The Canadian House of Commons introduced draft legislation that, if enacted, would align federal Canadian privacy law with the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). The draft legislation, titled the Consumer Privacy Protection Act (CPPA), proposes significant advancements to the current legal regime governing personal data.
Read more »Tag: personal data
-
Canada Introduces Legislation to Revamp Federal Privacy Landscape Posted on: February 16, 2021 In: Data Privacy & Cybersecurity
-
CCPA 2.0 and the Changing Privacy Landscape, Part V: New & Expanded Consumer Rights Posted on: February 08, 2021 In: Data Privacy & Cybersecurity
The newly-passed California Privacy Rights Act (CPRA) includes additional and expanded consumer rights not currently existing under the California Consumer Privacy Act (CCPA). This fifth installment in our series about the changes to the CCPA brought by the CPRA focuses on consumers’ new rights of correction and access to certain personal information and revisions to certain existing consumer rights in the CCPA, including rights to know (and access), deletion, non-discrimination, and rights for minors.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part IV: Data Minimization & Retention Posted on: January 26, 2021 In: Data Privacy & Cybersecurity
The fourth installment in our ongoing series about changes to the California Consumer Privacy Act (CCPA) focuses on the new data minimization and data retention requirements for subject businesses created by the passage of the California Privacy Rights Act (CPRA) on November 3, 2020. These provisions also obligate subject entities to implement business-wide internal policy changes to accommodate the possible need to change their data collection and retention policies before the CPRA is fully operative.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part III: Notice Obligations & Right to Opt Out Posted on: January 15, 2021 In: Data Privacy & Cybersecurity
This third installment in our ongoing series about changes to the California Consumer Privacy Act (CCPA) focuses on the new consumer opt-out rights and business disclosure obligations created by the California Privacy Rights Act (CPRA), which was approved by voters last November. Part I of this series looked at the CPRA’s definition and treatment of “sensitive personal information.” Part II discussed covered “businesses” and exemptions.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape: CPRA’s Definition and Treatment of “Sensitive Personal Information” Posted on: December 23, 2020 In: Data Privacy & Cybersecurity
On November 3, 2020, Californians approved Proposition 24, a ballot measure creating the California Privacy Rights Act (CPRA), which amends and expands the provisions and requirements of the California Consumer Privacy Act (CCPA). In this Digital Insights series on the CPRA, we will highlight and detail some of the most substantive and important modifications the new law will impose on the CCPA, and what those changes mean to businesses subject to California’s ever-evolving privacy regime.
Read more »
-
Healthcare Providers Beware: HIPAA Applies When Complying With Subpoenas Posted on: August 18, 2020 In: Data Privacy & Cybersecurity
Much scrutiny has been given to the treatment for COVID-19 and the use of funds in fighting it. In time, the local, state, and federal governments will be investigating or prosecuting organizations accepting COVID-19 funds or treating those with the coronavirus. Covered entities, such as healthcare providers and health plans, might be served with subpoenas and discovery requests. It is important to know how to manage the release or disclosure of patient information subject to these requests.
Read more »
-
ECJ Invalidates the EU-US Privacy Shield as Adequate Transfer Mechanism Posted on: July 16, 2020 In: Data Privacy & Cybersecurity
In a ruling issued on July 16, 2020, the European Court of Justice (ECJ) invalidated the EU-U.S. Privacy Shield – a primary mechanism available to companies exporting personal data from the European Economic Area (EEA) to the United States.
Read more »
-
Accounting Firms: Confirming Security of Client Information After Reports of Tax Fraud Posted on: July 14, 2020 In: Data Privacy & Cybersecurity
The July 15, 2020 extended tax-filing deadline is upon us. Accounting and tax preparation firms are squarely in the crosshairs of opportunistic cyber criminals looking to obtain and exploit sensitive information for the purposes of committing tax fraud. Unfortunately, thousands of Americans will see fraudulent tax returns filed in their names this year, and the accounting firm that files the client’s taxes is often the most obvious target for blame, but the source of the tax exploit may not be as obvious.
Read more »
-
California AG Submits CCPA Regulations for Final Approval, Paving the Way Toward Enforcement Posted on: June 03, 2020 In: Data Privacy & Cybersecurity
On Monday, June 1, 2020, the California Attorney General’s Office announced that it had submitted the final version of its proposed regulations under the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL) for review and approval.
Read more »
-
Legislative Alert: Vermont Expands Definition of Personal Information and Enacts Protections for Student Privacy and Automatic Subscription Renewals Posted on: March 19, 2020 In: Data Privacy & Cybersecurity
On March 5, 2020, Vermont Governor Phil Scott signed into law Senate Bill 110, which amends sections of Chapter 62 of the Vermont Statutes Annotated - “Protection of Personal Information” - including Sections 2430, 2435, and 2454. The bill also adds Section 2443 to the chapter, which governs the privacy of student information belonging to preschool, kindergarten, elementary, and secondary school students.
Read more »
-
Washington State Data Breach Notification Statute Updates Go Into Effect, Imposing New Requirements on Businesses Posted on: March 17, 2020 In: Data Privacy & Cybersecurity
Effective March 1, 2020, amendments to the Washington State data breach notification statute made the law significantly more onerous for companies dealing with data security incidents. The amendments, which we first covered in May 2019, expanded the definition of personal information, shortened the deadlines for notification, and imposed additional requirements for notice contents.
Read more »
-
Ransomware and the Paramount Importance of Evidence Preservation for Healthcare Entities Posted on: March 10, 2020 In: Data Privacy & Cybersecurity
Organizations regulated by the Healthcare Information Privacy and Accountability Act (HIPAA) must take special care to preserve valuable forensic artifacts at the outset of a ransomware or other cybersecurity event. The HIPAA Breach Notification Rule presumes a cybersecurity incident has resulted in unauthorized access to unsecured protected health information and the burden shifts to the organization to show a low probability of the compromise of the health information it maintains.
Read more »