Category: Policy & Legislation

Ohio Enacts Liability “Safe Harbor” for Entities That Maintain Specified Cybersecurity Programs

On August 3, 2018, Ohio Governor John R. Kasich announced that he signed Substitute Senate Bill 220 (“SB 220” or “Bill”) that, in part, affords a litigation “safe harbor” to covered entities that implement, maintain, and comply with specified cybersecurity programs. Covered entities, e.g., businesses, sued after a data breach […]

FAQs on the California Consumer Privacy Act of 2018 – Part 2a: The CCPA Rights

This post does not reflect amendments to the California Consumer Privacy Act (CCPA) enacted on October 11, 2019. Check back for updates or follow this blog. In our next two FAQ installments on the California Consumer Privacy Act of 2018 (“CaCPA” or “Act”), we will focus on the individual rights […]

Crypto Up Next for IRS Enforcement

In an effort to maximize its limited resources, the IRS’ Large Business and International Division has been identifying issues that present greater risks of noncompliance. The list of identified issues has been growing since January 2017. Recently, the IRS added cryptocurrency to its list of compliance campaigns. In 2014, the […]

California Passes Sweeping Consumer Privacy Act

On June 27 the California Senate and Assembly unanimously approved the California Consumer Privacy Act of 2018 (CCPA), and Governor Jerry Brown signed it into law the same day. The CCPA was rushed through the legislative process to avoid passage of a more stringent privacy law planned for California’s November […]

GDPR – Do I Need Consent to Process Personal Data?

If you are handling personal data of EU citizens, you will need some justification in order to do so. Under the new rules, the basic concept of consent has not changed, nor has its role as a lawful basis for processing personal data: consent remains a possible option. However, the […]

UK Government Introduces Lower National Security Merger Review Thresholds

Under new measures coming into force on 11 June, the UK government will have greater powers to intervene in mergers that potentially raise national security concerns due to the target’s involvement in military and dual-use technologies and certain categories of advanced computer technology. Such transactions will be reviewable by the […]

A Dark Time for Data: WHOIS Blackout Period Likely Starting in May

What do you do when you want to look up the owner of a domain name? You probably perform a “WHOIS search” to find out the owner’s name and contact information. The WHOIS system, which makes certain domain registration data publicly available, is an invaluable research tool for trademark owners […]

GDPR: Guidance on Consent Requirements

In December 2017, the Article 29 Working Party released for comment a draft of its guidance on consent under the GDPR. Consent is one of the lawful bases for processing personal data and one of the permitted means by which personal data may be transferred to a third country outside […]

GDPR: Ready or Not, Here It Comes…

What does the beginning of December mean to you? The start of the holiday season? Well, yes, but it also marks the start of the 6-month countdown to GDPR. Are you ready? According to the latest statistics, 86% of companies (of all sizes in multiple industries) are not – and […]

New Law Heightens Cybersecurity Requirements for Delaware Residents

On August 17, 2017, Governor John Carney signed into law bi-partisan legislation that increases cybersecurity protections for Delaware residents whose personal information may be compromised as a result of a data breach. House Substitute 1 for House Bill 180 (“House Bill 180”), sponsored by Representative Paul Baumbach, is the first piece of […]