Skip to main content

Privacy & Cybersecurity

Viewpoints

Filter by:

Lobbying and Public Policy Viewpoints Thumbnail

Senate Passes IoT Cybersecurity Bill by Unanimous Consent

November 18, 2020 | Blog | By Christian Tamotsu Fjeld, Christopher Harvie

Read more
Privacy & Thumbnail Viewpoints Thumbnail
The European Commission has just published a consultation draft of the long-promised updated version of the Standard Contractual Clauses (SCCs).  The SCCs are the most commonly used legal mechanism for transferring personal data from the EEA to non-EEA countries (known as “third countries”).  In a nutshell, the new SCCs have finally caught up with the GDPR, which came into effect nearly two and a half years ago.  Once the Commission formally adopts the new SCCs, organizations will have a one-year grace period to transition from the old SCCs to the new SCCs.
Read more
Privacy & Thumbnail Viewpoints Thumbnail
US companies and other organizations whose activities involve the use of personal information from Europe were unsettled by the EU Court of Justice’s July 2020 Schrems II decision that cast doubt on the lawfulness of transferring personal data from the EU to the US. The European Data Protection Board (EDPB) has now published its long-awaited guidance as to what it expects organizations to do to bolster protections for transfers of personal data. The new guidance imposes a very high burden on transferors and recipients of EU personal data.
Read more
Privacy & Thumbnail Viewpoints Thumbnail
Voters in California have passed Proposition 24, commonly referred to as the California Privacy Rights Act of 2020 (“CPRA”).  Less than a year after the CCPA became effective, the voters’ approval of the CPRA will provide significant new rights to California consumers, create new compliance obligations for covered businesses, establish a new enforcement agency, and provide for data minimization and retention obligations, among other aspects. 
Read more
Health Care Viewpoints Thumbnail

US Health System Warned of Coordinated Ransomware Attacks

October 30, 2020 | Blog | By Dianne Bourque

US hospitals and healthcare facilities struggling to maintain normal operations during the COVID-19 emergency, were warned this week by the federal Cybersecurity and Infrastructure Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) of a “targeted and imminent cybercrime threat.” Specifically, CISA, FBI and HHS have credible information that malicious cyber actors are targeting hospitals and other health care providers with Trickbot malware, leading to ransomware attacks, data theft and significantly, the disruption of healthcare services during the pandemic.
Read more
Privacy & Thumbnail Viewpoints Thumbnail
Earlier this week, the California Department of Justice unexpectedly released a third set of proposed modifications to the CCPA regulations. This move took place only two months after the California Attorney General’s Office “finalized” the long-awaited CCPA regulations. The latest changes relate to offline notices, “Do Not Sell My Personal Information” opt-out requests, authorized agent requests, and children’s information, as discussed below.
Read more
Privacy & Thumbnail Viewpoints Thumbnail
California Governor Gavin Newsom has signed Assembly Bill 1281 (discussed here) to extend the California Consumer Privacy Act (CCPA) “exemptions” for business-to-business (B2B) and employee personal information.  The exemption was headed for a sunset on December 31, 2020 without legislative action, and this extension will continue through the end of 2022.  
Read more
Privacy & Thumbnail Viewpoints Thumbnail

Kick the CCPA Compliance Program Back Into Gear

September 8, 2020 | Blog | By Cynthia Larose, Natalie Prescott

2020 “back to school” has a whole new meaning in the age of COVID-19.   Now, it is finally time for companies to take compliance with the California Consumer Privacy Act (“CCPA”) off the back burner and implement policies and procedures and processes.  The California Attorney General’s final regulations are in place and approved (“Final Regulations”), and ready for enforcement. 
Read more
Privacy & Thumbnail Viewpoints Thumbnail
Last week, the plaintiffs in three related children’s privacy class actions sought preliminary approval of proposed settlements with sixteen defendants in those coordinated actions.  The matters—known as the Kiloo Action, the Disney Action, and the Viacom Action—are pending in the Northern District of California, case numbers 3:17-CV-04344-JD; 3:17-CV-4419-JD; 3:17-CV-4492-JD. 
Read more
Privacy & Thumbnail Viewpoints Thumbnail
The California Legislature has passed AB-1281 over to the Governor’s desk, approving the continuation of an exemption for personal information collected in the employment context and certain information collected in the course of a business-to-business (B2B) transaction or about B2B-related personnel.  
Read more
Privacy & Thumbnail Viewpoints Thumbnail
California Attorney General Becerra announced Friday afternoon that the Office of Administrative Law (OAL) had approved the final CCPA regulations his office submitted to the OAL in June, and that the review process is complete.   This means that the CCPA Regulations go into effect immediately. 
Read more
Privacy & Thumbnail Viewpoints Thumbnail
The New York State Department of Financial Services (“NYDFS”) has announced its first enforcement action of NYDFS’ Cybersecurity Regulation, Part 500 of Title 23 (“Cybersecurity Regulation”) against First American Title Insurance Company (“First American”), a leading title insurance provider. 
Read more
Practice Hero Privacy Cybersecurity Mintz
Organizations that transfer personal data from the European Union on the basis of the EU Commission-approved Standard Contractual Clauses (SCCs) may be breathing a sigh of relief on hearing that the SCCs have been upheld by the EU’s top court, the Court of Justice of the European Union in its decision in the Schrems II case.   However, the 5,378 US organizations that have certified to Privacy Shield will be deeply disappointed that the Court has invalidated Privacy Shield with immediate effect, just as it did Safe Harbor in 2015. 
Read more
Privacy & Thumbnail Viewpoints Thumbnail
Does your organization transfer personal data from the European Union to the US?  If so, keep an eye out for a key decision on July 16 from the EU’s top court, the Court of Justice of the European Union.  The Schrems II case presents a challenge to the validity of the Standard Contractual Clauses, EU Commission-approved contracts that are widely used to satisfy the GDPR’s requirements for exporting personal data from the EU to other countries. 
Read more
Privacy & Thumbnail Viewpoints Thumbnail
At present, the California Consumer Privacy Act (CCPA) has “temporary” (and limited) exemptions for the application of portions of the CCPA to personal data collected in the course of business-to-business transactions (Section 1798.145(o)) and that of employees and job applicants (Section 1798.145(h).   Both sections will sunset on January 1, 2021 without further action from the Legislature.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

Today’s The Day: CCPA Enforcement Begins

July 1, 2020 | Blog | By Cynthia Larose

As we’ve been writing about in this space for some time, today marks the opening of the CCPA enforcement era.  Despite protestations from the business community, and requests for delay due to the lack of regulations until early June and the ongoing COVID-19 state of emergency, AG Xavier Becerra declined to extend the deadline, saying “Businesses have had since January 1 to comply with the law, and we are committed to enforcing it starting July 1.”
Read more
Privacy & Thumbnail Viewpoints Thumbnail
Just as businesses are gearing up for the start of enforcement of the California Consumer Privacy Act (“CCPA”), California cleared the way for the California Privacy Rights Act (“CPRA”). The CPRA is an initiative imposing greater privacy restrictions on businesses holding consumer data, to be voted on as part of California’s November 2020 ballot.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

NIST Provides Important Guidance For IOT Industry

June 22, 2020 | Blog | By Brian Lam

More prevalent than ever before, Internet of Things (“IOT”) devices, a term that includes connected “smart” devices, such as internet connected TVs, wearables, smart speakers, such as the Amazon Echo and Google Home, are fast becoming a staple of how we interact with each other, and obtain and consume entertainment and information.
Read more
Privacy & Thumbnail Viewpoints Thumbnail
In a proposed class action lawsuit filed in the U.S. District Court for the Northern District of California, Google is facing a potential $5 billion dollar class action for alleged privacy law violations.  The complaint alleges that millions of Google users have been impacted and asks for damages of at least $5,000 per harmed individual.  Implicated are multiple Google offerings, including Google Analytics, Google Ad Manager, website plug-ins, and the Google Sign-In button leveraged by many websites.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

A New CCPA Data Breach Lawsuit Is “Minted”

June 17, 2020 | Blog | By Natalie Prescott, Cynthia Larose

Online stationery and craft company Minted Inc. has been hit with a CCPA class action lawsuit, stemming from a massive data breach the company disclosed in late May.  The proposed class action lawsuit, filed in a California federal court, claims that Minted Inc. failed to implement “reasonable security measures” and to properly encrypt certain personal information.
Read more

Explore Other Viewpoints: