On June 2, 2021, Nevada Governor Steve Sisolak signed SB260, a bill that will amend the state’s existing privacy notice legislation, NRS 603A.300 to .360 (“Existing NV Privacy Law”). SB260 amends the Existing NV Privacy Law by exempting certain persons and information collected about a consumer from the law’s privacy requirements, expanding the types of entities that must facilitate consumer privacy opt-out rights, providing new and updated definitions, authorizing the opportunity to remedy a failure to comply with certain requirements, and updating other provisions to reflect the addition of data broker entities. Most notably, SB260’s addition of “data broker” to the existing statutory framework, in addition to the updated definition of “sale”, provides consumers with a broader opt-out right and likely brings more entities under the scope of the law. That said, even after the amendments, the Nevada law remains narrower than the California Consumer Protection Act (“CCPA”), as well as the forthcoming California Privacy Rights Act (“CPRA”) and Virginia Consumer Data Protection Act (“VCDPA”) that go into effect on January 1, 2023.
NHS Digital (the national custodian for health and care data in England) in May 2021, announced a new data sharing initiative called the General Practice Data for Planning and Research (GPDPR) service. The launch of the GPDPR could result in the historical medical records of up to 55 million patients in England being shared with third parties.
Although the GP data collection was set to take place as of July 1, 2021, on June 8, 2021 it was announced that the launch will be postponed to September 1, 2021.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00William RM Longhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngWilliam RM Long2021-06-09 11:04:402023-09-07 14:33:04NHS’ Plans to Share Patient Records with Third Parties
It is a common story: An employee who knows he is about to leave his employer for a competitor uses his last days of computer access to download (or email himself) confidential information from his employer’s network. Once his employer discovers the misappropriation, the employee has moved on to his next job, leaving the employer scrambling to protect itself, often through a tangle of state-law tort and trade-secret claims.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Teresa L. Reuterhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngTeresa L. Reuter2021-06-08 12:28:362023-09-07 14:34:05Supreme Court Limits Scope of Computer Fraud and Abuse Act
The European Commission (EC) on June 4, 2021 adopted a new set of Standard Contractual Clauses for international data transfers (New SCCs). The New SCCs take into account the Court of Justice of the European Union’s (CJEU) decision in Schrems II, requirements under the EU General Data Protection Regulation (GDPR), and according to the EC “address the realities faced by modern business”. In particular, as it relates to companies ongoing Schrems II assessments the New SCCs provide details around the steps an importer should take when subject to a request for disclosure from a public authority, and helpfully confirm that in carrying out the assessment of a third country legal framework the factors which can be taken into consideration.
The U.S. Department of Homeland Security’s Transportation Security Administration (“TSA”) issued a Security Directive, “Enhancing Pipeline Cybersecurity” on May 28, laying out new cybersecurity requirements for operators of liquids and natural gas pipelines and LNG facilities designated as critical infrastructure.
Last year, to address the increasing overlaps between data protection and antitrust enforcement, the UK launched the Digital Regulatory Cooperation Forum (DRCF). The DRCF brings together the four UK regulators most involved in digital matters (i.e., the Competition and Markets Authority (CMA), the Information Commissioner’s Office (ICO), the Office of Communications (Ofcom) and the Financial Conduct Authority (FCA)). Its main objective is to enable coherent and informed regulation of the UK digital economy.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Ken Dalyhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngKen Daly2021-06-01 09:53:022023-09-07 14:35:24UK Moves to Reconcile Antitrust and Data Protection Enforcement in Digital Sectors
On May 18, 2021, the UK Financial Conduct Authority (FCA) published a “Dear CEO” letter(the Letter) asking e-money institutions to ensure that their customers understand how their money is protected. The FCA has expressed concern that e-money institutions do not adequately disclose the differences in protections between e-money and bank accounts and that customers are not aware of the differences in protections between e-money services and traditional banking services, in particular that the UK Financial Services Compensation Scheme (FSCS) protection does not apply to e-money accounts.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Abi Twisthttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngAbi Twist2021-05-27 13:55:302023-09-07 14:35:41FCA Letter to E-Money Institutions: Why All UK Payment Service Providers Should Review Their Marketing Practices Now
The next few weeks will likely be very busy for companies on the GDPR international data transfer front as there have been a number of key European developments over the last few days including: (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00William RM Longhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngWilliam RM Long2021-05-26 11:06:002023-12-11 17:22:48SCCs, Adequacy, and Guidance: Latest Updates on International Data Transfers
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
Nevada Updates its Existing Online Privacy Notice Statutes
On June 2, 2021, Nevada Governor Steve Sisolak signed SB260, a bill that will amend the state’s existing privacy notice legislation, NRS 603A.300 to .360 (“Existing NV Privacy Law”). SB260 amends the Existing NV Privacy Law by exempting certain persons and information collected about a consumer from the law’s privacy requirements, expanding the types of entities that must facilitate consumer privacy opt-out rights, providing new and updated definitions, authorizing the opportunity to remedy a failure to comply with certain requirements, and updating other provisions to reflect the addition of data broker entities. Most notably, SB260’s addition of “data broker” to the existing statutory framework, in addition to the updated definition of “sale”, provides consumers with a broader opt-out right and likely brings more entities under the scope of the law. That said, even after the amendments, the Nevada law remains narrower than the California Consumer Protection Act (“CCPA”), as well as the forthcoming California Privacy Rights Act (“CPRA”) and Virginia Consumer Data Protection Act (“VCDPA”) that go into effect on January 1, 2023.
(more…)
Casey Grant
Philip Robbins
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Lauren Kitces
Washington, D.C.
lkitces@sidley.com
NHS’ Plans to Share Patient Records with Third Parties
NHS Digital (the national custodian for health and care data in England) in May 2021, announced a new data sharing initiative called the General Practice Data for Planning and Research (GPDPR) service. The launch of the GPDPR could result in the historical medical records of up to 55 million patients in England being shared with third parties.
Although the GP data collection was set to take place as of July 1, 2021, on June 8, 2021 it was announced that the launch will be postponed to September 1, 2021.
(more…)
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Zina Chatzidimitriadou
London
zchatzidimitriadou@sidley.com
Supreme Court Limits Scope of Computer Fraud and Abuse Act
It is a common story: An employee who knows he is about to leave his employer for a competitor uses his last days of computer access to download (or email himself) confidential information from his employer’s network. Once his employer discovers the misappropriation, the employee has moved on to his next job, leaving the employer scrambling to protect itself, often through a tangle of state-law tort and trade-secret claims.
(more…)
Teresa L. Reuter
Chicago
treuter@sidley.com
Jason G. Marsico
European Commission Adopts New Standard Contractual Clauses
The European Commission (EC) on June 4, 2021 adopted a new set of Standard Contractual Clauses for international data transfers (New SCCs). The New SCCs take into account the Court of Justice of the European Union’s (CJEU) decision in Schrems II, requirements under the EU General Data Protection Regulation (GDPR), and according to the EC “address the realities faced by modern business”. In particular, as it relates to companies ongoing Schrems II assessments the New SCCs provide details around the steps an importer should take when subject to a request for disclosure from a public authority, and helpfully confirm that in carrying out the assessment of a third country legal framework the factors which can be taken into consideration.
(more…)
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
TSA Issues Directive to Enhance Pipeline Cybersecurity
The U.S. Department of Homeland Security’s Transportation Security Administration (“TSA”) issued a Security Directive, “Enhancing Pipeline Cybersecurity” on May 28, laying out new cybersecurity requirements for operators of liquids and natural gas pipelines and LNG facilities designated as critical infrastructure.
(more…)
Mark Prior
Lorrie M. Marcil
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Sujit Raman
UK Moves to Reconcile Antitrust and Data Protection Enforcement in Digital Sectors
Last year, to address the increasing overlaps between data protection and antitrust enforcement, the UK launched the Digital Regulatory Cooperation Forum (DRCF). The DRCF brings together the four UK regulators most involved in digital matters (i.e., the Competition and Markets Authority (CMA), the Information Commissioner’s Office (ICO), the Office of Communications (Ofcom) and the Financial Conduct Authority (FCA)). Its main objective is to enable coherent and informed regulation of the UK digital economy.
(more…)
Ken Daly
Brussels
kdaly@sidley.com
Monika Zdzieborska
London
mzdzieborska@sidley.com
Stefan Ciubotaru
Francesca Blythe
London
fblythe@sidley.com
FCA Letter to E-Money Institutions: Why All UK Payment Service Providers Should Review Their Marketing Practices Now
On May 18, 2021, the UK Financial Conduct Authority (FCA) published a “Dear CEO” letter (the Letter) asking e-money institutions to ensure that their customers understand how their money is protected. The FCA has expressed concern that e-money institutions do not adequately disclose the differences in protections between e-money and bank accounts and that customers are not aware of the differences in protections between e-money services and traditional banking services, in particular that the UK Financial Services Compensation Scheme (FSCS) protection does not apply to e-money accounts.
(more…)
Abi Twist
Sara George
London
sara.george@sidley.com
Max Charles Savoie
London
msavoie@sidley.com
John M. Casanova
London
jcasanova@sidley.com
SCCs, Adequacy, and Guidance: Latest Updates on International Data Transfers
The next few weeks will likely be very busy for companies on the GDPR international data transfer front as there have been a number of key European developments over the last few days including: (more…)
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Upcoming Events
Sidley Partner Hardy Callcott to Participate in Berkeley Boosts Webinar on Predictive Data Analytics and the Law
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
John M. Casanova
jcasanova@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Sharon R. Flanagan
sflanagan@sidley.com
David A. Gordon
dgordon@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Robert D. Keeling
rkeeling@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Glenn G. Nash
gnash@sidley.com
Rollin A. Ransom
rransom@sidley.com
Alan Charles Raul
araul@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com