Calif. Privacy Law Will Likely Prompt Flood Of Class Actions

*This article first appeared in Law360 on May 15, 2019.

The California Consumer Privacy Act, known as the CCPA, is a new law set to go into effect on Jan. 1, 2020. The CCPA is the first U.S. law that will require businesses with an online presence in California to focus on user data and it regulates how businesses collect, share and use such data. One of the most significant risks to online business providers in California is that the CCPA provides for a private right of action for California consumers.

Read More

EmailShare

DataGuidance by OneTrust Speak to William Long About Data Protection Issues in the Financial Sector

William Long, partner and global co-leader of at Sidley’s Privacy and Cybersecurity practice, and has been working on global data privacy and information security matters for a number of years. In particular, William advises international clients on a wide variety of General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’), data protection, cybersecurity and financial services issues.

DataGuidance by OneTrust spoke with William about data protection issues in the financial services sector, and in particular about approaching compliance with the GDPR, sector-specific challenges, issues around Big Data, and cybersecurity.

Read the Full Interview

EmailShare

Terms and Conditions: Recent Supreme Court Decisions Highlight There is More to Consider than Just the Privacy Policy

Your website is essential to your online business.  By developing and presenting an online presence, however, you take on legal obligations to your users.  It is, therefore, a timely exercise to stop and take stock of your terms and conditions in light of recent developments in the law, consumer expectations, and your legal risk profile.  The privacy policy has been getting a lot of attention lately as many websites, services and apps are rushing to get their new privacy policies in place in light of the California Online Privacy Protection Act (“CalOPPA”).  But updating the privacy policy is only one step in protecting your business in this digital economy. Terms and conditions are an important tool for limiting a company’s exposure to the various legal risks inherent in conducting business online.   Boilerplate provisions can leave you exposed and frustrate your customers.  Companies should critically consider the nature and needs of the business and transactions that may occur on their websites to determine what types of provisions will be beneficial and best practices for creating a binding contract.

Terms and conditions generally specify the rules governing the use of a website or mobile application.  Since every website is different, custom-drafted terms and conditions are necessary to protect a particular business.  Well-crafted terms and conditions might address issues such as payment, taxes, refunds, gift certificates, accounts, disclaimers, user behavior on your site, warranties and limitations on liability.

Read More

EmailShare

Fifth Annual Sidley Privacy and Cybersecurity Roundtable

We held our 5th Annual Privacy and Cybersecurity Roundtable on May 1, in Washington, D.C.  The event featured the Chair of the European Data Protection Board Andrea Jelinek and FTC Commissioner Noah Phillips.  Other government speakers represented the White House, UK’s Information Commissioner’s Office, and staff members from the U.S. Senate and House of Representatives.  Other distinguished panelists included Cam Kerry of Brookings and Jane Horvath from Apple.  The speakers addressed privacy and cybersecurity enforcement in the U.S. and EU, Brexit, Online Harms and the prospects for federal privacy legislation.  The insightful program was followed by a competition between the sausage-making (and brewing) achievements of leading privacy jurisdictions such as Brussels, California, Washington, D.C. and China (representing a privacy continuum!). Sidley also commemorated “20 Years of CyberLaw at Sidley” – two decades since the founding of today’s Privacy and Cybersecurity practice. We look forward to continuing to thrive and serve our clients. We hope to see you at next year’s Privacy and Cybersecurity Roundtable.

EmailShare

Washington State Comprehensive Privacy Bill Loses Steam, Data Breach Law Amendment Heads to Governor’s Desk

As the legislative session drew to a close, what once seemed like an inevitability suddenly looked unlikely.  The Washington Privacy Act, SB 5376/HB1854, failed to make its way through the legislative process.  The Bill’s sponsor, Sen. Reuven Carlyle, called the game on April 17, tweeting that despite the “unprecedented 46-1 vote” in the Senate, “[u]nfortunately, House failed to pass privacy legislation this year.  We’re committed to 2020.”  Nevertheless, the State of Washington did pass notable privacy legislation, albeit on a more narrow topic.

Read More

EmailShare

OCR Reduces HIPAA Penalties and Clarifies Liability for Transferring ePHI to Third-Party Health Apps

New Annual HIPAA Penalty Tiers

Six months after imposing the largest ever HIPAA fine ($16 million) following a HIPAA data breach, the U.S. Department of Health & Human Services’ Office for Civil Rights (“OCR”) has announced that it is exercising its enforcement discretion to lower maximum annual HIPAA penalties.

Read More

EmailShare
1 2 3 67
EmailShare
XSLT Plugin by BMI Calculator