Here are the key data protection provisions of the proposed Brexit deal that was announced Thursday: What it says: The EU will start assessing adequacy of the UK for the purpose of cross-border transfers with the aim of finalizing by end of 2020. The UK will establish a regime recognizing transfers to the EU during the same time frame. What we think this means for 2020: From now until December 2020, cross-border transfers to and…

Sen. Ed Markey , D-Mass., has introduced a bill (S. 2577) imposing considerable obligations on data brokers regarding their handling of personal information. Key provisions: Don’t collect personal information under false pretenses. Have policies and procedures to ensure the accuracy of the information. Provide an individual a means to review any personal information that you collect/maintain. Upon a verified request, disclose to the requesting individual information about the information collected, time of collection, who it…

For a lighter, but still instructive, take on the California Consumer Privacy Act and the recently released CCPA draft regulations, here are the Ten Commandments of CCPA Compliance: • Thou shalt make for yourself a person overseeing privacy compliance in thine corporation. • Thou shalt map thy data so thou knowest what it is, wherefrom it cometh and where it is shared. • Thou shalt keep thy service providers close and thy third parties closer…

Providers of services that involve the personal information of California residents: What do the proposed CCPA Regs mean for your compliance? You may want to: Reassess whether CCPA applies to you – this is now possible if you otherwise meet the requirements for “service provider” under CCPA, and: are a “service provider” to an entity which is not a business (e.g. education systems, hospitals etc.) direct a person or entity to collect personal information directly from…

“New York Gov. Andrew Cuomo recently signed legislation that will effectively prohibit ambulance and first response service providers from disclosing or selling patient data to third parties for marketing purposes. The bill was signed into law on October 7. The new law bans the sale of patient data, or individually identifying information to third parties, outside of sales to health providers, the patient’s insurer, and other parties with appropriate legal authority. Under the law, all…

“Companies doing business in California may face a heightened risk of litigation when the state’s new privacy law takes effect in January, litigation and privacy attorneys say,” reports Bloomberg’s Sara Merken. “The California Consumer Privacy Act clears the way for state residents to sue companies for data breaches involving certain information, if a company fails to maintain reasonable security. Californians can seek damages of between $100 and $750 per consumer per incident under the law.…

A new study estimates the costs of California Consumer Privacy Act (CCPA) compliance: “California’s new privacy law could cost companies a total of up to $55 billion in initial compliance costs, according to an economic impact assessment prepared for the state attorney general’s office by an independent research firm.” “On the low end, the researchers estimated that firms with fewer than 20 employees might have to pay around $50,000 at the outset to become compliant.…