Photo of John Tomaszewski

On July 10th, the European Commission issued its Implementing Decision regarding the adequacy of the EU-US Data Privacy Framework (“DPF”). The Decision has been eagerly awaited by US and Europe based commerce, hoping it will help business streamline cross-Atlantic data transfers, and by activists who have vowed to scrutinize the next framework arrangement (thereby maintaining their relevance). Regardless of the

Continue Reading Adequacy for the US (kind of) – But What Are the Side Effects?

Even before the COVID-19 pandemic, businesses around the world had been bracing for the financial and operational impact of the new California Consumers Privacy Act (“CCPA”), which took effect January 1, 2020. Despite existing and ongoing uncertainty around how to comply and interpret the law, the courts had already began seeing private class actions brought under the CCPA (or using the CCPA as a placeholder with Business and Professions Code Section 17200 and tort claims) filed in February—each presenting interesting and far-reaching legal questions about the new law.
Continue Reading The Impact of COVID-19 on the California Consumer Privacy Act

Seyfarth attorneys Robert Milligan, John Tomaszewski, and Darren Dummit are presenting “The California Consumer Privacy Act – What It Is and What Clients Need to Know, Particularly in Light of COVID-19,” a webinar for ITechLaw on April 7, 2020, at 9 a.m. Central.

The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020, and it establishes new
Continue Reading Seyfarth Attorneys to Present “The California Consumer Privacy Act – What It Is and What Clients Need to Know, Particularly in Light of COVID-19” Webinar

Several high profile ransomware attacks have recently rocked the franchise world fomenting uncertainty and anxiety about franchisors’ legal obligations and liability. Ransomware attacks essentially kidnap a company by shutting down its systems and holdings its data hostage until a ransom fee is paid. In addition to the quantifiable hard costs of paying ransom and hiring experts to mitigate damage and re/build cyber defenses, ransomware victims can be damaged by: (a) third-party liability to the customers and other original owners of compromised data; (b) interruption of business operations during the course of and recovery from an attack; and (c) injury to reputation value in the loss of consumer confidence, appearance of incompetence, and customer attrition. In today’s digital golden era, data is among the world’s most valuable assets, earning the tagline: “data is the new oil.” It therefore comes as no surprise that cybersecurity, which has been a hot topic for years, is garnering increased attention and resources from businesses of all sizes and stages. Yet with each new development in defensive cybersecurity, cybercriminals come up with just as many ways to get around those defenses.
Continue Reading Franchisors: Are You Covering Your Digital Assets?

Cross-posted from The Global Privacy Watch blog. 

Attorney General Becerra’s office posted the long-awaited draft CCPA regulations a little before 2:00 pm (PST) October 10th. It was a bit of a curve ball, to be perfectly honest (considering the final swath of amendments to the CCPA are not even final until Governor Newsom signs them, or on October 13th). Tellingly, the California Administrative Procedure Act requires the California Department of Finance to approve “major regulations” (and they have 30 days to do that) prior to publication. Based on this, it would seem that these regulations were drafted prior to the amendments to the CCPA going through the legislature. This does not seem like an effective way to draft regulations, but hey, no one should tell the AG he shouldn’t jump the gun! They are now out there so, one reviews anyway.

Topping out at a modest 24 pages (the CCPA itself is 19 pages), the regulations are organized into seven articles. We’re directing our comments to the issues that pop out to us initially, and as always, we’ll post further observations as things progress.
Continue Reading And the Wait for CCPA Rules is Over …. Kind Of

In just a few short months, on January 1, 2020, the California Consumer Privacy Act (CCPA) is set to go into effect, establishing new consumer privacy rights for California residents and imposing significant new duties and obligations on commercial businesses conducting business in the state of California. Consumer rights include the right to know what personal information a business is
Continue Reading Upcoming Webinar Series! California Consumer Privacy Act: Is your organization ready?

Cross-Posted from The Global Privacy Watch Blog

In Part 1 of our ‘Texas Joins the Privacy Fray’ series, we focused on the Texas Consumer Privacy Act. Here, we shine the light on the Texas Privacy Protection Act (HB 4390).

The TXPPA is distinguishable from both the TXCPA and the CCPA because the applicability threasholds are different. For the TXPPA to apply, a business must 1) be doing business in Texas; 2) have more than 50 employees; 3) collect personally identifiable information (“PII”) of more than 5,000 individuals, households, or devices (or has it collected on the business’s behalf); and 4) meet one of the following two criteria—the business’ annual gross revenue exceeds $25 million; or the business derives 50% or more of its annual revenue from processing PII.
Continue Reading And Texas Joins the Privacy Fray – Part 2 (or, Everything is Bigger in Texas…)

Cross-Posted from The Global Privacy Watch Blog

Last month, Texas saw the introduction of not one, but TWO privacy bills in the Texas state legislature: The Texas Consumer Privacy Act (TXCPA) and the Texas Privacy Protection Act (TXPPA). With news of this likely meeting with a collective groan and shoulder shrug, we do have some good news for you.

Both bills’ foundations are set with familiar CA Consumer Privacy Act (“CCPA”) language. Unfortunately, this is also bad news because they both suffer from the same problems found in the CCPA – we’ll explain below. It’s also still early in the game, with the bills having just been filed in the state legislature. Given that there is time in the legislative session for amendments to be made and especially considering the ‘ring-side’ view Texas lawmakers have to the CA legislative and Attorney General rule/procedure process currently unfolding, it would be unreasonable not to expect changes. Finally, the bills are reactive responses to the national (or international) focus on privacy issues of late and may allow impacted businesses a grace period, as we’ve seen in the CCPA. In this blog, we shine the light on the first of these bills: The Texas Consumer Privacy Act.
Continue Reading And Texas Joins the Privacy Fray – Part 1 (or, the Elephant in the room just got a LOT bigger…)

The American Intellectual Property Law Association (AIPLA) will host its annual Spring Meeting in Philadelphia on May 15-17, 2019.

Loews Philadelphia Hotel
200 Market Street
Philadelphia, PA 19107

Seyfarth Partner John Tomaszewski is on the panel for “The California Privacy Act of 2018: A Review of California’s New Privacy Law and Tips for Implementing Compliance Measures” session on Thursday, May
Continue Reading Seyfarth Partner John Tomaszewski to Present at the AIPLA 2019 Spring Meeting

Seyfarth has released the results of its fourth annual Real Estate Market Sentiment Survey, which polled commercial real estate executives around the country from all sectors. Of interest to our readers, this year’s survey revealed that 69% of respondents are concerned about a cyberattack hitting their business in 2019, a significant increase compared to last year (46%).

View the full survey results

Cybersecurity isn’t just for technology companies anymore. More and more, we are seeing other critical infrastructure participants becoming targets of cybersecurity attacks. Transportation, construction, and other real property-heavy industries are starting to catch the eye of sophisticated hacking teams – both criminal as well as nation-state sponsored groups.

There are two different threat models in the real estate market: the builder and the manager.
Continue Reading Cyberattacks a Growing Concern for Commercial Real Estate Executives