Sunday, September 27, 2020

Subscribers Only

Free

Employee Training and Record-Keeping Requirements in the Final CCPA Regulations and a Preview of...

The California Consumer Privacy Act (CCPA) does not in itself outline specific employee training or record-keeping requirements that demonstrate business compliance with the law. However, the California attorney general’s final CCPA Regulations, intended to guide the application of the CCPA, detail that specific types of employee training and record-keeping are required for CCPA compliance. Read the full post […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

5 Takeaways from California’s “Final” CCPA Regulations

Stacey Garrett of Mitratech identifies five key points taken from the CCPA final regulations, and a quick look at what’s on the horizon. The $25 million revenue threshold for a business to be subject to the CCPA does not have to be met from within California. Privacy Policies must contain a description of consumers’ rights—even […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

New Data Protection Law in the DIFC: Who Does It Apply To and How...

The Dubai International Financial Centre has a new data protection law and regulations: the Data Protection Law DIFC Law No. 5 of 2020, and the Data Protection Regulations. This legislation became effective on July 1, repealing the previous law (Data Protection Law DIFC Law No. 1 of 2007). However, businesses have a grace period of […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

New California Privacy Rights Act on the 2020 Ballot

The California Privacy Rights Act has qualified for the November 2020 ballot, and if California voters approve this initiative, it will expand the rights of California residents under the current California Consumer Privacy Act, beginning on January 1, 2023. Two major provisions include: The creation of the California Privacy Protection Agency, which would have full […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Spotting and Mitigating Enforcement Issues Concerning Cybersecurity-Related Controls and Disclosures

The growing frequency and public awareness of cyber incidents, evolution of technologies employed by intruders, and proliferation of personal data and infrastructure vulnerable to attack have all contributed to heightened regulatory scrutiny of corporate cybersecurity measures. Public companies are now expected to publish and update timely disclosures about cybersecurity risks affecting their business, to implement […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

HIPAA Covered Entities And Business Associates Need An IT Asset Inventory List, OCR Recommends

Last week, in its Cybersecurity Summer Newsletter, the Office of Civil Right published best practices for creating an IT asset inventory list to assist healthcare providers and business associates in understanding where electronic protected health information is located within their organization, and improve HIPAA Security Rule compliance. OCR investigations often find that organizations “lack sufficient […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

If Passed, New Bill AB 2320 Will Mandate Cyber Insurance For State Government Contractors

Earlier this year, Assemblyman Edwin Chau (D-Monterey Park) introduced Assembly Bill 2320. AB 2320, if passed, would require any business that contracts with the state and has access to records containing personal information protected under the state’s Information Practices Act (IPA) to maintain cyber insurance coverage. Information covered under the IPA includes names, social security […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Spy Games: How Insider/Outsider Threats Have Become the Newest Cybersecurity Legal Risk

Cybersecurity does not just pose technical challenges; companies must always keep their eye on the human component of cyber risk. For example, even the most damaging and sophisticated hacks – such as the recent Twitter hacks – can result from spear-phishing. Imagine that: multi-billion-dollar new technology communication apparatuses brought to their knees by charming fraudsters […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

California Bill Extending Employment and B2B Compliance Obligations for CCPA Heads to Governor Newsom’s...

A bill that would extend California Consumer Privacy Act compliance obligations for employment information and business-to-business information has passed through both chambers of the California Legislature and has been sent to Governor Gavin Newsom’s desk for signature before the end of September. Read the full post at Carlton Fields
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

EDPB Publishes Guidelines on the GDPR Concepts of “Controller”, “Joint Controller” and “Processor”

On September 2, 2020, the European Data Protection Board adopted guidelines on the concepts of “controller” and processor” under the GDPR. The Article 29 Working Party had already issued a guidance on this topic in 2010. Although the GDPR did not change the definitions of “controller” and “processor”, the EDPB’s guidelines aim to bring further […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.