RopesDataPhiles

Practical Data, Privacy & Cybersecurity Tips from Ropes & Gray

Latest from RopesDataPhiles - Page 3

Returning to the Office – Data Privacy Concerns for Companies in Latin America

July 20, 2020

Latin American privacy laws may pose special challenges for businesses considering when and how to reopen their facilities during the coronavirus pandemic. As elsewhere, many companies operating in Latin America may decide to screen employees for their COVID-19 risk-levels before allowing them to enter a shared workspace. Already in place in many European and Asian countries, screening options primarily involve contact tracing or temperature checks. As they focus on health and safety, however, companies should…

RopesDataPhiles

Privacy Shield Invalid but SCCs Survive… What next for international personal data transfers?

By Rohan Massey

July 16, 2020

The European Court of Justice this morning issued a significant – and fairly surprising – ruling on international data transfers in the Schrems II case. Standard contractual clauses remain valid, but the Privacy Shield is invalid and cannot be relied on to legitimise transfers of personal data from the EEA to the US.…

RopesDataPhiles

Universities and Hospitals Facing Increased Cyber Attacks

By Kelsey McIntosh

July 6, 2020

UPDATE July 17, 2020: Representatives of the U.S., British and Canadian governments reported yesterday that Russian hackers affiliated with known hacking group APT29 (or “Cozy Bear”) are targeting attacks on health care organizations researching COVID-19 vaccines. Cozy Bear, previously involved in the 2016 hacking of the Democratic National Committee, has reportedly been using spear-phishing and malware in an effort to steal the research. This announcement comes on the heels of a spate of attacks against…

RopesDataPhiles

New California Privacy Initiative Certified for November Ballot

By Edward McNicholas & Judith Rubin

June 26, 2020

On November 3, 2020, Californians will vote on whether to approve a ballot initiative to enact a new California Privacy Rights Act (CPRA). If, as current polling suggests, California voters pass the CPRA into law in November, it will significantly revise the California Consumer Privacy Act (CCPA) of 2018, which entered into force only in January of this year. The CPRA expands the provisions of the CCPA, removes the ability of businesses to remedy some…

RopesDataPhiles

Companies Newly Engaged in Telemarketing Should Be Aware of Substantial Body of Federal and State Telemarketing Laws

By Kevin Angle

June 12, 2020

Even with states easing COVID-19 related restrictions, suggestions that social distancing could last through the summer (or even longer) have led many companies that traditionally rely on in-person promotional visits to consider other options. One obvious alternative is telephone or text marketing, but companies that are new to the practice should be aware of the numerous federal and state laws and regulations governing telemarketing, which impose significant fines or statutory damages for violations. In one…

RopesDataPhiles

California AG Submits Final Proposed CCPA Regulations to the Office of Administrative Law in Final Step to Effectiveness of the Regulations

By Catherine Skulan & Samantha Brennan

June 4, 2020

On June 1, 2020, the Office of the California Attorney General submitted its final proposed CCPA regulations to the California Office of Administrative Law (OAL) to review for compliance with the California Administrative Procedures Act. The text of the final proposed regulations is the same as the second set of modifications, released on March 11 and summarized here. Accompanying the proposed regulations is a Statement of Reasons setting out modifications from the initial proposed…

RopesDataPhiles

COVID-19 Contact Tracing Apps Essential Requirements and Best Practices

By William Moore & E. Kyle Zipf

May 29, 2020

In addition to the adoption by the European Data Protection Board (“EDPB”) of Guidelines on the use of location data and contact tracing tools in the context of the COVID-19 outbreak, various other European guidance regarding the use of data and technology in connection with COVID-19 has also been published.…

RopesDataPhiles

European Guidelines Adopted on Health Data Processed in the Context of the Covid-19 Outbreak

By William Moore & E. Kyle Zipf

May 28, 2020

On April 21, the European Data Protection Board (“EDPB”) released guidelines on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak (“Guidelines”). The Guidelines note that the GDPR includes various provisions which permit health data to be collected and processed for scientific research purposes connected with COVID-19 and also envisages specific derogations to the prohibition on processing certain special categories of personal data, such as…

RopesDataPhiles

New D.C. Data Security Requirements and Amended Breach Requirements to Take Effect by June 12, 2020

By Kelsey McIntosh

May 27, 2020

Karl Racine, the first elected Attorney General for the District of Columbia, will likely be more of a factor when responding to data breaches in light of a new Washington, D.C. law, which passed at the end of March. Slated to take effect by June 12, 2020, the new Security Breach Protection Amendment Act of 2019 requires entities to maintain “reasonable security safeguards,” significantly expands the definition of “personal information,” imposes new requirements to notify…

RopesDataPhiles

European Guidelines Adopted on Contact Tracing Tools and the Use of Location Data in the Context of the COVID-19 Outbreak

By William Moore & E. Kyle Zipf

May 27, 2020

Recognizing the increasing prevalence of data-driven solutions in combatting COVID-19 and the numerous related privacy concerns, on April 21, the EDPB adopted guidelines on the use of location data and contact tracing tools in the context of the COVID-19 outbreak (“Guidelines”). The Guidelines clarify the conditions and principles for proportionate use of location data and contact tracing tools for two particular purposes: (i) the use of location data to support the response to the pandemic…

RopesDataPhiles

Practical Data, Privacy & Cybersecurity Tips from Ropes & Gray

Returning to the Office – Data Privacy Concerns for Companies in Latin America

Privacy Shield Invalid but SCCs Survive… What next for international personal data transfers?

Universities and Hospitals Facing Increased Cyber Attacks

New California Privacy Initiative Certified for November Ballot

Companies Newly Engaged in Telemarketing Should Be Aware of Substantial Body of Federal and State Telemarketing Laws

California AG Submits Final Proposed CCPA Regulations to the Office of Administrative Law in Final Step to Effectiveness of the Regulations

COVID-19 Contact Tracing Apps Essential Requirements and Best Practices

European Guidelines Adopted on Health Data Processed in the Context of the Covid-19 Outbreak

New D.C. Data Security Requirements and Amended Breach Requirements to Take Effect by June 12, 2020

European Guidelines Adopted on Contact Tracing Tools and the Use of Location Data in the Context of the COVID-19 Outbreak

Stay Connected

Company

Products

Support

New to the Network