And the Modified Proposed CCPA Regulations are Here!

Craig CardonRachel Tarko HudsonLiisa ThomasJulia KadishBy Craig Cardon, Rachel Tarko Hudson, Liisa Thomas and Julia Kadish on Posted in California, California Privacy, CCPA, Consumer Privacy

On February 10, the California Attorney General’s office released a highly anticipated updated draft of the proposed CCPA regulations. This draft corrected a version first issued on February 7, 2020. These latest updates follow the four public hearings held in December 2019 and nearly 1,700 pages of comments submitted after the AG first released the initial proposal in October 2019.  While these modified regulations are still not final, some of the notable changes include: Continue Reading

CMMC Version 1.0: Enhancing DOD’s Supply Chain Cybersecurity

Jonathan E. MeyerTownsend BourneBy Jonathan E. Meyer, Townsend Bourne and *Nikole Snyder on Posted in Cybersecurity

Cybersecurity Maturity Model Certification (“CMMC”) v.1.0, after releasing several draft versions of the document over the past year. In an effort to enhance supply chain security, the CMMC sets forth unified cybersecurity standards that DOD contractors and suppliers (at all tiers, regardless of size or function) must meet to participate in future DOD acquisitions. Through the CMMC, DOD adds cybersecurity as a foundational element to the current DOD acquisition criteria of cost, schedule, and performance. We have previously discussed CMMC on our Government Contracts & Investigations Blog. Continue Reading

FTC Finalizes Five Settlements Regarding Privacy Shield Claims

Elfin NoceBy Elfin Noce on Posted in EU Privacy, Privacy Shield

The FTC recently finalized settlements with five companies over allegations that they falsely claimed certification under the EU-U.S. Privacy Shield framework. In each complaint, the FTC alleged that DCR Workforce, Inc., Thru, Inc., LotaData, Inc., and 214 Technologies, Inc. made false and misleading representations when they stated that they participated under the Privacy Shield framework on their website when they were not participants under the framework. Additionally, in the complaint against EmpiriStat, Inc., the FTC alleged that EmpiriStat, Inc. made a false and misleading representations when it stated that it was a current participant under the Privacy Shield framework on its website after it had allowed its certification to lapse and had been warned by the U.S. Department of Commerce to take down its claim of participation. Continue Reading

New Trends Emerge in FTC Data Security Orders, Including Emphasis on C-Suite Involvement

Julia KadishBy Julia Kadish on Posted in Consumer Privacy, Cybersecurity, Data Security, FTC

The FTC recently summarized three major changes it made to its orders in data security cases. In a blog signaling these changes, the FTC Indicated that some of the things it has been requiring of companies in 2019 are here to stay. Continue Reading

Getting Prepared for a Decade of Privacy

Liisa ThomasBy Liisa Thomas on Posted in California, Consumer Privacy, GDPR, Online Privacy

As we get settled into the reality of living with both CCPA and GDPR, companies are looking for new approaches for keeping their privacy houses in order. CCPA reminds us that there is no end to new legislation: proposals are already coming in from states as varied as Nebraska, New Hampshire and Virginia. Similar legislative trends exist around the globe. How can companies be prepared to address this ever shifting legislative landscape? There are a few essential steps privacy officers can take, including (1) aligning the privacy team’s efforts with the underlying corporate mission, (2) having a clear understanding of both the company’s data and its use practices, and (3) having infrastructure in place that will allow for updates to notices and rights. Continue Reading

Iran’s Imminent Cybersecurity Threat

Jonathan E. MeyerBy Jonathan E. Meyer on Posted in Cybersecurity, Data Breach, Data Security

In response to the killing of Major General Qassim Suleimani, the government of Iran and its supreme leader, Ayatollah Ali Khamenei, have declared the country’s intention to strike back at the United States. According to reports, their desire is to respond proportionally, but not start a war, and they are contemplating multiple options, any subset of which they may implement. Continue Reading

Is Your Privacy Policy Ready for 2020?

Julia KadishLiisa ThomasBy Julia Kadish and Liisa Thomas on Posted in Consumer Privacy, EU Privacy, Privacy Shield

Many organizations are currently focused on updating their privacy policy to include content required by CCPA. While making those edits, now is a good time to take a step back and think more broadly about privacy program and operations generally, and in particular about the non-CCPA parts of your privacy policy. Continue Reading

NAI’s 2020 Code Effective January 1 Along with CCPA

Liisa ThomasElfin NoceJulia KadishBy Liisa Thomas, Elfin Noce and Julia Kadish on Posted in Behavioral Advertising, Consumer Privacy, Online Privacy

The Network Advertising Initiative, which provides guidance to advertisers who engage in personalized advertising, updated its Code of Conduct (2020 Code) earlier this year to address, inter alia, data collected offline and used for tailored advertising, as well as CCPA and TV-based tailored advertising. In anticipation of the January 1, 2020 effective date of the Code, the NAI recently issued a guidance on how to get “opt-in consent.” While the NAI Code and guidance is applicable only to NAI members, the requirements are important for all to know, since it is these members who typically implement companies’ online behavioral advertising. Continue Reading

New European Data Protection Board Guidance on Data Protection by Design and by Default

Liisa ThomasKari RollinsElfin NoceBy Liisa Thomas, Kari Rollins and Elfin Noce on Posted in Data Security, EU Privacy, GDPR

The European Data Protection Board recently requested comments on its data protection “by design and default” guidelines. Comments are due by mid-January of next year. The Guidelines provide clarity about how to address GDPR’s requirement that companies take “appropriate” technical and organizational steps to protect personal information and individuals. Part of the law’s requirements, according to the guidelines, is that companies can show that the measures they took are effective. Continue Reading

New Artificial Intelligence Law for Illinois Employers in January 2020

Julia KadishLiisa ThomasBy Julia Kadish and Liisa Thomas on Posted in Employee Privacy

January 1, 2020, organizations that employ individuals based in Illinois will need to keep in mind the Artificial Intelligence Video Interview Act. This Act sets forth new requirements for video-recorded interviews using AI to analyze such recordings. The law is not limited to just Illinois residents. It applies to applicants for positions based in Illinois. While brief, and without any definitions, the Act requires three things before using AI technology in video interviews. Continue Reading

LexBlog

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree