High-Tech Law Blog

A legal blog addressing technology and privacy issues

Blog Authors

Latest from High-Tech Law Blog

New York was concerned that companies with sensitive data, such as people’s banking information, social security numbers and other financial records could be unlawfully accessed by hackers (other nations, individuals, companies). The New York Department of Financial Services (“DFS”) has promulgated regulations entitled the “Cybersecurity Requirements for Financial Services Companies” which can be found at 23 NYCRR 500. The regulation applies to “Covered Entities” which means any person or individual holding a permit or…
So while the California Consumer Privacy Act of 2018 won’t take effect until 2020 (or later depending on when the regulations are issued), when it does go into effect, part of it will require companies who are subject to the act to have kept records of the data collected within the 12 months prior to the effectiveness of the act. This seems a little retroactive in application and its questionable legally of how this will…
We introduced the California Consumer Privacy Act of 2018 (CCPA) before, and there has been some updates since then.  While the CCPA was to take effect on January 1, 2020, the date of effectiveness and the date when the California Attorney General has to promulgate the regulations for same has been pushed back to July 1, 2020.  Similarly, the time of enforcement of same is to be that date if the regulations are published…
One of the more interesting and useful items to come out of the Tax Cut and Jobs Act of 2018 are the creation of so-called Opportunity Zones. An Opportunity Zone is a particular census tract which the government has designated as a distressed community, and investments in same are entitled to certain benefits vis a vis the investor’s capital gains taxes from such investment. The goal is to stimulate investments into such areas which would…
So the wave of privacy laws originating in Europe has hit the United States.  On June 28, 2018, the California Consumer Privacy Act of 2018 was signed into law (referred to in this post as the “Act” or the “Law”).  It is both similar to, and distinct from, the GDPR.  Companies should absolutely not assume that if they are GDPR compliant, that they would also compliant with the California law.  The California law has…
Any company that is subject to the GDPR, among other things, must ensure that it does and can timely comply with requests from any EU data subject with respect to the data subject’s rights under the GDPR, which are: Right of access – EU data subjects are entitled to know if their data is being processed and if so the terms of same. Right to rectification – EU data subjects have the right to correct…
The GDPR requires consent as a basis for a company to transfer personal data.  Prior to the GDPR, EU Directive 94/46/EC only required “opt out” consent, which could be implicit.   The GDPR however, requires that the data subject agree to or make “a statement or clear affirmative action” granting such consent for use or transfer of personal data.  Consent must be “freely given, specific informed and unambiguous.”  This is more than implicit, but less…
So this is the question that is coming up more and more here in the United States – Does the GDPR apply to our company? Remember that GDPR was put in place to protect individuals from improper use of their personal data and also to allow them to freely move same, and to enjoy certain other rights with respect to their personal data.  While its reach is broad, the GDPR does not apply to processing of…
At the heart of it, the European Union’s new data privacy legislation, the General Data Protection Regulation (“GDPR”), restricts what the company’s that hold or manipulate personal data of individuals can do with it, and what type of consent is required for what acts.  Like all regulations, there are a number of defined terms, which must be understood to grasp the coverage of the GDPR.  In summary it covers a lot of activities that companies…
We will be doing a number of posts on the European Union’s General Data Protection Regulation (“GDPR”) as it will be taking effect in May of 2018.  Unlike its predecessor the GDPR is not a directive, but a regulation, meaning that all EU member countries have to comply with its explicit terms (unlike a directive which they are to incorporate into their domestic law).  The GDPR applies to a lot of data, but only that…