California Attorney General Releases Proposed CCPA Regulations

Earlier today, the California Attorney General ended months of anticipation by releasing the text of his proposed California Consumer Privacy Act (CCPA) regulations.  Comments on the proposed regulations are due by December 6, 2019, and the Attorney General’s office will hold public hearings on the regulations on December 2 (Sacramento), December 3 (Los Angeles), December 4 (San Francisco), and December 5 (Fresno).

Read More

EmailShare

Part 2 Proposed Rule Seeks to Reduce Barriers to Coordination of Care for Substance Use Disorders

In an effort to reduce barriers to coordination of care, the U.S. Department of Health and Human Services (“HHS”) is considering changes to Federal restrictions on the sharing of substance use disorder (“SUD”) records.  The proposed changes would modify 42 C.F.R. Part 2 (“Part 2”) regulations that place restrictive conditions on the disclosure of SUD patient records—limitations that go above and beyond Health Insurance Portability and Accountability Act (“HIPAA”) restrictions.

The barriers imposed by these rules—which have been in place since the 1970s—have become the focus of particular attention in light of the opioid crisis, as members of Congress and other stakeholders have raised concerns about how the Part 2 statute and implementing regulations may inhibit efforts to respond and coordinate care.  Members of Congress have called for reform, but have been unsuccessful at seeking legislative fixes thus far.

Read More

EmailShare

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

*Jan Yves Remy is a former Sidley Austin Associate and now serves as the Deputy Director at Shridath Ramphal Centre for International Trade Law, Policy and Services at the University of the West Indies in Barbados.  As with all posts, this article is for your informational purposes only; Sidley Austin does not have offices in or practice law in Barbados.

Today, more than 120 countries have privacy and data protection laws or regulations in place. Many of the new or modernized laws tend to be based on comprehensive legislation, rather than sectoral rules, as data needs to move across industry groups and borders. With its new data protection bill, Barbados is planning to join the ranks; this is a significant move, and it is one fueled at least in part by the entry into force of the European Union’s General Data Protection Regulation (“GDPR”) on May 25, 2018. The GDPR was designed to harmonize data protection laws across Europe and to protect EU residents’ data privacy rights; and, its coming triggered significant privacy and data protection compliance activities amongst organizations doing business in the EU and working with the personal data of EU residents.

Read More

EmailShare

In an Eagerly Anticipated Decision, the Ninth Circuit Sides With Web Scrapers

For years, companies seeking to block web scrapers from collecting the information on their website would invoke the Computer Fraud and Abuse Act (CFAA), a U.S. law that criminalizes accessing a computer “without authorization.” But the U.S. Court of Appeals for the Ninth Circuit has now ruled that merely instructing scrapers that they are not welcome on a public website, either through a restrictive terms of use or a cease-and-desist letter, is probably not enough to render their access “unauthorized” under the CFAA. This decision is encouraging news for the many hedge funds, academic researchers and other data aggregators that use software bots to compile information online.

Read More

EmailShare

New EU Strong Customer Authentication Standards: Implications for Payment Service Providers

Under the revised Payment Services Directive (2015/2366) (PSD2), the European Banking Authority (EBA) and the European Commission were required to develop and adopt regulatory technical standards on strong customer authentication and common and secure open standards of communication. These regulatory technical standards were passed into EU law as Commission Delegated Regulation (EU) 2018/389 (the RTS), which entered into effect on September 14, 2019.

The RTS has direct effect on payment service providers (PSPs), including card issuers and acquirers, in all EU member states. However, certain EU member states, including the UK, have implemented transitional measures for a phased implementation of the rules in the context of card-based payments for e-commerce transactions.

This post discusses the requirements under the RTS for card issuers and acquirers to authenticate payment service users (PSUs), which is referred to as “strong customer authentication” (SCA).

Read More

EmailShare

Final California Consumer Privacy Act Amendments Bring Practical Changes (But Your Business May Now Be a California “Data Broker”)

After months of wrangling, the California legislature has finally passed a set of significant amendments to the California Consumer Privacy Act (CCPA), a sweeping data privacy and security law commonly referred to as “California’s GDPR” (Europe’s General Data Protection Regulation). Employee personal information and personal information obtained in business-to-business (B2B) interactions are now mostly out of scope. Personal information in credit reports and other data covered by the Fair Credit Reporting Act is also largely exempt. Only personal information that is “reasonably” capable of being associated with a consumer or household is subject to the act. And aggregate or deidentified information definitively does not qualify as CCPA personal information.

Read More

EmailShare

Monetary Authority of Singapore Invites Applications for New Digital Bank Licenses

On August 29, 2019, the Monetary Authority of Singapore (MAS) announced that it will begin accepting applications for new digital bank licenses. Interested parties have until December 31 to submit their applications. This follows the MAS’ initial announcement in June to issue up to two digital full bank (DFB) licenses and three digital wholesale bank (DWB) licenses, effectively opening up digital bank licenses to nonbank players.

Read More

EmailShare
EmailShare
XSLT Plugin by BMI Calculator