On October 12, 2020, California’s Attorney General proposed a third set of modifications to California Consumer Privacy Act (“CCPA”) regulations. These proposed modifications come nearly two months after the final regulations were approved and made effective by the California Office
Data Privacy & Security Observer
Legal Developments and Thought Leadership in Data Privacy and Cyber Security
Latest from Data Privacy & Security Observer - Page 4
OCC Issues $400 Million Civil Penalty in Consent Order with Citibank Over Risk and Data Governance
On October 7, 2020, The Office of the Comptroller of the Currency (“OCC”) announced that it had assessed a $400 million civil penalty against Citibank, N.A. regarding alleged deficiencies in its enterprise-wide risk management and data governance programs and its…
Brazil’s Data Protection Law (“LGPD”) Retroactively Effective
On September 18, 2020, Brazil’s data protection law (Lei Geral de Proteção de Dados Pessoais, or “LGPD”) became retroactively effective August 16, 2020. Penalties do not begin until August 1, 2021, based on a previous delay passed by Brazil’s legislature.…
California Advances Bills Extending CCPA Employee / B2B Exemption and Regulating Contact Tracing
On August 19, 2020, the California State Assembly on Appropriations ordered to a second reading Assembly Bill (“AB”) 1281, which would extend the exemption of the California Consumer Privacy Act (“CCPA”) in relation to employee information and business-to-business (“B2B”) transactions…
Final CCPA Regulations Approved by California OAL, Effective Immediately
On Friday, August 14, 2020, the California Attorney General released the final CCPA regulations issued under the California Consumer Privacy Act of 2018 (“CCPA”) as approved by the California Office of Administrative Law (“OAL”), and filed them with the California…
European Union and U.S. Department of Commerce to Re-Evaluate Enhanced EU-U.S. Privacy Shield
Yesterday, on August 10, 2020, the European Commission (“Commission”) and the Department of Commerce (“DoC”) issued a joint statement announcing they are beginning discussions to evaluate potential enhancements to the EU-U.S. Privacy Shield framework. These discussions have begun to address…
Vermont Amends Data Breach Notification Law, Enacts Student Privacy Act
Vermont Amends Data Breach Notification Law
On July 1, 2020, amendments to Vermont’s Security Breach Notice Act, 9 V.S.A. §§ 2330 & 2335, took effect along with a new “Student Online Personal Information Protection Act.”
Key amendments to the security…
Berlin Data Protection Authority Halts Berlin-U.S. Data Transfers Following Schrems II Decision
We previously posted on yesterday’s Schrems II decision issued by the Court of Justice of the European Union (CJEU). Today (Jun 17, 2020), the Berlin data protection authority (Berlin DPA) went even further than the CJEU opinion, issuing a statement…
Court Of Justice of European Union (CJEU) Issues Schrems II Decision, Validating Standard Contractual Clauses, Invalidating EU-US Privacy Shield under GDPR
On July 16, 2020, the Court of Justice of the European Union (“CJEU” or “Court”) issued a significant judgment in Case C-311/18 (“Schrems II decision”) on the adequacy of protection provided by the EU-US Data Protection Shield. The court concluded…
California Attorney General Submits Final Proposed CCPA Regulations
On June 1, 2020, California Attorney General Xavier Becerra submitted a finalized package of CCPA regulations to the California Office of Administrative Law (OAL). The package included not only the final text of the regulations, but also the final statement…