Category

Legislation

26 March 2019

California, Here We Come: Getting Ready for the California Consumer Privacy Act of 2018

WEBINAR
Wednesday, March 27, 2019 | 4:00 p.m. EDT / 1:00 p.m. PDT
CLE & CPE Credit Offered

When the California Consumer Privacy Act enters into force on January 1, 2020, it will grant consumers extensive new data rights and place a number of new obligations on companies – obligations that in some ways even exceed those imposed by the European General Data Protection Regulation (GDPR). This means that just about every company doing business in California or with Californians will need to take steps to comply with the CCPA, regardless of their GDPR status. Please join us for a discussion that identifies the key questions and issues companies should be considering before the CCPA enters into force on January 1, 2020. We’ll talk through the steps companies should take now to meet these new obligations.

SPEAKERS

  • Colleen Theresa Brown, Partner
  • Christopher C. Fonzone, Partner
  • Alan Charles Raul, Partner
  • Kate Heinzelman, Counsel
  • Sheri Porath Rockwell,Associate

CLICK HERE TO REGISTER

(more…)

EmailShare
19 March 2019

Important Changes to the Singapore Data Privacy Regime

Singapore may soon mandate data breach notifications and data portability via amendments to the Singapore Personal Data Protection Act, or PDPA. The PDPA applies to all organizations that collect, use and disclose data in Singapore, and the PDPA has extraterritorial effect as it applies to all organizations collecting, using or disclosing personal data from individuals in Singapore (whether or not the company  has a physical presence in Singapore).

(more…)

EmailShare
18 March 2019

The New Congress Turns to an Old Issue – The Possibility of Comprehensive Federal Privacy Legislation

Even a few short years ago, it seemed unlikely that Congress would enact comprehensive privacy legislation. But a series of high profile data breaches; increasing concerns about data practices, particularly when connected to political micro-targeting; fears about the rise of autonomous, and potentially invisible, decision-making; and the passage of far-reaching foreign and now State privacy laws have all changed the zeitgeist. Congress has taken notice, and, for the past year, Data Matters has been closely following the Legislative Branch’s moves as it a federal privacy bill looks more likely than it has in a generation. (more…)

EmailShare
04 March 2019

TPI Podcast on Privacy Legislation Features Sidley Partner Alan Raul

On February 26, 2019, the Technology Policy Institute’s Two Think Minimum podcast featured Sidley Partner and founder of the Privacy and Cybersecurity practice, Alan Raul, alongside former FTC Acting Chairman and Commissioner of the FTC Maureen Ohlhausen.  The topic of the day was the future of privacy legislation in 2019.  Topics ranged from politics, U.S. State trends, activity in Europe, FTC enforcement powers and more.

To read or listen, check out https://techpolicyinstitute.org/2019/03/01/privacy-legislation-in-2019-maureen-ohlhausen-and-alan-raul-two-think-minimum-podcast/

EmailShare
14 February 2019

Health Sector Council Released Cybersecurity Recommendations for Medical Devices and Health IT

On January 28, 2019, the Healthcare and Public Health Sector Coordinating Council released the “Medical Device and Health IT Joint Security Plan” (“JSP” or “Plan”)—cybersecurity recommendations for medical device manufacturers, healthcare information technology vendors, and healthcare providers.  U.S. Government entities, including the FDA, participated in the development of the Plan.   The JSP comes close on the heels of the “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients,” a similar effort by a public-private partnership to provide cybersecurity guidance to healthcare industry stakeholders. (more…)

EmailShare
11 February 2019

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. 6491 (Act). By doing so, Michigan joins Ohio and South Carolina as the third state to adopt the Model Law and the fifth state – along with Connecticut and New York – to have enacted cybersecurity regulations focused on insurance companies. See CT Gen Stat § 38a-999b (2015); 23 NYCRR 500. (Please see our prior coverage for more information on Ohio and South Carolina’s adoption of the Model Law).  Moreover, adoption of the Model Law is still gaining steam with Rhode Island potentially next in line.

(more…)

EmailShare
22 January 2019

Transfers of Personal Data from the EU to the U.S. in the Event of a Brexit ‘No-Deal’

The EU-U.S. Privacy Shield (“Privacy Shield”) enables the free-flow of personal data from the European Economic Area (“EEA”) to the U.S. Under the Privacy Shield, U.S. participant organisations commit to adhering to Privacy Shield principles, which include accountability for the onward transfer of personal data after receiving such data from EEA organisations, data integrity obligations and purpose limitations with respect to the personal data transferred. Privacy Shield participant organisations are also required to develop and maintain a Privacy Shield-compliant privacy policy which informs individuals of the organisation’s practices and procedures when handling personal data and explains the independent recourse mechanisms in place for individuals to address complaints with respect to the processing of their personal data.  (more…)

EmailShare
14 January 2019

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law.  By doing so, Ohio joins South Carolina as the second state to have adopted the Model Law and the fourth state – along with Connecticut and New York – to have enacted cybersecurity regulations for insurance companies.  See CT Gen Stat § 38a-999b (2015); 23 NYCRR 500.  (For more information on South Carolina’s adoption of the Model Law, see our prior coverage.)  (more…)

EmailShare
03 January 2019

Spain’s New Data Protection Act Now in Force

When the GDPR came into effect on May 25, 2018, several European Member States had yet to put in place further implementing legislation.  And while the data protection world watches and eagerly digests each new interpretive guidance from data protection authorities, Member State legislation provides additional interpretive tones of harmony or discord in data protection across Europe.  After much delay and almost seven months after the EU’s General Data Protection Regulation (“GDPR”) came into force, the Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (“LOPDGDD”) – which implements the GDPR in Spain – entered into force on 7 December 2018. (more…)

EmailShare
XSLT Plugin by BMI Calculator