The on-going state competition to enact comprehensive privacy legislation, triggered by the enactment of the 2018 California Consumer Privacy Act, is heating up in 2021. We recently wrote a post on the recent Virginia developments, but the Commonwealth of Virginia is not alone. New York was closely watched in privacy circles last year, as approximately 30 privacy bills had been introduced and were discussed during the 2019-2020 session. None of the bills were enacted but…

The Information Commissioner’s Office (“ICO”) has, for only the second time in its history, successfully prosecuted individuals under the Computer Misuse Act 1990 (the “Act”) in order to impose harsher criminal penalties for unauthorised access to personal data, (including prison sentences and confiscation orders), than are available under the Data Protection Act 2018 (the “DPA 2018”).…

In a draft adequacy decision, reported to have been seen by the Financial Times (FT), the European Commission (the “Commission”) is set to allow the continued free flow of data between the EU and UK, after confirming that the UK offers an adequate level of protection for personal data, pursuant to Article 45 of the General Data Protection Regulation (the “GDPR”). According to the FT, the draft decision can be expected this week. The…

The Fifth Circuit Court of Appeals recently handed down a landmark decision criticizing and restricting how the Department of Health and Human Services Office of Civil Rights’ (OCR) interprets HIPAA and OCR’s penalty authority. OCR brought an enforcement action against the University of Texas M.D. Anderson Cancer Center (M.D. Anderson) stemming from three alleged data breaches and violations of various HIPAA requirements. OCR imposed a US$4,348,000 penalty, which M.D. Anderson appealed up to the Fifth…

Join us for a complimentary webinar – Data Security Breaches – Mitigating Risk and Why It Can Cost You Much More Than a Fine. February 18, 2021 at 2pm GMT/9am EST Data security breaches remain a key source of concern for most businesses. During this session, our panel of experts will provide you with valuable insights from their experience handling, reporting and communicating on data security breaches and claims. Our panelists will address: The various…

Since the GDPR came into force in May 2018, data privacy compliance has become increasingly relevant during M&A transactions throughout the EU.  A buyer may ultimately be responsible for the historical data protection law breaches of the target business and for picking-up the costs of dealing with any data security breaches that occurred pre-completion of the transaction, but are not detected until post-completion. Data protection non-compliance can affect both the vendor and the buyer involved…

Virginia may join California as the second US state to enact a comprehensive data-privacy law as soon as next week. On January 29th the Virginia House of Delegates voted 89-9 to pass HB2307 and sent the bill to the state Senate, which is also moving forward with an identical bill (SB 1392) that is currently before the Senate Finance Committee. Because Virginia’s legislative session is extremely short, absent an extension, the Virginia Senate has less…