On July 10th, the European Commission issued its Implementing Decision regarding the adequacy of the EU-US Data Privacy Framework (“DPF”). The Decision has been eagerly awaited by US and Europe based commerce, hoping it will help business streamline cross-Atlantic data transfers, and by activists who have vowed to scrutinize the next framework arrangement (thereby maintaining their relevance). Regardless of theContinue Reading Adequacy for the US (kind of) – But What Are the Side Effects?
This post was originally published on Seyfarth’s Gadgets, Gigabytes & Goodwill blog.
Ransomware attacks have become one of the most common and pervasive cybercrimes perpetrated against US companies. A bad actor, often from overseas, will gain access to upload malware onto a company’s network storage or application platforms that encrypts all files it can access. A message or text file is usually left with instructions on how to contact the attacker to pay a ransom for the decryption key. In the worst case, a ransomware attack can freeze the business operations by effectively removing access to the company’s critical systems and rendering them useless. Aside from the business impact, what legal implications are created by a ransomware attack?…
In this unprecedented time, businesses are, more than ever, implementing and rapidly rolling out programs for remote or at-home work by employees. The quick changes in local and state governmental “shelter in place” instructions and Public Heath directives have placed significant strains on remote networks and caused local shortages of laptop computers at office supply and electronic stores across the country.
Continue Reading Cybersecurity, Data Privacy, and Compliance Issues Related to Remote Workers
Cross-posted from The Global Privacy Watch blog.
Attorney General Becerra’s office posted the long-awaited draft CCPA regulations a little before 2:00 pm (PST) October 10th. It was a bit of a curve ball, to be perfectly honest (considering the final swath of amendments to the CCPA are not even final until Governor Newsom signs them, or on October 13th). Tellingly, the California Administrative Procedure Act requires the California Department of Finance to approve “major regulations” (and they have 30 days to do that) prior to publication. Based on this, it would seem that these regulations were drafted prior to the amendments to the CCPA going through the legislature. This does not seem like an effective way to draft regulations, but hey, no one should tell the AG he shouldn’t jump the gun! They are now out there so, one reviews anyway.
Topping out at a modest 24 pages (the CCPA itself is 19 pages), the regulations are organized into seven articles. We’re directing our comments to the issues that pop out to us initially, and as always, we’ll post further observations as things progress.
Continue Reading And the Wait for CCPA Rules is Over …. Kind Of
Cross-posted from the Carpe Datum Law blog.
In our May blog post, we took issue with the broadcast statement that ‘consumer privacy law was sweeping the country and that other states were jumping on the California Consumer Privacy Law (CCPA) bandwagon to enact their own state law.’ The problem as we saw it, was that the truth behind these sensationalistic statements was a bit more nuanced than people were led to believe. Most states, we found, that introduced consumer privacy legislation simply did not follow through, either by outright killing the legislation (MS) or by taking a step back with a wait and see approach (see TX). Nevada, by contrast, did neither. Instead, its legislature enacted its own consumer privacy solution, through SB 220, or as we call it, ‘the limited privacy amendment.’ We’ve opted to discuss Nevada’s approach here primarily because of its more restrictive application online and because its October 1, 2019, operational date is a full three months before the CCPA becomes operational.
First, the limited privacy amendment is not the CCPA. Let’s make that perfectly clear. True, it was modeled on the opt-out section of the CCPA, but it isn’t a mirror copy as it amends existing law. There are three primary areas operators conducting business over the Internet need to be aware of, when evaluating compliance measures: …
Continue Reading Nevada: Bucking the Wait and See Approach to Consumer Privacy Law
In just a few short months, on January 1, 2020, the California Consumer Privacy Act (CCPA) is set to go into effect, establishing new consumer privacy rights for California residents and imposing significant new duties and obligations on commercial businesses conducting business in the state of California. Consumer rights include the right to know what personal information a business is…
Continue Reading Upcoming Webinar Series! California Consumer Privacy Act: Is your organization ready?
California, home to more than 40 million people and the 5th largest economy in the world, has passed the California Consumer Privacy Act (CCPA), its omnibus consumer privacy law. The law creates sweeping new requirements concerning the collection, maintenance, and tracking of information for both employees or customers who are residents of California. Many aspects of the implementation and enforcement are still being finalized by the California Attorney General. However, companies with employees or customers in California need to take stock of the information they are processing that could qualify as “personal information” for California residents, and they need to begin establishing mechanisms for compliance before the end of 2019.
Continue Reading The California Consumer Privacy Act of 2018: What Businesses Need to Know Now