Privacy & Cybersecurity
Viewpoints
Filter by:
Brexit Transition Period: Guidance from Information Commissioner’s Office
February 3, 2020 | Blog
Some US companies who do business in the UK are wondering whether they need to update their GDPR notices or take other steps now that the UK has officially left the European Union. The answer is: Not yet. The threat of a “Hard Brexit” with immediate changes to UK laws has passed.
Read more
REMINDER: Brexit Effects on Privacy Shield
January 31, 2020 | Blog | By Cynthia Larose
Now that the United Kingdom has officially withdrawn from the European Union as of January 31, you should look at your transfers of personal data in light of Brexit. Under the Withdrawal Agreement between the UK and the EU, EU law (including GDPR) will continue to apply to and in the UK during the transition period from January 31, 2020 to December 21, 2020.
Read more
The Next Act for the Architect of the California Consumer Privacy Act: The California Privacy Rights Act
January 30, 2020 | Blog
With the CCPA having just become effective January 1st, 2020, affected entities and consumers may not have expected that actions are already being taken to dramatically amplify the consumer protections put in place by the CCPA. Yet Alastair Mactaggart, who led the effort that resulted in the CCPA, via the advocacy group Californians for Consumer Privacy, has put forth a ballot initiative, to be known as the California Privacy Rights Act (CPRA), to do just that.
Read more
Congressional Privacy Action – Part 2: The House
January 29, 2020 | Blog | By Christian Tamotsu Fjeld, Christopher Harvie, Cynthia Larose
The House is taking a different approach to drafting a federal privacy bill. On December 18, Democratic and Republican staff for the House Energy & Commerce Committee released a bipartisan staff draft for circulation. The “staff” in “staff draft” is key – the document does not necessarily reflect the policy positions of Members, particularly committee Chairman Frank Pallone (D-NJ) and Ranking Member Greg Walden (R-OR).
Read more
Congressional Privacy Action – Part 1: The Senate
January 28, 2020 | Blog | By Christian Tamotsu Fjeld, Christopher Harvie, Cynthia Larose
As 2020 gets underway, Congress will continue to deliberate on federal privacy legislation in the second session of the 116th Congress. The California Consumer Privacy Protection Act (CCPA) went into effect on January 1, and the state will begin enforcing the law on July 1. State Attorney General Xavier Becerra (D) is expected to release final regulations implementing CCPA within six months (although business certainly hopes sooner….).
Read more
The Anatomy of Biometric Laws: What U.S. Companies Need To Know in 2020
January 15, 2020 | Blog
As more and more states seek to expand biometric privacy protection, plaintiffs begin to explore new claims under these legislative schemes. Companies, therefore, must proactively monitor their compliance with emerging privacy laws.
Read more
Is Your Company Still Running Windows 7? READ THIS!
January 10, 2020 | Blog | By Cynthia Larose
If you haven’t been paying attention to all the Microsoft warnings for the past year and your company is still running Windows 7, time’s up. After January 14, 2020, Microsoft will stop pushing out security updates to Windows 7 for free. You’ll still be able to run those Windows 7 systems, but they will be more susceptible to security problems and there will be no patches pushed out for these vulnerabilities.
Read more
CCPA QOTD: Isn’t every vendor a “service provider” under the CCPA?
December 23, 2019 | Blog | By Cynthia Larose
The short answer is “no”. The CCPA has a specific definition for “service provider” at Section 1798.140(v) – see our annotated version of the CCPA here – and it also requires a vendor to be bound by a written contract that prohibits it from retaining the personal information for “any purpose other than for the specific purpose of performing the services specified in the contract … or as otherwise permitted by this title” and more.
Read more
A New Decade of HIPAA: What Can We Expect?
December 23, 2019 | Blog | By Dianne Bourque, Ellen Janos
As the decade winds down, it’s hard to believe that the HIPAA Privacy and Security Rules are almost twenty years old. It has been ten years since the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the first breach notification rule – the one based on the harm standard. And the Omnibus Rule’s “low probability of compromise” standard is almost seven years old! Regulators and regulated entities are heading into the new year and decade with a lot of momentum on some important issues. As we prepare to welcome 2020, we’d like to indulge in a bit of hindsight – as well as speculation – about what the new decade might hold for HIPAA-regulated entities.
Read more
CCPA QOTD: What are the employee/applicant and “business to business” exemptions?
December 19, 2019 | Blog | By Cynthia Larose
Because the term “consumer” is so broad in the CCPA (remember: it’s any California resident), it would have applied to employee and job applicant data and all business contact information across the board. After much negotiation, the legislature enacted (and the Governor signed) two amendments dealing with this information. Until January 1, 2021, the CCPA will not apply to information collected about employees or job applicants, or in typical business-to-business (B2B) transactions by a business otherwise required to comply with CCPA.
Read more
CCPA QOTD: What are the penalties for non-compliance with the CCPA?
December 18, 2019 | Blog | By Cynthia Larose
Unless you have been living off the grid for the past year, you likely know that we are now down to 13 days and counting to the effective date of the California Consumer Privacy Act (CCPA). We have received hundreds of questions and concerns from clients over the past few weeks in the preparations of compliance programs and thought we would share a question of the day (QOTD).
Read more
Revised Guidelines on the Territorial Scope of the GDPR and Local Representatives
December 2, 2019 | Blog
The European Data Protection Board (EDPB) recently published an updated version of its guidelines on the territorial scope of the GDPR, which were initially issued just over a year ago. The revised Guidelines do not significantly change the EDPB’s essential framework for determining whether or not the GDPR applies to a given data processing activity. The revised Guidelines do provide a few additional (and reasonably useful) examples as well clarifying a few points that were a bit hazy in the original formulation of the EDPB’s framework.
Read more
The California Consumer Privacy Act – A Brief Guide for Covered Employers
October 29, 2019 | Blog | By Cynthia Larose, Jennifer Rubin
The California Consumer Privacy Act becomes effective on January 1, 2020 with an amendment that impacts California employers. Covered businesses should, of course, already be in the process of preparing CCPA privacy notices and disclosures. And while the amendment carves out some of the direct CCPA provisions applicable to California employers, employee data – and how it is handled – should also be on every covered employers’ to do list.
Read more
Analysis of Attorney General Regulations to CCPA – Part 4: Special Rules Regarding Minors
October 21, 2019 | Blog
The California Attorney General’s CCPA draft regulations impose additional requirements for collection of data from children under 13 on top of those imposed by the federal Children’s Online Privacy Protection Act (COPPA), and also create additional requirements for minors between the ages of 13 and 16. Businesses will need to have reasonable processes in place to ensure that the person providing consent for the sale of a child’s data on his or her behalf is actually their parent or legal guardian. Minors must also be able to opt in, and later, opt out, of the sale of their PI. Businesses should include these practices in their privacy policies.
Read more
Analysis of Attorney General Regulations to CCPA – Part 3: Verification Procedures
October 18, 2019 | Blog
The California Attorney General’s draft regulations specify how businesses verify consumers’ identities when they receive consumers’ data requests. Specifically, Section 999.323 requires a business (i) to verify consumers’ requests by using available data and implementing reasonable security measures, (ii) not to collect new data for verification unless necessary for security purposes, and (iii) to promptly delete newly collected information.
Read more
Analysis of Attorney General Regulations to CCPA – Part 2: Business Practices for Handling Consumer Requests
October 17, 2019 | Blog
Within Article 3 (pages 10-18), the regulations detail important requirements that every business must follow when providing and fulfilling consumer rights under the CCPA.
Read more
Analysis of Attorney General Regulations to the CCPA– Part 1: Notices to Consumers
October 16, 2019 | Blog | By Christopher Buontempo
Article 2 of the California Attorney General’s draft regulations specify certain notices that must be given to consumers at the time of collection of their personal information, including consumers’ rights to opt-out of the sale of their personal information, and notices of financial incentives a business may offer in exchange for consumers’ personal information. Article 2 also provides specific CCPA requirements for company privacy policies.
Read more
Analysis of Attorney General Regulations to the California Consumer Privacy Act – A Series
October 15, 2019 | Blog | By Christopher Buontempo, Cynthia Larose
The California Attorney General’s office (CA AG) has published the long-awaited implementing regulations to the California Consumer Privacy Act (CCPA). In addition to the regulations, the CA AG also released a Notice of Proposed Rulemaking and Initial Statement of Reasons to support the draft regulations. The CA AG will hold a series of public hearings as outlined in the Notice of Proposed Regulations, and will be accepting written comments from the public on the regulations until 5:00 PM PST on December 6, 2019.
Read more
BREAKING NEWS: California AG Issues Draft CCPA Regulations
October 10, 2019 | Blog | By Cynthia Larose
The California Attorney General has issued draft regulations to the California Consumer Privacy Act. View the draft regulations in this post.
Read more
Ruling from Europe’s High Court: “Active” Consent Required for Cookies
October 2, 2019 | Blog | By Cynthia Larose
The Court of Justice of the European Union (CJEU) – the European Union’s equivalent to the US Supreme Court – has issued a very important ruling with respect to cookie compliance that may require re-evaluation of your cookie consent practices if your website is available to EU users. The bottom line: those pre-ticked boxes for “consent” to the use of cookies are not valid means to obtain consent.
Read more
Viewpoint Editors
Cynthia J. Larose
Member / Chair, Privacy & Cybersecurity Practice
John B. Koss
Managing Director, E-Data Consulting Group
Dianne J. Bourque
Member
Christopher J. Harvie
Member
Kevin M. McGinty
Member / Co-chair, Class Action Practice
Explore Other Viewpoints:
- Antitrust
- Appellate
- Arbitration, Mediation & Alternate Dispute Resolution
- Artificial Intelligence
- Awards
- Bankruptcy & Restructuring
- California Land Use
- Class Action
- Complex Commercial Litigation
- Construction
- Consumer Product Safety
- Cross-Border Asset Recovery
- Debt Financing
- Direct Investing (M&A)
- Diversity
- EB-5 Financing
- Education & Nonprofits
- Employment
- Energy & Sustainability
- Environmental Enforcement Defense
- Environmental Law
- FDA Regulatory
- Federal Circuit Appeals
- Financial Institution Litigation
- Government Law
- Growth Equity
- Health Care
- Health Care Compliance, Fraud and Abuse, & Regulatory Counseling
- Health Care Enforcement & Investigations
- Health Care Transactions
- Health Information Privacy & Security
- IP Due Diligence
- IPRs & Other Post Grant Proceedings
- Immigration
- Insolvency & Creditor Rights Litigation
- Institutional Investor Class Action Recovery
- Insurance & Financial Services
- Insurance Consulting & Risk Management
- Insurance and Reinsurance Problem-Solving & Dispute Resolution
- Intellectual Property
- Investment Funds
- Israel
- Licensing & Technology Transactions
- Life Sciences
- Litigation & Investigations
- M&A Litigation
- ML Strategies
- Medicare, Medicaid and Commercial Coverage & Reimbursement
- Mergers & Acquisitions
- Patent Litigation
- Patent Prosecution & Strategic Counseling
- Pharmacy Benefits and PBM Contracting
- Portfolio Companies
- Privacy & Cybersecurity
- Private Client
- Private Equity
- Pro Bono
- Products Liability & Complex Tort
- Projects & Infrastructure
- Public Finance
- Real Estate Litigation
- Real Estate Transactions
- Real Estate, Construction & Infrastructure
- Retail & Consumer Products
- Securities & Capital Markets
- Securities Litigation
- Special Purpose Acquisition Company (SPACs)
- Sports & Entertainment
- Strategic IP Monetization & Licensing
- Tax
- Technology
- Technology, Communications & Media
- Technology, Communications & Media Litigation
- Trade Secrets
- Trademark & Copyright
- Trademark Litigation
- Venture Capital & Emerging Companies
- White Collar Defense & Government Investigations
- Women's Health and Technology