Congratulations to Sidley’s Newly-Elected Partners

Congratulations to our 28 colleagues, including Clayton Northouse, for their election to the Sidley Austin partnership. Clay represents companies that have suffered cybersecurity attacks and consumer privacy incidents and has developed multidimensional defenses to litigation, congressional inquiries, and regulatory investigations. He has experience in the use of cybersecurity forensics and the investigation of sophisticated international incidents. In addition to counseling companies regarding their compliance with the full range of data protection laws, Clay also helps companies assess the legal implications of deploying novel communication and digital technologies. Clay has been a driving force in guiding Sidley’s privacy and cybersecurity diligence for significant M&A and private equity transactions.

The Seventh Edition of The Privacy, Data Protection and Cybersecurity Law Review is Now Available

The seventh edition of The Privacy, Data Protection and Cybersecurity Law Review takes a look at the evolving global privacy, data protection, and cybersecurity landscape in a time of unique workplace challenges, new dimensions to cybercrime, significant new data protection regimes coming into effect around the world, and increased scrutiny from regulators, Boards of Directors and customers. Several lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the chapters below for a closer look at this developing area of law.

(more…)

Guidelines Published for Changes to the Singapore Data Privacy Regime

On November 20, 2020, the Singapore Personal Data Protection Commission (PDPC) published a set of draft advisory guidelines (the Advisory Guidelines) to provide clarification on recent amendments to the Personal Data Protection Act (the PDPA Amendments). We have summarized the PDPA Amendments in our previous client Update. The Advisory Guidelines address operational details on key amendments, as summarized below.

(more…)

Sidley Receives Four Awards at the 2020 Who’s Who Legal Awards

In recognition of the exceptional caliber of the firm’s work, Who’s Who Legal honored Sidley with two “Firm of the Year” awards and two “Country Firm of the Year” awards at its 2020 Who’s Who Legal Awards. The annual ceremony identifies the firms that stand apart from others in practice areas of law.

(more…)

California Privacy Law Overhaul – Proposition 24 Passes

The results are in, and California voters have approved the California Privacy Rights Act (CPRA) which was listed on the ballot as Proposition 24.  The law, most of which does not go into effect until January 1, 2023, will substantially overhaul and amend the California Consumer Privacy Act (CCPA) which went into effect just this year, on January 1, 2020, with final regulations issued just a few months ago, on August 14, 2020.  And indeed, CCPA obligations continue to evolve, with proposed amendments to the regulations proposed by the Attorney General’s Office mid-October 2020.

(more…)

Former U.S. Associate Deputy Attorney General Sujit Raman Joins Sidley in Washington, D.C.

Washington, D.C. – Sidley is pleased to announce that Sujit Raman joined the firm as a partner in its Washington, D.C. office. Mr. Raman will be a member of the Privacy and Cybersecurity practice group, and will contribute to the firm’s globally regarded litigation, national security, and trade practices.

(more…)

The EU’s Highest Court Announces Significant Decision Regarding Cross-Border Data Flows: Invalidates EU-US Privacy Shield Program and Upholds Standard Contractual Clauses

In a decision with significant implications for international trade and cross-border data flows, the EU’s highest court – the Court of Justice of the European Union (“CJEU”) ruled on 16 July 2020 that a key legal mechanism (called the EU-US Privacy Shield program) used to enable transfers of personal data from the European Union (“EU”) was invalid, while also potentially requiring additional protections to be implemented when another key transfer mechanism (called Standard Contractual Clauses) is used.  The case – Data Protection Commissioner v. Facebook Ireland, Max Schrems (“Schrems II”) – considered the validity of the EU-US Privacy Shield (“Privacy Shield”) program (a privacy certification made available for US organizations through an agreement between the European Commission and the US government) and Standard Contractual Clauses (“SCC”) (a form of international data transfer agreement made available for use by the European Commission).

(more…)

Who’s Balancing Privacy Against Public Health and Everything Else?

*Article first appeared in The Hill on June 13, 2020.

Concerns over the use of location tracking and contact tracing of infected individuals to help mitigate the spread of COVID-19 have once again placed “privacy” at the forefront of public attention. And even though Congress declared privacy to be a fundamental right in 1974, it established no cabinet office or institutional framework to focus on the role of data protection and digital technology in our society. Consequently, during these days of COVID-19, there is no senior government official responsible for taking account of and balancing the trade-offs between privacy and public health.

Click here to read in full.

Alan Charles Raul

Washington, D.C., New York

araul@sidley.com

DOJ Updates Guidance on Evaluating Corporate Compliance Programs

On June 1, 2020, the Criminal Division of the U.S. Department of Justice (DOJ) publicized an updated version of its “Evaluation of Corporate Compliance Program” guidance. This is the third version of the document, with the DOJ having issued the guidance in 2017 (which we analyzed here) and revised it in April 2019 (which we analyzed here). This further revision is another reminder of the DOJ’s heightened focus and increasing sophistication regarding evaluating compliance programs during investigations. While the overall structure of the guidance generally remains consistent with the last version, the revisions provide additional insight into the DOJ’s expectations for corporate compliance programs. More specifically, the revisions highlight the importance of an adequately resourced and empowered compliance department, a constantly evolving compliance program based on the company’s current risk profile and relevant compliance issues, and the use of key compliance metrics to test the effectiveness of a compliance program.

(more…)

COVID-19 – Return to Work: European and U.S. Privacy and Employment Law Issues

The novel COVID-19 global pandemic continues to raise numerous issues for employers and consequences for employees across all industries. This situation is without precedent in modern times and is extremely dynamic with rapidly occurring new developments, guidance and issues that will impact employers. In this webinar, we consider the privacy and employment law issues for employees returning to work, and discuss strategies to deal with this situation in a holistic and coordinated manner.

REGISTER FOR THIS WEBINAR