Navigating the CCPA’s ‘Notice and Cure’ Provision

Aug 21 2019
and

*This article was first published by Bloomberg Law in August 2019

Companies doing business with California consumers are impacted by the California Consumer Privacy Act (effective Jan. 1, 2020). The CCPA’s private right of action provision gives California residents the right to sue companies when their personal information is subject to unauthorized access and exfiltration, theft, or disclosure due to a company’s failure “to implement and maintain reasonable security procedures and practices.”

Under this provision, consumers may seek actual damages, declaratory or injunctive relief, and statutory damages, which begin at $100 and continue up to $750 “per consumer per incident.” The potential aggregated exposure through consumer class actions could be significant, and companies are searching for ways to mitigate private lawsuits.

Read More

EmailShare
, , , , , ,

UK ICO Issues New Draft Data Sharing Code of Practice

Aug 09 2019
and

The UK’s Information Commissioner’s Office (“ICO”) has recently issued a draft version of its statutory code of practice for sharing of personal data between controllers under the GDPR and the UK Data Protection Act 2018 (“DPA”) (the “Draft Code”) which provides a number of practical recommendations which controllers should take into account when sharing personal data.

Read More

EmailShare
, , , , ,

New York Enacts Stricter Data Cybersecurity Laws

Aug 05 2019
, and

The flurry of state legislative activity in the wake of the enactment of the California Consumer Protection Act (CCPA) continues with the New York legislature recently passing two bills to increase accountability for the processing of personal information.  On July 25, 2019, Governor Cuomo signed the two bills into law, one which amended the state’s data breach notification law, and another that created additional obligations for data breaches at credit reporting agencies.  Together, the new laws require the implementation of reasonable data security safeguards, expand breach reporting obligations for certain types of information, and require that a “consumer credit reporting agency” that suffers a data breach provide five years of identity theft prevention services for impacted residents.  Meanwhile, the more comprehensive New York Privacy Act, which many viewed as even more expansive than the CCPA, failed to gather the necessary support in the most recent legislative session.

Read More

EmailShare
, , , , , ,

European Commission Publishes Ethics Guidelines for Trustworthy Artificial Intelligence

Jul 24 2019
and

The High-Level Expert Group on Artificial Intelligence (“AI HLEG”), an independent expert group set up by the European Commission in June 2018 as part of its AI strategy, has published its final Ethics Guidelines for Trustworthy Artificial Intelligence (“AI”) (the “Guidelines”).

These Guidelines form part of a wider focus by the Commission on AI, with President-elect of the European Commission, Ursula von der Leyen commenting most recently on July 16, in her proposed political guidelines, that: “In my first 100 days in office, I will put forward legislation for a coordinated European approach on the human and ethical implications of Artificial Intelligence…”.

Read More

EmailShare
, , , ,

FERC Enhances Reporting Requirements for Cyber Attacks on Power Grid

Jul 19 2019
, and

On June 20, 2019, the Federal Energy Regulatory Commission (“FERC”) approved a North American Electric Reliability Corp. (“NERC”) petition to adopt Reliability Standard CIP-008-6 to strengthen the reporting requirements for attempts to compromise the operation of the United States’ bulk electric system.  The prior Critical Infrastructure Protection (“CIP”) Reliability Standards only required reporting where an incident compromised or disrupted one or more reliability tasks.  The new standard applies to all registered entities subject to the CIP Reliability Standards.

Read More

EmailShare
, , , , , ,

Another UK ICO GDPR Privacy Fine of £99m ($123m) Proposed Just One Day After the Largest Ever

Jul 17 2019
and

Just a day after the ICO provided notice of its intention to fine British Airways £183m ($228m) over a separate breach (please see our blog post here), on Tuesday, July 9, 2019, the ICO released another statement of its intention to fine Marriott International, Inc. (“Marriott”) over £99m ($123m) in relation to a security incident affecting the Starwood reservation database which Marriott had acquired in 2016 and discovered in November 2018. The statement came in response to Marriott’s filing with the US Securities and Exchange Commission that the ICO intended to fine it for breaches of the GDPR.

Read More

EmailShare
, , , , ,

A Closer Look at California Privacy Law Bar on Two Contract Clauses

Jul 16 2019
and

*This article first appeared in Law360 on July 8, 2019

In September of 2018, California passed a significant new consumer privacy law, the California Consumer Privacy Act, which is the first U.S. law to regulate how businesses with a presence in California collect, share, and use consumer data. The CCPA not only imposes significant compliance obligations on companies conducting business with California residents but also incentivizes class action litigation through both the CCPA’s private right of action and California’s Unfair Competition law.

READ MORE

EmailShare
,
1 2 3 71
EmailShare

Categories

Archives

Contacts


Colleen Theresa Brown
Washington, D.C.
ctbrown@sidley.com


John M. Casanova
Singapore, London
jcasanova@sidley.com


Christopher C. Fonzone
Washington, D.C.
cfonzone@sidley.com


William RM Long
London
wlong@sidley.com


Geeta Malhotra
Chicago
cmalhotra@sidley.com


Wim Nauwelaerts
Brussels
wnauwelaerts@sidley.com


Alan Charles Raul
Washington, D.C.
araul@sidley.com


Yuet Ming Tham
Hong Kong
Singapore
yuetming.tham@sidley.com


John K. Van De Weert
Washington, D.C.
jvandeweert@sidley.com

Click here to view all of Sidley's Privacy and Cybersecurity professionals.

To receive email alerts when we post a blog entry, please provide your name and email address.

XSLT Plugin by BMI Calculator