Category: Compliance, Risk & Strategy

How the CLOUD Act is Likely to Trigger Legal Challenges

New York Law Journal “The CLOUD Act is about to stir up a legal storm. The act was originally passed in March 2018 to ensure US law enforcement officials could obtain information from US-based communications providers even if that information is stored overseas. But the act has another, more controversial provision: […]

Rigorous Privacy and InfoSec Requirements May Be in Store for Companies That Accept Government Equity Stakes

Federal government agencies, government-controlled corporations and some government contractors must comply with robust federal laws that govern federal agencies’ privacy and information security practices – the Privacy Act and FISMA, respectively. Now, these laws may apply to companies that accept federal government aid under the Coronavirus Aid, Relief, and Economic […]

Europe Issues Pragmatic Privacy Guidance for COVID-19 Data Processing

European data protection authorities have issued important guidance on the processing of personal data in connection with COVID-19. At a pan-European level, on March 19, 2020, the European Data Protection Board issued a statement on the processing of personal data in the context of the COVID-19 outbreak.

The GDPR and Coronavirus: What Organisations in the UK Need to Know

The UK’s Information Commissioner’s Office has, over the course of this week, published various notes of advice and blog posts to organisations and data subjects in respect of the coronavirus (COVID-19) pandemic.

US Guidance on Collection, Use and Disclosure of Personal Information to Combat COVID-19

Companies are working hard to balance the privacy of their employees and the need to keep employees informed and safe. Many have encouraged employees and visitors to report if they experience COVID-19 symptoms or have otherwise been exposed to the virus through travel or their communities. They have collected this […]

Ninth Circuit Restricts Immunity for Filtering Objectionable Content

Companies that make anti-virus and similar software that helps internet users guard against dangerous online content must now think twice about whether they can be sued for their decisions about what content to filter. This is the result of a significant ruling last month by the United States Court of […]

UPDATE: Brazil’s Data Protection Law Moves Forward

The final version of Brazil’s data protection law, Lei Geral de Proteção de Dados (LGPD), was approved by the Brazilian Federal Senate in May 2019 and sanctioned by President Jair Bolsonaro in July. The LGPD is now scheduled to become effective in August 2020. When the LGPD was first approved […]

UK ICO Cites Inadequate M&A Data Protection Due Diligence as a Factor in Proposing $125M Breach Fine

On July 9, 2019, the UK Information Commissioner’s Office (ICO) publicly announced its intent to impose a £99M (approximately $123M) GDPR fine on Marriott in connection with the discovery and notification of a data breach at Starwood. Among its justifications for the record fine, the ICO cited inadequate data protection […]

At GDPR’s One Year Mark, Continued Compliance Efforts are Key and Can Help with CCPA Compliance

With the EU General Data Protection Regulation (the “GDPR”) now over a year old, companies may feel that their data privacy challenges have settled down and that their GDPR work is complete.  While that may be true for some companies, the reality for most is that their GDPR compliance efforts […]

GDPR: Looking to the Year Ahead

On 30 May 2019, the UK data protection regulator, the Information Commissioner’s Office (ICO) published a report, reflecting on its experiences over the year since the introduction of the General Data Protection Regulation (2016/679) (GDPR) and sharing its learnings.