Expert Opinion

The California Consumer Privacy Act (CCPA) does not in itself outline specific employee training or record-keeping requirements that demonstrate business compliance with the law. However, the California attorney general’s final CCPA Regulations, intended to guide the application of the CCPA, detail that specific types of employee training and record-keeping are required for CCPA compliance. Read the full post […]

Stacey Garrett of Mitratech identifies five key points taken from the CCPA final regulations, and a quick look at what’s on the horizon. The $25 million revenue threshold for a business to be subject to the CCPA does not have to be met from within California. Privacy Policies must contain a description of consumers’ rights—even […]

The Dubai International Financial Centre has a new data protection law and regulations: the Data Protection Law DIFC Law No. 5 of 2020, and the Data Protection Regulations. This legislation became effective on July 1, repealing the previous law (Data Protection Law DIFC Law No. 1 of 2007). However, businesses have a grace period of […]

The California Privacy Rights Act has qualified for the November 2020 ballot, and if California voters approve this initiative, it will expand the rights of California residents under the current California Consumer Privacy Act, beginning on January 1, 2023. Two major provisions include: The creation of the California Privacy Protection Agency, which would have full […]

The growing frequency and public awareness of cyber incidents, evolution of technologies employed by intruders, and proliferation of personal data and infrastructure vulnerable to attack have all contributed to heightened regulatory scrutiny of corporate cybersecurity measures. Public companies are now expected to publish and update timely disclosures about cybersecurity risks affecting their business, to implement […]

Last week, in its Cybersecurity Summer Newsletter, the Office of Civil Right published best practices for creating an IT asset inventory list to assist healthcare providers and business associates in understanding where electronic protected health information is located within their organization, and improve HIPAA Security Rule compliance. OCR investigations often find that organizations “lack sufficient […]

Earlier this year, Assemblyman Edwin Chau (D-Monterey Park) introduced Assembly Bill 2320. AB 2320, if passed, would require any business that contracts with the state and has access to records containing personal information protected under the state’s Information Practices Act (IPA) to maintain cyber insurance coverage. Information covered under the IPA includes names, social security […]

Cybersecurity does not just pose technical challenges; companies must always keep their eye on the human component of cyber risk. For example, even the most damaging and sophisticated hacks – such as the recent Twitter hacks – can result from spear-phishing. Imagine that: multi-billion-dollar new technology communication apparatuses brought to their knees by charming fraudsters […]

A bill that would extend California Consumer Privacy Act compliance obligations for employment information and business-to-business information has passed through both chambers of the California Legislature and has been sent to Governor Gavin Newsom’s desk for signature before the end of September. Read the full post at Carlton Fields

On September 2, 2020, the European Data Protection Board adopted guidelines on the concepts of “controller” and processor” under the GDPR. The Article 29 Working Party had already issued a guidance on this topic in 2010. Although the GDPR did not change the definitions of “controller” and “processor”, the EDPB’s guidelines aim to bring further […]