We are delighted to report that Alan L. Friel has joined our global Data Privacy & Cybersecurity Practice as Deputy Chair. Alan arrives from BakerHostetler, where he led the US Consumer Privacy practice, co-chaired the retail, restaurant and e-commerce industry initiative, and served as the California Digital Assets and Data Management Leader.
Alan has nearly three decades of experience in the fields of data collection, monetization, protection and in particular AdTech. He also has many…
This article originally published on February 23, 2021, by the American Bar Association, and is republished here with permission. For more information visit www.americanbar.org.
The article expands on our original report on the Virginia Consumer Data Protection Act published on February 2, 2021.
In the coming days, Governor Ralph Northam is expected to sign into law the Virginia Consumer Data Protection Act (the “Act”), which, if enacted, will become effective on January 1,…
The on-going state competition to enact comprehensive privacy legislation, triggered by the enactment of the 2018 California Consumer Privacy Act, is heating up in 2021. We recently wrote a post on the recent Virginia developments, but the Commonwealth of Virginia is not alone.
New York was closely watched in privacy circles last year, as approximately 30 privacy bills had been introduced and were discussed during the 2019-2020 session. None of the bills were enacted but…
The Information Commissioner’s Office (“ICO”) has, for only the second time in its history, successfully prosecuted individuals under the Computer Misuse Act 1990 (the “Act”) in order to impose harsher criminal penalties for unauthorised access to personal data, (including prison sentences and confiscation orders), than are available under the Data Protection Act 2018 (the “DPA 2018”).…
In a draft adequacy decision, reported to have been seen by the Financial Times (FT), the European Commission (the “Commission”) is set to allow the continued free flow of data between the EU and UK, after confirming that the UK offers an adequate level of protection for personal data, pursuant to Article 45 of the General Data Protection Regulation (the “GDPR”). According to the FT, the draft decision can be expected this week.
The…
The Fifth Circuit Court of Appeals recently handed down a landmark decision criticizing and restricting how the Department of Health and Human Services Office of Civil Rights’ (OCR) interprets HIPAA and OCR’s penalty authority. OCR brought an enforcement action against the University of Texas M.D. Anderson Cancer Center (M.D. Anderson) stemming from three alleged data breaches and violations of various HIPAA requirements. OCR imposed a US$4,348,000 penalty, which M.D. Anderson appealed up to the Fifth…
Join us for a complimentary webinar – Data Security Breaches – Mitigating Risk and Why It Can Cost You Much More Than a Fine.
February 18, 2021 at 2pm GMT/9am EST
Data security breaches remain a key source of concern for most businesses. During this session, our panel of experts will provide you with valuable insights from their experience handling, reporting and communicating on data security breaches and claims. Our panelists will address:
The various…
Since the GDPR came into force in May 2018, data privacy compliance has become increasingly relevant during M&A transactions throughout the EU. A buyer may ultimately be responsible for the historical data protection law breaches of the target business and for picking-up the costs of dealing with any data security breaches that occurred pre-completion of the transaction, but are not detected until post-completion. Data protection non-compliance can affect both the vendor and the buyer involved…
Virginia may join California as the second US state to enact a comprehensive data-privacy law as soon as next week.
On January 29th the Virginia House of Delegates voted 89-9 to pass HB2307 and sent the bill to the state Senate, which is also moving forward with an identical bill (SB 1392) that is currently before the Senate Finance Committee. Because Virginia’s legislative session is extremely short, absent an extension, the Virginia Senate has less…
On January 6, 2021, a group of seventeen democrats and seven republicans introduced in the New York assembly a new bill, A.B. 27, the “Biometric Privacy Act.” The bill (available for download here) is very similar to the Illinois Biometric Information Privacy Act (“BIPA”) which has spawned much litigation, including many class actions lawsuits. In summary, the bill proposes to regulate private entities’ use of “biometric identifiers” and “biometric information,” which are terms that…