All posts by Cooley

Fintech Faces Expanded Applicability of GLBA’s Privacy and Security Requirements

In a little-noticed consent decree in the fall of 2019, the Federal Trade Commission took the position that businesses whose services facilitate financial operations on behalf of financial institutions may themselves be financial institutions subject to the privacy and data security requirements under the Gramm-Leach Bliley Act. This decision may […]

Europe’s Highest Court Invalidates the EU-US Privacy Shield, Casts Doubt on Viability of Model Clauses for Data Transfers to the US

On July 16, 2020, the Court of Justice of the European Union issued a decision that uprooted long-standing legal frameworks on which thousands of US and EU companies have relied to transfer personal data from the EU to the US.

Workplace Testing and Data Protection: Guidance for Employers

As the UK begins to ease lockdown measures, employers in all sectors are considering how their employees can return to work in the safest possible way. For many, this will include testing to check whether employees have (or have already had) COVID-19. Any employer wishing to carry out such testing […]

Rigorous Privacy and InfoSec Requirements May Be in Store for Companies That Accept Government Equity Stakes

Federal government agencies, government-controlled corporations and some government contractors must comply with robust federal laws that govern federal agencies’ privacy and information security practices – the Privacy Act and FISMA, respectively. Now, these laws may apply to companies that accept federal government aid under the Coronavirus Aid, Relief, and Economic […]

Data Protection Post-Brexit: Business as Usual (at Least Until 2021)

The United Kingdom left the European Union at 11:00 pm on January 31, 2020. However, the UK has entered into transitional arrangements with the EU under which the existing data protection frameworks established by the GDPR, including the EU-US Privacy Shield, will continue to apply until December 31, 2020 (the period until […]

Tardy for the CCPA Party? Tips for Your Last Month Before the Deadline

With a month left before the January 1, 2020 deadline to comply with the California Consumer Privacy Act, covered businesses should ideally be well on their way to compliance. But what if you procrastinated and find yourself tardy for the CCPA compliance party? Here are a few practical, last-minute tips […]

Effort to Exempt “HR Data” from CCPA Falters

Labor groups concerned about employee privacy have succeeded in slowing the effort to pass legislation exempting employer-held information from the California Consumer Privacy Act (“CCPA”).  Thanks to their intervention, the proposed legislation – AB 25 – has been revised to provide that the CCPA will apply to personal information of […]

GDPR: Looking to the Year Ahead

On 30 May 2019, the UK data protection regulator, the Information Commissioner’s Office (ICO) published a report, reflecting on its experiences over the year since the introduction of the General Data Protection Regulation (2016/679) (GDPR) and sharing its learnings.