Data Privacy & Cybersecurity PracticeIn recent months, a total of 101 complaints have been filed against data exporters in Europe for allegedly transferring data to the United States in violation of the European Union’s General Data Protection Regulation (GDPR) by way of the use of Google Analytics. The first decision by the Austrian Data Protection Authority (DPA) on January 13, 2022 held that an Austrian company was in violation of GDPR for impermissibly transferring personal data to the US via Google Analytics.
Read more »Tag: personal data
-
Austrian DPA Says Google Analytics Use Violates GDPR Posted on: February 08, 2022 In: Data Privacy & Cybersecurity
-
FTC Warns Health Apps, Connected Device Companies to Comply with Health Breach Notification Rule Posted on: September 22, 2021 In: Data Privacy & CybersecurityOn September 15, 2021, the Federal Trade Commission (FTC) released a policy statement to offer guidance on the scope of its Health Breach Notification Rule (the Rule) in relation to health applications and connected devices. The Rule, issued in 2009, helps ensure entities not covered under the Health Insurance Portability and Accountability Act (HIPAA) are held accountable when consumers’ sensitive health information that has been entrusted to them is compromised.
Read more »
-
Legislative Alert: Colorado Privacy Act Passes State Senate, Signed Into Law By Governor Posted on: June 10, 2021 In: Data Privacy & CybersecurityOn June 8, 2021, the Colorado Senate passed the Colorado Privacy Act (CPA). It was then signed into law by Colorado Governor Jared Polis on July 7, 2021, and will go into effect on July 1, 2023. The CPA follows in the tradition of the California Consumer Privacy Act (CCPA) and Virginia’s Consumer Data Protection Act (CDPA) by creating consumer rights and imposing requirements on businesses to guarantee greater protections over consumers’ personal data.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part VII: Penalties and Enforcement Mechanisms Posted on: June 02, 2021 In: Data Privacy & CybersecurityAs discussed throughout this series, the passage of the California Privacy Rights Act (CPRA) will change the privacy landscape in California and impact the compliance efforts of businesses serving California consumers. In addition to expansion of the rights promised to consumers under the California Consumer Privacy Act (CCPA), this seventh installment in our series discusses the new penalties and enforcement mechanisms for subject businesses created by passage of the CPRA on November 3, 2020.
Read more »
-
Canada Introduces Legislation to Revamp Federal Privacy Landscape Posted on: February 16, 2021 In: Data Privacy & CybersecurityThe Canadian House of Commons introduced draft legislation that, if enacted, would align federal Canadian privacy law with the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). The draft legislation, titled the Consumer Privacy Protection Act (CPPA), proposes significant advancements to the current legal regime governing personal data.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part V: New & Expanded Consumer Rights Posted on: February 08, 2021 In: Data Privacy & CybersecurityThe newly-passed California Privacy Rights Act (CPRA) includes additional and expanded consumer rights not currently existing under the California Consumer Privacy Act (CCPA). This fifth installment in our series about the changes to the CCPA brought by the CPRA focuses on consumers’ new rights of correction and access to certain personal information and revisions to certain existing consumer rights in the CCPA, including rights to know (and access), deletion, non-discrimination, and rights for minors.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part IV: Data Minimization & Retention Posted on: January 26, 2021 In: Data Privacy & CybersecurityThe fourth installment in our ongoing series about changes to the California Consumer Privacy Act (CCPA) focuses on the new data minimization and data retention requirements for subject businesses created by the passage of the California Privacy Rights Act (CPRA) on November 3, 2020. These provisions also obligate subject entities to implement business-wide internal policy changes to accommodate the possible need to change their data collection and retention policies before the CPRA is fully operative.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part III: Notice Obligations & Right to Opt Out Posted on: January 15, 2021 In: Data Privacy & CybersecurityThis third installment in our ongoing series about changes to the California Consumer Privacy Act (CCPA) focuses on the new consumer opt-out rights and business disclosure obligations created by the California Privacy Rights Act (CPRA), which was approved by voters last November. Part I of this series looked at the CPRA’s definition and treatment of “sensitive personal information.” Part II discussed covered “businesses” and exemptions.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape: CPRA’s Definition and Treatment of “Sensitive Personal Information” Posted on: December 23, 2020 In: Data Privacy & CybersecurityOn November 3, 2020, Californians approved Proposition 24, a ballot measure creating the California Privacy Rights Act (CPRA), which amends and expands the provisions and requirements of the California Consumer Privacy Act (CCPA). In this Digital Insights series on the CPRA, we will highlight and detail some of the most substantive and important modifications the new law will impose on the CCPA, and what those changes mean to businesses subject to California’s ever-evolving privacy regime.
Read more »
-
Healthcare Providers Beware: HIPAA Applies When Complying With Subpoenas Posted on: August 18, 2020 In: COVID-19 ResponseMuch scrutiny has been given to the treatment for COVID-19 and the use of funds in fighting it. In time, the local, state, and federal governments will be investigating or prosecuting organizations accepting COVID-19 funds or treating those with the coronavirus. Covered entities, such as healthcare providers and health plans, might be served with subpoenas and discovery requests. It is important to know how to manage the release or disclosure of patient information subject to these requests.
Read more »
-
ECJ Invalidates the EU-U.S. Privacy Shield as Adequate Transfer Mechanism Posted on: July 16, 2020 In: Data Privacy & CybersecurityIn a ruling issued on July 16, 2020, the European Court of Justice (ECJ) invalidated the EU-U.S. Privacy Shield – a primary mechanism available to companies exporting personal data from the European Economic Area (EEA) to the United States.
Read more »
-
Accounting Firms: Confirming Security of Client Information After Reports of Tax Fraud Posted on: July 14, 2020 In: Data Privacy & CybersecurityThe July 15, 2020 extended tax-filing deadline is upon us. Accounting and tax preparation firms are squarely in the crosshairs of opportunistic cyber criminals looking to obtain and exploit sensitive information for the purposes of committing tax fraud. Unfortunately, thousands of Americans will see fraudulent tax returns filed in their names this year, and the accounting firm that files the client’s taxes is often the most obvious target for blame, but the source of the tax exploit may not be as obvious.
Read more »
Blog Search
Featured Posts
- February 10, 2023 Historic Hermès Jury Verdict Paves Way for Digital Trademark Rights
- January 13, 2023 Sports Law: A Year in Review & What to Watch for in 2023
- January 06, 2023 Federal Trade Commission Cracks Down on Non-Compete Agreements
- December 06, 2022 Just In Time: Last Minute Compliance Tips for the CPRA and VCDPA
Blog Tags
alabama
arkansas
audit
biometric data
blockchain
breach notification
california
canada
ccpa
cisa
client notification
colorado
congress
connecticut
consumer data
consumer notification
consumer rights
coronavirus
covid-19
cppa
cpra
cryptocurrency
cyberattack
cyber insurance
cybersecurity
cyber threat
cyberwarfare
data breach
data privacy
data protection
data security
delaware
email
employment
equifax
eu
eu-u.s. privacy shield
european union
executive order
fbi
fcra
federal trade commission
financial fraud kill chain
fincen
fraud
ftc
gdpr
hacking
healthcare
hhsocr
hipaa
holiday season
human resources
identity theft
illinois
incident response
information security
irs
legislation
legislative alert
malware
maryland
massachusetts
microsoft
microsoft exchange servers
microsoft office 365
multi-factor authentication
multi-factor identification
new jersey
new mexico
new york
ninth circuit
nist
nist security controls
ofac
opt out
personal data
personal information
phishing
privacy law
privacy protection patchwork
protected health information
ransomware
regulations
reporting requirements
sec
social engineering
social media
statute
strengthening american cybersecurity act
supreme court
tax returns
treasury department
utah
vcdpa
virginia
w2
washington
wire transfers
workplace policy