COVID-19 – European and U.S. Privacy and Employment Law Issues

A discussion on the latest European and U.S. privacy and employment law issues with COVID-19 and strategies to deal with this situation in a holistic and coordinated manner. In particular, we consider the latest guidance from Data Protection Authorities, how to develop a privacy protocol that deals with the GDPR and U.S. privacy issues and UK and U.S. employment law issues and latest developments related to COVID-19.

View the webinar here.

EmailShare

WEBINAR – COVID-19 – European and U.S. Cybersecurity Issues: Preventing and Responding to Cyber Incidents

Join OneTrust DataGuidance and Sidley for a webinar discussing COVID-19 and European and U.S. cybersecurity and cyber risk insurance issues.

The COVID-19 global pandemic presents unique legal and practical challenges for companies across all industries, including with respect to cybersecurity risks and protections. There are increased cyber vulnerabilities from insider and external threat actors, including cyber attacks on individuals and companies.

In this webinar, we will highlight the dynamic and evolving cybersecurity threats companies face as a result of the pandemic, and the global legal implications of a cyber breach in this new environment – and how they can reduce these risks, and effectively respond to a cyber incident.

Read More

EmailShare

European Data Protection Board Releases Statement on Personal Data and COVID-19

On 20 March 2020, the European Data Protection Board (“EDPB”) released a statement on the protection of personal data in connection with measures that public authorities and business organizations (including employers) are taking to address the Coronavirus (COVID-19) pandemic. This statement is an extension of the statement released by the EDPB chair on 16 March 2020, (which can be accessed here). In its latest statement, the EDPB emphasises that EU data protection law (in particular, the EU General Data Protection Regulation (“GDPR”)) does not stand in the way of measures adopted to fight against COVID-19 – if these measures are necessary, proportionate and consistent with safeguards required under EU Member State laws. The EDPB statement also provides useful guidance for organisations to consider when adopting measures to lawfully process personal data during this time.

Overall, while EDPB statement may provide some reassurance to organizations with respect to COVID-19 measures, organizations will be advised to consider guidance issued by specific EU Member State data protection authorities as well. In particular, specific EU Member State data protection authorities have begun issuing COVID-19 guidance that is, at least in certain respects divergent: while certain data protection authorities are adopting a more restrictive approach (for example, the French CNIL), others are more permissible (for example, the UK’s Information Commissioner’s Office).

Read More

EmailShare

COVID-19: Key EU And U.S. Cybersecurity Issues and Risk-Remediation Steps

The COVID-19 crisis has created significant cybersecurity risks for organizations across the world, particularly arising from remote working, scams and phishing attacks, and weakened information governance controls. These risks warrant attention by legal counsel and information security officers in light of potentially significant adverse legal, financial and reputational consequences that could arise – all while the organization is dealing with effects of a global pandemic.

In addition to identifying the cybersecurity risks, we also consider key measures that organizations can consider adopting to reduce such risks, including measures recommended by the UK’s National Cybersecurity Centre (NCSC), EU’s Agency for Cybersecurity (ENISA) and the US Federal Bureau of Investigation.  The speed at which the COVID-19 crisis has evolved has meant that many organizations have not been able to deploy effective risk-reducing measures in a timely manner.

Read More

EmailShare

U.S. Office of the Comptroller of the Currency Updates Third-Party Relationships Risk Management Guidance

On March 5, 2020, the Office of the Comptroller of the Currency (OCC) issued an updated set of answers to frequently asked questions (FAQs)1 regarding risk management in national bank relationships with third parties to further supplement its 2013 guidance, OCC Bulletin 2013-29 (the Bulletin),2 and its 2017 FAQs (Prior FAQs) on the topic.3 Twelve of the 27 FAQs are new and elaborate on a wide range of topics, including the broad intended scope of third-party risk management obligations, obligations of banks where negotiating power or access to information is limited, oversight of cloud computing providers and data aggregators and use of third parties in model development or delivery of alternative data for credit underwriting.

Read More

EmailShare

Working and Executing Contracts From Home: U.S. eSignatures in the COVID-19 Era

Social distancing imperatives and the resulting surge in remote work polices have led to increased demand for the use of electronic signatures in commercial transactions. Although the method of execution is just one factor to consider when determining the validity and enforceability of a contract, electronic signatures — when appropriately deployed — can provide a convenient replacement for manual wet-ink signatures in many transactions. The U.S. Electronic Signatures in Global and National Commerce Act (E-SIGN), as well as the widespread adoption at the state level of the Uniform Electronic Transactions Act (UETA) or comparable electronic signature laws, provide that electronic signatures and electronic records cannot be denied legal effect, validity or enforceability solely because they exist in electronic form. As workforces suddenly shift to remote operations with siloed employees lacking access to typical office services, yet still facing the same business needs and time demands, companies are reevaluating their electronic signature and records policies and technologies.

Read More

EmailShare

HHS Issues Limited Waiver of Certain HIPAA Privacy Rule Obligations and Exercises Enforcement Discretion with Respect to Telehealth Services In Light of COVID Public Health Emergency

This week the U.S. Department of Health and Human Services (HHS) took action to waive penalties and refrain from enforcing certain federal health information privacy restrictions under the Health Insurance Portability and Accountability Act (HIPAA) in response to COVID-19.

Read More

EmailShare
1 2 3 81
EmailShare
XSLT Plugin by BMI Calculator