Compliance

Yesterday the White House Office of Management and Budget issued guidelines (the “Guidelines”) requiring all federal agencies to buy and use software that comply with “secure development practices” developed by the National Institute of Standards and Technology (“NIST”).  The Guidance follows an Executive Order (“EO”) of May 2021 on improving cybersecurity across government agencies and

CPW’s Kristin Bryan, a 2022 Law360 Privacy & Cybersecurity MVP as well as a featured subject matter expert for LexisNexis, Jesse Taylor and Shing Tse teamed up to co-author a chapter of the Lexis Practical Guidance titled “Privacy, Cybersecurity and Data Breach Litigation: Key Laws and Considerations. In this practice

The second reading of the Data Protection and Digital Information Bill (the Bill) has been delayed following the election of the new Conservative Party leader. The new date is yet to be announced, but in the meantime, it is worth analysing some of the key changes the Bill proposes. While it promises more flexibility and less ambiguity, practically speaking, the Bill may not represent a fundamental divergence from the current regime.

Continue Reading Data Protection and Digital Information Bill Delayed – Aspects to Consider While We Wait

Recently, eyewear brands that offer virtual try-on (“VTO”) tools—which allow website visitors to “try before they buy” while shopping online—have faced a barrage of class action lawsuits alleging violations of the Illinois Biometric Information Privacy Act (“BIPA”). Importantly, however, BIPA suits are not the only legal risks that continue to increase for eyewear retailers today,

Earlier this month, Law360 released the names of those chosen for the 2022 MVP awards. Of the 900 attorneys who were nominated for the honor, Law360 notes that, “[t]he attorneys chosen as Law360’s 2022 MVPs have distinguished themselves from their peers by securing hard-earned successes in high-stakes litigation, complex global matters and record-breaking deals.”

Continue Reading Congratulations to CPW’s Kristin Bryan on Being Named a 2022 Cybersecurity & Privacy MVP by Law360!

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

FCC Reportedly Issues Letters of Inquiry Seeking Further Information on Wireless Providers Data Privacy Practices | Consumer Privacy World

As previously reported, the Federal Communications Commission last month released responses from the 15 major wireless carriers concerning their data retention and privacy practices, particularly with respect to location information.

In doing so, the FCC Chairwoman announced that she had asked the agency’s “Enforcement Bureau to launch a new investigation into mobile carriers’ compliance with FCC rules that require carriers to fully disclose to customers how they are using and sharing geolocation data.”

Continue Reading FCC Reportedly Issues Letters of Inquiry Seeking Further Information on Wireless Providers Data Privacy Practices

With the implementation of new regulations involving the handling of “HR data” across the US and the EU, transatlantic employers can expect to face unique challenges as they make efforts to incorporate these new regulations with existing procedures. In the coming months, managing data subject rights and business obligations that apply to HR data will

The California Consumer Privacy Act (CCPA) currently has limited carve-outs for personal information (PI) collected from a job applicant, employee, owner, director, officer, medical staff member, or independent contractor of a business acting in such capacity (including, without limitation, communications, emergency contact and benefits PI) (HR data). An even broader exception applies to B-to-B communications and related PI (e.g., vendor, supplier and business customer contacts and communications) (B-to-B data). As a result, businesses subject to the CCPA are not currently required to honor CCPA rights requests received from persons concerning HR data and B-to-B data. These carve-outs are set to sunset on January 1, 2023, when the California Privacy Rights Act (CPRA), which substantially amends the CCPA, goes into full effect, at which point HR data and B-to-B data will be fully subject to all of the requirements of the CCPA/CPRA. Many business administrators had hoped that either the California legislature would extend the HR data exceptions (or maybe even make them permanent), or a federal law that limited data subject rights to traditional consumers would pass and preempt CCPA/CPRA. It is now clear that the former is impossible and the latter is highly unlikely. Accordingly, many companies have a lot to do by year-end to prepare to stand up a CCPA/CPRA program for HR data and B-to-B data.

Continue Reading HR and B-to-B Data Compliance Deadline Looming – Legislative Efforts to Extend California Consumer Privacy Act Exemptions Fail

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Speaker Pelosi Expresses Concerns With Federal Privacy Bill’s Preemption Provision | Consumer Privacy World

The Cookie Crumbles – Lessons