Record Retention is a Key Component of Your Privacy and Cyber Compliance Program
This blogpost summarises our recent webinar: “An urgent message from Berlin: The importance of record retention in privacy and cybersecurity”.…
Latest Articles
Schrems II: AG deems SCCs valid but comes up with difficult new obligations and expresses “doubts” over privacy shield
What has happened?
Yesterday, the Advocate General (“AG”) concluded that, in his opinion, the EU Standard Contractual Clauses (“SCCs”) are a valid mechanism to transfer personal data outside of the European Economic Area (“EEA”). However, the AG suggested new obligations for those using SCCs. They need to examine the national security laws of the country of the data importer to determine whether they can in fact comply with the terms of SCCs.…
Here We Go Again: Another Ballot Initiative for CCPA in 2020
As companies get ready for the California Consumer Privacy Act’s (CCPA) effective date of January 1, 2020, compliance is complicated because there are still several moving variables:
Draft regulations have been proposed but may not be final until after January 1, 2020.
The recent amendments to CCPA include two important exceptions (business-to-business (B2B) and the “employee” exceptions) that sunset on December 31, 2020. It is anticipated that amendments to CCPA will be introduced in the…
Mic Drop: California AG releases long-awaited CCPA Rulemaking
On October 10, 2019, with just weeks to go until the law goes into effect, the California Attorney General released the long-awaited draft regulations for the California Consumer Privacy Act (CCPA). The proposed rules shed light on how the California AG is interpreting and will be enforcing key sections of the CCPA. In the press release announcing the proposed regulations, Attorney General Becerra described CCPA as “[providing] consumers with groundbreaking new rights on the use…
First Data Access Agreement under the CLOUD Act signed by UK and US
On 3 October 2019, the UK and US governments signed the first bilateral Data Access Agreement (the Agreement) under the US Clarifying Lawful Overseas Use of Data Act 2018 (CLOUD Act) and the UK Crime (Overseas Production Orders) Act 2019.…
First Data Access Agreement under the CLOUD Act signed by UK and US
On 3 October 2019, the UK and US governments signed the first bilateral Data Access Agreement (the Agreement) under the US Clarifying Lawful Overseas Use of Data Act 2018 (CLOUD Act) and the UK Crime (Overseas Production Orders) Act 2019.
The Agreement seeks to facilitate faster and more direct access by each country’s agencies in criminal matters to electronic information held by companies in the other jurisdiction (and in particular data held by technology companies on…
New York’s Breach Law Amendments and New Security Requirements
Although California has recently captured the lion’s share of attention with respect to privacy and security, on October 23, 2019, New York’s amended security breach law goes into effect, and on March 1, 2020, new security safeguards go live (N.Y. S.B. 5575). Anyone with personal information about a New York resident is potentially affected by these far-reaching amendments.
Breach Law Changes
Readers may recall that New York’s security breach notification law (N.Y. Gen. Bus. Law…
CCPA: “Wait and see” is not the right approach
US CLOUD Act and International Privacy
Back At The Negotiating Table: CCPA Amendments Debate Continues
