Privacy & Cybersecurity
Viewpoints
Filter by:
Congressional Privacy Action – Part 1: The Senate
January 28, 2020 | Blog | By Christian Tamotsu Fjeld, Christopher Harvie, Cynthia Larose
As 2020 gets underway, Congress will continue to deliberate on federal privacy legislation in the second session of the 116th Congress. The California Consumer Privacy Protection Act (CCPA) went into effect on January 1, and the state will begin enforcing the law on July 1. State Attorney General Xavier Becerra (D) is expected to release final regulations implementing CCPA within six months (although business certainly hopes sooner….).
Read more
The Anatomy of Biometric Laws: What U.S. Companies Need To Know in 2020
January 15, 2020 | Blog
As more and more states seek to expand biometric privacy protection, plaintiffs begin to explore new claims under these legislative schemes. Companies, therefore, must proactively monitor their compliance with emerging privacy laws.
Read more
Is Your Company Still Running Windows 7? READ THIS!
January 10, 2020 | Blog | By Cynthia Larose
If you haven’t been paying attention to all the Microsoft warnings for the past year and your company is still running Windows 7, time’s up. After January 14, 2020, Microsoft will stop pushing out security updates to Windows 7 for free. You’ll still be able to run those Windows 7 systems, but they will be more susceptible to security problems and there will be no patches pushed out for these vulnerabilities.
Read more
A New Decade of HIPAA: What Can We Expect?
December 23, 2019 | Blog | By Sarah Beth Kuyers, Dianne Bourque, Ellen Janos
As the decade winds down, it’s hard to believe that the HIPAA Privacy and Security Rules are almost twenty years old. It has been ten years since the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the first breach notification rule – the one based on the harm standard. And the Omnibus Rule’s “low probability of compromise” standard is almost seven years old! Regulators and regulated entities are heading into the new year and decade with a lot of momentum on some important issues. As we prepare to welcome 2020, we’d like to indulge in a bit of hindsight – as well as speculation – about what the new decade might hold for HIPAA-regulated entities.
Read more
CCPA QOTD: Isn’t every vendor a “service provider” under the CCPA?
December 23, 2019 | Blog | By Cynthia Larose
The short answer is “no”. The CCPA has a specific definition for “service provider” at Section 1798.140(v) – see our annotated version of the CCPA here – and it also requires a vendor to be bound by a written contract that prohibits it from retaining the personal information for “any purpose other than for the specific purpose of performing the services specified in the contract … or as otherwise permitted by this title” and more.
Read more
CCPA QOTD: What are the employee/applicant and “business to business” exemptions?
December 19, 2019 | Blog | By Cynthia Larose
Because the term “consumer” is so broad in the CCPA (remember: it’s any California resident), it would have applied to employee and job applicant data and all business contact information across the board. After much negotiation, the legislature enacted (and the Governor signed) two amendments dealing with this information. Until January 1, 2021, the CCPA will not apply to information collected about employees or job applicants, or in typical business-to-business (B2B) transactions by a business otherwise required to comply with CCPA.
Read more
CCPA QOTD: What are the penalties for non-compliance with the CCPA?
December 18, 2019 | Blog | By Cynthia Larose
Unless you have been living off the grid for the past year, you likely know that we are now down to 13 days and counting to the effective date of the California Consumer Privacy Act (CCPA). We have received hundreds of questions and concerns from clients over the past few weeks in the preparations of compliance programs and thought we would share a question of the day (QOTD).
Read more
Revised Guidelines on the Territorial Scope of the GDPR and Local Representatives
December 2, 2019 | Blog | By Susan Foster
The European Data Protection Board (EDPB) recently published an updated version of its guidelines on the territorial scope of the GDPR, which were initially issued just over a year ago. The revised Guidelines do not significantly change the EDPB’s essential framework for determining whether or not the GDPR applies to a given data processing activity. The revised Guidelines do provide a few additional (and reasonably useful) examples as well clarifying a few points that were a bit hazy in the original formulation of the EDPB’s framework.
Read more
The California Consumer Privacy Act – A Brief Guide for Covered Employers
October 29, 2019 | Blog | By Cynthia Larose, Jennifer Rubin
The California Consumer Privacy Act becomes effective on January 1, 2020 with an amendment that impacts California employers. Covered businesses should, of course, already be in the process of preparing CCPA privacy notices and disclosures. And while the amendment carves out some of the direct CCPA provisions applicable to California employers, employee data – and how it is handled – should also be on every covered employers’ to do list.
Read more
Analysis of Attorney General Regulations to CCPA – Part 4: Special Rules Regarding Minors
October 21, 2019 | Blog
The California Attorney General’s CCPA draft regulations impose additional requirements for collection of data from children under 13 on top of those imposed by the federal Children’s Online Privacy Protection Act (COPPA), and also create additional requirements for minors between the ages of 13 and 16. Businesses will need to have reasonable processes in place to ensure that the person providing consent for the sale of a child’s data on his or her behalf is actually their parent or legal guardian. Minors must also be able to opt in, and later, opt out, of the sale of their PI. Businesses should include these practices in their privacy policies.
Read more
Analysis of Attorney General Regulations to CCPA – Part 3: Verification Procedures
October 18, 2019 | Blog
The California Attorney General’s draft regulations specify how businesses verify consumers’ identities when they receive consumers’ data requests. Specifically, Section 999.323 requires a business (i) to verify consumers’ requests by using available data and implementing reasonable security measures, (ii) not to collect new data for verification unless necessary for security purposes, and (iii) to promptly delete newly collected information.
Read more
Analysis of Attorney General Regulations to CCPA – Part 2: Business Practices for Handling Consumer Requests
October 17, 2019 | Blog
Within Article 3 (pages 10-18), the regulations detail important requirements that every business must follow when providing and fulfilling consumer rights under the CCPA.
Read more
Analysis of Attorney General Regulations to the CCPA– Part 1: Notices to Consumers
October 16, 2019 | Blog | By Christopher Buontempo
Article 2 of the California Attorney General’s draft regulations specify certain notices that must be given to consumers at the time of collection of their personal information, including consumers’ rights to opt-out of the sale of their personal information, and notices of financial incentives a business may offer in exchange for consumers’ personal information. Article 2 also provides specific CCPA requirements for company privacy policies.
Read more
Analysis of Attorney General Regulations to the California Consumer Privacy Act – A Series
October 15, 2019 | Blog | By Christopher Buontempo, Cynthia Larose
The California Attorney General’s office (CA AG) has published the long-awaited implementing regulations to the California Consumer Privacy Act (CCPA). In addition to the regulations, the CA AG also released a Notice of Proposed Rulemaking and Initial Statement of Reasons to support the draft regulations. The CA AG will hold a series of public hearings as outlined in the Notice of Proposed Regulations, and will be accepting written comments from the public on the regulations until 5:00 PM PST on December 6, 2019.
Read more
BREAKING NEWS: California AG Issues Draft CCPA Regulations
October 10, 2019 | Blog | By Cynthia Larose
The California Attorney General has issued draft regulations to the California Consumer Privacy Act. View the draft regulations in this post.
Read more
Ruling from Europe’s High Court: “Active” Consent Required for Cookies
October 2, 2019 | Blog | By Cynthia Larose
The Court of Justice of the European Union (CJEU) – the European Union’s equivalent to the US Supreme Court – has issued a very important ruling with respect to cookie compliance that may require re-evaluation of your cookie consent practices if your website is available to EU users. The bottom line: those pre-ticked boxes for “consent” to the use of cookies are not valid means to obtain consent.
Read more
2019 CCPA Amendment Process Comes to a Close
September 20, 2019 | Blog | By Cynthia Larose
Interested parties and privacy professionals have all been anxiously awaiting how legislative activity would shake out before the California Consumer Privacy Act (“CCPA”) is implemented January 1, 2020. Now that the dust has settled inside the golden dome in Sacramento and the state legislature’s 2019 session has come to a close, we can see which bills passed and will be provided to Governor Gavin Newsom, who has until October 13th to either veto these bills or sign them into law.
Read more
Tech CEOs to Congress: Please Pass Federal Privacy Law
September 10, 2019 | Blog | By Cynthia Larose
51 tech company CEOs today signed and sent an open letter to Congress asking for help to hold off and supersede the rising number of state privacy laws growing like weeds. The letter was sent on behalf of the Business Roundtable, a group that has sent its own “Framework for Consumer Privacy Legislation” to Congress as a “jumpstart.”
Read more
California Legislature Working Through Data Privacy Amendments
September 6, 2019 | Blog | By Cynthia Larose
In California's Senate session on September 5, AB 1130 was passed, which amends the state’s data breach notification law. The amendment would include passports, biometric data, and taxpayer and military identification numbers to the definition of “personal information” requiring notice under the breach notification law if breached.
Read more
Facsimiles and Other Fossils: FTC Initiates Review to Update COPPA Rule to Keep Pace with Emerging and Connected Technology
August 26, 2019 | Blog | By Cynthia Larose
Spurred by the rapid evolution of technology, the Federal Trade Commission (“FTC” or “Commission”) decided unanimously to begin a review of the Children’s Online Privacy Protection Act (“COPPA”) Rule. The review could upend compliance plans for many businesses with a digital footprint.
Read more
Viewpoint Editors
Cynthia J. Larose
Member / Chair, Privacy & Cybersecurity Practice
John B. Koss
Managing Director, E-Data Consulting Group
Susan L. Foster, Ph.D.
Member
Dianne J. Bourque
Member
Christopher J. Harvie
Member
Kevin M. McGinty
Member / Co-chair, Class Action Practice
Explore Other Viewpoints:
- Antitrust
- Appellate
- Arbitration, Mediation & Alternate Dispute Resolution
- Awards
- Bankruptcy & Restructuring
- California Land Use
- Class Action
- Complex Commercial Litigation
- Construction
- Consumer Product Safety
- Cross-Border Asset Recovery
- Debt Financing
- Diversity
- EB-5 Financing
- Education & Nonprofits
- Employment, Labor & Benefits
- Energy & Sustainability
- Environmental Enforcement Defense
- Environmental Law
- FDA Regulatory
- Federal Circuit Appeals
- Financial Institution Litigation
- Government Law
- Health Care
- Health Care Compliance, Fraud and Abuse, & Regulatory Counseling
- Health Care Enforcement & Investigations
- Health Care Transactions
- Health Information Privacy & Security
- IP Due Diligence
- IPRs & Other Post Grant Proceedings
- Immigration
- Insolvency & Creditor Rights Litigation
- Institutional Investor Class Action Recovery
- Insurance & Financial Services
- Insurance Consulting & Risk Management
- Insurance and Reinsurance Problem-Solving & Dispute Resolution
- Intellectual Property
- Investment Funds
- Israel
- Licensing & Technology Transactions
- Life Sciences
- Litigation & Investigations
- M&A Litigation
- ML Strategies
- Medicare, Medicaid and Commercial Coverage & Reimbursement
- Mergers & Acquisitions
- Patent Litigation
- Patent Prosecution & Strategic Counseling
- Privacy & Cybersecurity
- Private Client
- Private Equity
- Pro Bono
- Products Liability & Complex Tort
- Projects & Infrastructure
- Public Finance
- Real Estate Litigation
- Real Estate Transactions
- Real Estate, Construction & Infrastructure
- Retail & Consumer Products
- Securities & Capital Markets
- Securities Litigation
- Special Purpose Acquisition Company (SPACs)
- Sports & Entertainment
- Strategic IP Monetization & Licensing
- Tax
- Technology
- Technology, Communications & Media
- Trade Secrets
- Trademark & Copyright
- Trademark Litigation
- Venture Capital & Emerging Companies
- White Collar Defense & Government Investigations