Skip to main content

Privacy & Cybersecurity

Viewpoints

Filter by:

Viewpoint Thumbnail
As more and more states seek to expand biometric privacy protection, plaintiffs begin to explore new claims under these legislative schemes. Companies, therefore, must proactively monitor their compliance with emerging privacy laws.
Read more
Viewpoint Thumbnail

Is Your Company Still Running Windows 7? READ THIS!

January 10, 2020 | Blog | By Cynthia Larose

If you haven’t been paying attention to all the Microsoft warnings for the past year and your company is still running Windows 7, time’s up.   After January 14, 2020, Microsoft will stop pushing out security updates to Windows 7 for free.  You’ll still be able to run those Windows 7 systems, but they will be more susceptible to security problems and there will be no patches pushed out for these vulnerabilities.  
Read more
Viewpoint Thumbnail
The short answer is “no”.    The CCPA has a specific definition for “service provider” at Section 1798.140(v) – see our annotated version of the CCPA here – and it also requires a vendor to be bound by a written contract that prohibits it from retaining the personal information for “any purpose other than for the specific purpose of performing the services specified in the contract … or as otherwise permitted by this title” and more.
Read more
Viewpoint Thumbnail

A New Decade of HIPAA – What Can We Expect?

December 23, 2019 | Blog | By Sarah Beth Kuyers, Dianne Bourque, Ellen Janos

As the decade winds down, it’s hard to believe that the HIPAA Privacy and Security Rules are almost twenty years old.  It has been ten years since the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the first breach notification rule – the one based on the harm standard.   And the Omnibus Rule’s “low probability of compromise” standard is almost seven years old!   Regulators and regulated entities are heading into the new year and decade with a lot of momentum on some important issues.  As we prepare to welcome 2020, we’d like to indulge in a bit of hindsight – as well as speculation – about what the new decade might hold for HIPAA-regulated entities. 
Read more
Viewpoint Thumbnail
Because the term “consumer” is so broad in the CCPA (remember:  it’s any California resident), it would have applied to employee and job applicant data and all business contact information across the board.  After much negotiation, the legislature enacted (and the Governor signed) two amendments dealing with this information.  Until January 1, 2021, the CCPA will not apply to information collected about employees or job applicants, or in typical business-to-business (B2B) transactions by a business otherwise required to comply with CCPA.
Read more
Viewpoint Thumbnail

CCPA QOTD: What are the penalties for non-compliance with the CCPA?

December 18, 2019 | Blog | By Cynthia Larose

Unless you have been living off the grid for the past year, you likely know that we are now down to 13 days and counting to the effective date of the California Consumer Privacy Act (CCPA).   We have received hundreds of questions and concerns from clients over the past few weeks in the preparations of compliance programs and thought we would share a question of the day (QOTD).
Read more
Viewpoint Thumbnail
The European Data Protection Board (EDPB) recently published an updated version of its guidelines on the territorial scope of the GDPR, which were initially issued just over a year ago.  The revised Guidelines do not significantly change the EDPB’s essential framework for determining whether or not the GDPR applies to a given data processing activity.  The revised Guidelines do provide a few additional (and reasonably useful) examples as well clarifying a few points that were a bit hazy in the original formulation of the EDPB’s framework. 
Read more
Viewpoint Thumbnail

The California Consumer Privacy Act – A Brief Guide for Covered Employers

October 29, 2019 | Blog | By Cynthia Larose, Jennifer Rubin

The California Consumer Privacy Act becomes effective on January 1, 2020 with an amendment that impacts California employers. Covered businesses should, of course, already be in the process of preparing CCPA privacy notices and disclosures. And while the amendment carves out some of the direct CCPA provisions applicable to California employers, employee data – and how it is handled – should also be on every covered employers’ to do list.
Read more
Viewpoint Thumbnail
The California Attorney General’s CCPA draft regulations impose additional requirements for collection of data from children under 13 on top of those imposed by the federal Children’s Online Privacy Protection Act (COPPA), and also create additional requirements for minors between the ages of 13 and 16. Businesses will need to have reasonable processes in place to ensure that the person providing consent for the sale of a child’s data on his or her behalf is actually their parent or legal guardian. Minors must also be able to opt in, and later, opt out, of the sale of their PI. Businesses should include these practices in their privacy policies.   
Read more
Viewpoint Thumbnail
The California Attorney General’s draft regulations specify how businesses verify consumers’ identities when they receive consumers’ data requests.  Specifically, Section 999.323 requires a business (i) to verify consumers’ requests by using available data and implementing reasonable security measures, (ii) not to collect new data for verification unless necessary for security purposes, and (iii) to promptly delete newly collected information.
Read more
Viewpoint Thumbnail
Within Article 3 (pages 10-18), the regulations detail important requirements that every business must follow when providing and fulfilling consumer rights under the CCPA.
Read more
Viewpoint Thumbnail
Article 2 of the California Attorney General’s draft regulations specify certain notices that must be given to consumers at the time of collection of their personal information, including consumers’ rights to opt-out of the sale of their personal information, and notices of financial incentives a business may offer in exchange for consumers’ personal information. Article 2 also provides specific CCPA requirements for company privacy policies.
Read more
Viewpoint Thumbnail

Analysis of Attorney General Regulations to the California Consumer Privacy Act – A Series

October 15, 2019 | Blog | By Christopher Buontempo, Brian Lam, Cynthia Larose, Natalie Prescott, Elana Safner

The California Attorney General’s office (CA AG) has published the long-awaited implementing regulations to the California Consumer Privacy Act (CCPA).  In addition to the regulations, the CA AG also released a Notice of Proposed Rulemaking and Initial Statement of Reasons  to support the draft regulations. The CA AG will hold a series of public hearings as outlined in the Notice of Proposed Regulations, and will be accepting written comments from the public on the regulations until 5:00 PM PST on December 6, 2019. 
Read more
Viewpoint Thumbnail

BREAKING NEWS: California AG Issues Draft CCPA Regulations

October 10, 2019 | Blog | By Cynthia Larose

The California Attorney General has issued draft regulations to the California Consumer Privacy Act.  View the draft regulations in this post.
Read more
Viewpoint Thumbnail
The Court of Justice of the European Union (CJEU) – the European Union’s equivalent to the US Supreme Court – has issued a very important ruling with respect to cookie compliance that may require re-evaluation of your cookie consent practices if your website is available to EU users.   The bottom line:  those pre-ticked boxes for “consent” to the use of cookies are not valid means to obtain consent.  
Read more
Viewpoint Thumbnail

2019 CCPA Amendment Process Comes to a Close

September 20, 2019 | Blog | By Cynthia Larose, Brian Lam

Interested parties and privacy professionals have all been anxiously awaiting how legislative activity would shake out before the California Consumer Privacy Act (“CCPA”) is implemented January 1, 2020.  Now that the dust has settled inside the golden dome in Sacramento and the state legislature’s 2019 session has come to a close, we can see which bills passed and will be provided to Governor Gavin Newsom, who has until October 13th to either veto these bills or sign them into law. 
Read more
Viewpoint Thumbnail

Tech CEOs to Congress: Please Pass Federal Privacy Law

September 10, 2019 | Blog | By Cynthia Larose

51 tech company CEOs today signed and sent an open letter to Congress asking for help to hold off and supersede the rising number of state privacy laws growing like weeds.   The letter was sent on behalf of the Business Roundtable, a group that has sent its own “Framework for Consumer Privacy Legislation” to Congress as a “jumpstart.”
Read more
Viewpoint Thumbnail

California Legislature Working Through Data Privacy Amendments

September 6, 2019 | Blog | By Cynthia Larose

In California's Senate session on September 5, AB 1130 was passed, which amends the state’s data breach notification law. The amendment would include passports, biometric data, and taxpayer and military identification numbers to the definition of “personal information” requiring notice under the breach notification law if breached.
Read more
Viewpoint Thumbnail
Spurred by the rapid evolution of technology, the Federal Trade Commission (“FTC” or “Commission”) decided unanimously to begin a review of the Children’s Online Privacy Protection Act (“COPPA”) Rule. The review could upend compliance plans for many businesses with a digital footprint.
Read more
Viewpoint Thumbnail

And the CCPA Amendment Countdown Begins ….

August 13, 2019 | Blog | By Cynthia Larose

The California Legislature has returned from its summer recess and got right to work on the pending amendments to the California Consumer Privacy Act (CCPA).   The Legislature has 30 days from today to send any amendments to the Governor’s desk for signature. 
Read more
Sign up to receive email updates from Mintz.
Subscribe Now

Days Left Until CCPA

Explore Other Viewpoints: