Swiss Data Protection Authority Finds Swiss-US Privacy Shield Inadequate
Key takeaways Switzerland aligns with the Schrems II decision +5,000 organizations impacted by the Swiss announcement Contractual and technical measures, on an ad hoc basis, could be put in place to adequately protect data Absent viable measures that meet Swiss law requirements, parties should not engage in cross-border data transfers […]
California Legislature Passes One-Year Extension of CCPA’s Human Resources and B2B Exemptions
On August 30, 2020, the California Legislature passed Assembly Bill 1281, which would extend until January 1, 2022 the exemptions under the California Consumer Privacy Act for certain human resources and business-to-business information. Governor Newsom has until September 30, 2020 to sign or veto AB 1281. If the governor takes […]
New York Department of Financial Services Launches Enforcement of Cybersecurity Rules
The New York Department of Financial Services recently initiated its first action to enforce the department’s cybersecurity regulation. The regulation has been in effect since March 1, 2017 and applies to all financial institutions regulated by the NY DFS.
LGPD Update: Brazil’s Data Protection Law Moves Closer to Taking Effect
Brazil’s data protection law, Lei Geral de Proteção de Dados (LGPD) (English translation available here), took a significant step forward on August 26, 2020, when the Brazilian Senate rejected the Chamber of Deputies’ proposal to postpone the LGPD’s effective date until December 31, 2020. The Senate also adopted a proposal […]
CCPA Regulations Take Effect August 14, 2020, California AG Announces Final Revisions
On August 14, 2020, the California Attorney General announced that the state’s Office of Administrative Law approved the AG’s proposed regulations pursuant to the California Consumer Privacy Act. The final regulations, which took immediate effect on the day of the announcement, reflect the withdrawal of the following provisions (as well […]
Fintech Faces Expanded Applicability of GLBA’s Privacy and Security Requirements
In a little-noticed consent decree in the fall of 2019, the Federal Trade Commission took the position that businesses whose services facilitate financial operations on behalf of financial institutions may themselves be financial institutions subject to the privacy and data security requirements under the Gramm-Leach Bliley Act. This decision may […]
Europe’s Highest Court Invalidates the EU-US Privacy Shield, Casts Doubt on Viability of Model Clauses for Data Transfers to the US
On July 16, 2020, the Court of Justice of the European Union issued a decision that uprooted long-standing legal frameworks on which thousands of US and EU companies have relied to transfer personal data from the EU to the US.
California Attorney General Submits Final CCPA Regulations for Review
On June 1, the California Attorney General submitted its final proposed regulations implementing the CCPA to the California Office of Administrative Law (OAL) for its review and approval. The final regulations contain no material changes from the second modified draft regulations issued on March 11, 2020 (which is discussed in […]
Workplace Testing and Data Protection: Guidance for Employers
As the UK begins to ease lockdown measures, employers in all sectors are considering how their employees can return to work in the safest possible way. For many, this will include testing to check whether employees have (or have already had) COVID-19. Any employer wishing to carry out such testing […]
How the CLOUD Act is Likely to Trigger Legal Challenges
New York Law Journal “The CLOUD Act is about to stir up a legal storm. The act was originally passed in March 2018 to ensure US law enforcement officials could obtain information from US-based communications providers even if that information is stored overseas. But the act has another, more controversial provision: […]