Tag: personal data
California Attorney General Announces Investigative Sweep Focused on Employment-Related Data
On July 14, 2023, the office of the California attorney general announced an investigative sweep of “large California employers” to request “information on the companies’ compliance with the California Consumer Privacy Act (CCPA) with respect to the personal information of employees and job applicants.” The attorney general has previously conducted […]
Transatlantic Data Economy Simplified: European Commission Adopts Adequacy Decision for EU-US Data Privacy Framework
On 10 July 2023, the European Commission adopted its adequacy decision concluding that the EU-US Data Privacy Framework provides an adequate level of protection for personal data transferred from the European Union (EU) to US companies. Approved by the US following President Joe Biden’s executive order in October 2022, the framework […]
Washington State’s My Health My Data Act FAQ, Part Two – Requirements
In Part Two of our FAQ series on Washington state’s My Health My Data (MHMD) Act, we answer questions related to some of the act’s substantive requirements. As we explained in our previous FAQ, given the MHMD’s breadth – both to which entities and data it applies – regulated entities […]
Washington State’s My Health My Data Act FAQ, Part One – Applicability and Scope
In this multipart FAQ series, we break down Washington state’s My Health My Data (MHMD) Act (the “MHMD Act” or “Act”). The MHMD Act is arguably one of the most stringent privacy laws in the US, and it further complicates the already byzantine US-patchwork approach to privacy. While the MHMD […]
Takeaways from the California Attorney General’s First-Year CCPA Enforcement Update
Just over one year ago, on July 1, 2020, the California attorney general began enforcing the California Consumer Privacy Act. To mark the one-year anniversary of enforcement actions, California Attorney General Rob Bonta provided an update on his office’s CCPA enforcement efforts over the past year (and published an accompanying […]
European Data Protection Board Publishes Opinions on European Commission’s Draft UK Adequacy Decision
The European Commission published on February 19, 2021 its draft decision granting data protection adequacy status to the UK under Article 45(3) of the GDPR. Once published, the European Commission submitted the draft decision to the European Data Protection Board for its review, which has just issued two opinions: Opinion […]
Virginia Becomes Second US State to Enact Comprehensive Privacy Law
Last week, Virginia’s governor signed into law the Consumer Data Protection Act, which will take effect on January 1, 2023. This makes Virginia the second state in the US to pass a comprehensive data privacy law. California became the first with the enactment of the California Consumer Privacy Act of […]
The European Commission Publishes Draft UK Adequacy Decision
What has happened? The European Commission has published its draft decision on February 19, 2021 granting data protection adequacy status to the UK under Article 45(3) of the GDPR. The draft decision is currently under review by the European Data Protection Board, which will issue its opinion (not binding) in […]
CFIUS Rule Puts National Security Spotlight on Investments that Result in Foreign Access to Sensitive Personal Data
Personal data is now a strategic asset under federal regulations. On October 15, 2020, a Final Rule by the Committee on Foreign Investment in the United States (CFIUS or the Committee) will become effective, imposing new requirements for foreign investment in light of national security risks related to sensitive personal […]