Search Results: Privacy Compliance

Biometrics Regulations: Navigating US Biometric Laws

The United States is in need of comprehensive federal data privacy legislation, which may finally be gaining traction. In late 2019, two competing federal privacy proposals were drafted. Senate Bill 2968 (the “Consumer Online Privacy Rights Act”), was introduced by Senator Maria Cantwell (D-WA), among others.  And the “United States…

Read More

China Publishes Draft Guidelines on Security Review Requirements for Data Exports

China’s new framework for regulating data transfers is beginning to take shape. On October 29, 2021, China’s cybersecurity regulator, the Cyberspace Administration of China (CAC), published draft guidelines outlining when and how data controllers must undergo a security assessment before transferring data out of China pursuant to the country’s recently-issued…

Read More

SEC Seeks Input on BD and RIA Digital Engagement Practices

Authored by: Nicholas Losurdo and Christopher Grobbel The SEC recently solicited public comment on digital engagement practices (DEPs) used by some broker-dealers and investment advisers, including predictive data analytics, differential marketing, and behavioral prompts (such as gamification).  The public comment window closes October 1, 2021.  Comments letters submitted already are available here—viewpoints run…

Read More

EDPB to Provide Clarification on Transfers to Importers Subject to the GDPR: Another New Set of SCCs Seen

The European Data Protection Board (EDPB) recently published minutes of its last plenary meeting held in September 2021, which (in paragraph 2) shed light on how the EDPB may address one of the biggest open issues regarding data transfers from Europe — whether under General Data Protection Regulation (GDPR), Chapter V data…

Read More

FTC: Health Apps and Connected Devices Subject to Health Breach Notification

If you are not familiar with the FTC’s Health Breach Notification Rule, you are not alone. Issued in 2009, it has never been enforced. That may now change. In a recent Policy Statement, the FTC is putting a new spotlight on the Rule, explaining that the Rule applies to health…

Read More

There's a New Regulator in Town: China Passes an Omnibus Data Privacy Law

On August 20, the People’s Republic of China became the latest global economic powerhouse to pass an omnibus privacy law. Titled the Personal Information Protection Law (“PIPL”), the law was adopted by the Standing Committee of China’s National People’s Congress, China’s top legislative body, and is slated to take effect on…

Read More

Europe Opts for Pragmatism with new SCCs and ICO Opens Consultations on UK SCC — What Companies Need to do Next

The dust has settled on the new EU standard contractual clauses for cross-border data transfers (“New SCCs”), but confusion still reigns on how the New SCCs cover data transfers and what companies need to do to take advantage of them and comply with regulatory implementation guidance, including in relation to…

Read More

The Colorado Privacy Act Joins List of Comprehensive State Privacy Laws

On July 7, 2021, Colorado Governor Jared Polis signed the Colorado Privacy Act (“CPA”) into law. The CPA will take effect on July 1, 2023 and joins the California Consumer Privacy Act (“CCPA”), the California Privacy Rights Act (“CPRA”), and Virginia Consumer Data Protection Act (“VCDPA”) on a growing list of comprehensive state data privacy laws…

Read More

Companies Can Protect Proprietary Data When Responding to CCPA Privacy Requests

Since its passage almost three years ago, the California Consumer Privacy Act (“CCPA”) has offered California-based consumers certain rights over the personal information companies collect and process about them. While responding to any request to exercise CCPA rights creates its own set of challenges, one right in particular – the right to…

Read More