ,
Investment Adviser ,
Investment Companies ,
Policies and Procedures ,
Popular ,
Registered Investment Advisors ,
Risk Mitigation ,
S&P ,
Securities and Exchange Commission (SEC) ,
Transfer Agents
Oregon and Delaware have become the seventh and eighth US states this year to enact general data privacy legislation — growing the US state privacy framework to 13 states. This blog post analyzes the key requirements of both...more
The new framework provides an additional route for personal data transfers from the EEA to the US.
On 10 July 2023, the European Commission (EC) took the final step to enable businesses to start relying on the new EU-US...more
8/1/2023
/ Adequacy Requirement ,
Certification Requirements ,
Compliance ,
Data Privacy ,
Department of Transportation (DOT) ,
Enforcement Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
Framework Agreement ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Privacy Framework ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance ,
Switzerland ,
US-EU Safe Harbor Framework
The California Attorney General’s investigative sweep is a potential harbinger of increased focus on employers’ data privacy compliance with respect to employee data.
On July 14, 2023, the California Attorney General...more
7/20/2023
/ Artificial Intelligence ,
Automation Systems ,
B2B Organizations ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Data Collection ,
Data Privacy ,
Employee Monitoring ,
Employee Privacy Rights ,
Employees ,
Enforcement Priorities ,
Fair Credit Reporting Act (FCRA) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Job Applicants ,
Notice Requirements ,
State Attorneys General
The new laws introduce novel applicability thresholds and other requirements that businesses should consider when preparing for compliance with US state privacy laws, including those coming into effect from 2023 onwards....more
Iowa’s new data privacy law, which will come into force in 2025, adds to an increasingly complex patchwork of state laws.
On March 28, 2023, Iowa became the sixth US state to pass a comprehensive privacy law. The Iowa...more
Businesses will need to take additional steps to ensure compliance as exemptions under the California Consumer Privacy Act expire at the end of 2022.
The California legislature adjourned its 2022 session without...more
Due diligence on restaurant companies should factor in industry-specific legal and operational risks.
Buyers acquire restaurant companies to access new brands, expand and diversify, or vertically integrate. Attractive...more
8/17/2022
/ Acquisitions ,
Business Licenses ,
Contract Terms ,
Cybersecurity ,
Due Diligence ,
Environmental Social & Governance (ESG) ,
Food Safety ,
Franchise Agreements ,
Franchises ,
Liquor Licences ,
Mergers ,
Restaurant Industry ,
Suppliers ,
Wage and Hour
Background -
2020 was a busy year on the global data privacy front, and marks the first full year of the California Consumer Privacy Act (CCPA). Businesses that posted their CCPA Privacy Policy in January 2020 will need...more
Not too long ago, an investment manager looking to invest in a company might conduct due diligence, attend investor relation calls, peruse quarterly or annual filings, and consider standard ratios such as price to earnings...more
3/5/2020
/ California Consumer Privacy Act (CCPA) ,
Data Privacy ,
EU ,
EU Market Abuse Regulation (EU MAR) ,
Financial Institutions ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Investment Advisers Act of 1940 ,
MiFID ,
Regulation S-P ,
Risk Management ,
Risk Mitigation ,
Securities Exchange Act
While still in draft form, the modifications both clarify certain obligations and introduce new uncertainty for businesses covered by the CCPA.
Key Points:
..On February 7 and 10, 2020, the California AG announced and...more
Covered businesses have much work to do to revise disclosures, implement choice mechanisms, and design compliant data subject request programs.
Key Points:
..The Attorney General’s draft regulations, released on October...more
The Act’s final statutory form has taken shape, leaving the 2018 version of the law largely intact.
Key Points:
..The California State Senate and Assembly have completed their legislative session, passing only modest...more
UK data protection regulator demands companies in the RTB ecosystem re-evaluate privacy notices, use of personal data, and lawful basis.
The UK Information Commissioner’s Office’s (ICO’s) latest report into adtech and real...more
9/11/2019
/ Advertising ,
Auction ,
Consent ,
Cookies ,
DIFC ,
European Supervisory Authorities (ESAs) ,
Google ,
Information Commissioner's Office (ICO) ,
Information Reports ,
Online Advertisements ,
Personal Data ,
Regulatory Requirements ,
UK
The Guidance provides helpful clarifications for service providers and their customers on both sides of the Atlantic.
Long-awaited guidance on the territorial scope of the General Data Protection Regulation (GDPR) has been...more