California Amends its Consumer Privacy Act

On September 23, 2018, California Governor Jerry Brown signed into law SB-1121, a bill that makes several amendments to the Golden State’s landmark Consumer Privacy Act (“CCPA”). California enacted the CCPA in June after legislators reached a last-minute compromise with a group of privacy activists who would have put a more stringent data protection measure on the November ballot. Given the hasty enactment of the law,… More

New Law Provides Free Credit Freezes and Year-Long Fraud Alerts

As summarized nicely in the FTC FAQs below, there is a new law, the Economic Growth, Regulatory Relief, and Consumer Protection Act, that makes credit freezes free and extends fraud alerts to last a full year.  Here are some of the most common questions raised about this new law, and the FTC’s answers:

Q: I already had a credit freeze in place when the new law took effect on September 21,… More

French Data Protection Authority Takes Stock After 4 Months of GDPR

Four months after the GDPR came into effect, the French Data Protection Authority (“CNIL“) published a first assessment with some impressive figures:

  • It received more than 600 personal data breach notifications, ‎i.e., about 7 notifications each day, involving approximately 15 million individuals.
  • It received 3,767 complaints from individuals. As we commented on this blog,…
  • More

Three Things Not to be Forgotten about the GDPR’s “Right to be Forgotten”

Our experience in advising clients about GDPR and assisting them in the compliance process is that there are often misconceptions about the so-called “right to be forgotten”. The purpose of this post is to address some of these misconceptions.

  • The “right to be forgotten” was not created by the GDPR

The GDPR replaced the EU’s 1995 Directive which provided in Article 12(b) that “Member States must guarantee every data subject the right to obtain from the controller: (…),… More

Hacker Fails to Establish “Necessity” of DDOS Attack on Hospital

In a recent decision from the District of Massachusetts, the alleged perpetrator of cyber-attacks against Wayside Youth and Family Support Network and Boston Children’s Hospital (“BCH”) failed in his attempt to assert a novel defense:  necessity.  In what most would view as a positive development, the court found that the defendant and alleged hacker did not “offer[] competent evidence that it was objectively reasonable to anticipate a causal relationship between the alleged cyber attack and the purported harm to be averted.”… More

Escalation of Cybersecurity Threats to National Power System Prompts FERC to Call for Stricter Reporting Standards

On July 19, the Federal Energy Regulatory Commission (“FERC” or “Commission”), pursuant to its authority under section 215 of the Federal Power Act, issued a final rule directing the North American Electric Reliability Corporation (“NERC”) to develop modifications to NERC’s Reliability Standards as they relate to cyber security incidents. Issuance of the final rule is timely. A recent news article described hackers’ successful infiltration of the control rooms of multiple electric utilities.… More

Partner Colin Zick to Speak at MassBio Forum on the Era of GDPR Data Privacy

Partner Colin Zick will join Naomi Leach, Senior Associate, Data Protection at Stephenson Harwood, and Lana Gladstein, Vice President and General Counsel at Brammer Bio, for a MassBio program on July 31 entitled The Era of GDPR Data Privacy, Two Months In: Do you have a Data Transfer Agreement handy?

Details

The GDPR Data Privacy Law has been in effect since May 25,… More

California Passes New Data Privacy Law With National Implications

The California Consumer Privacy Act of 2018 (the “CCPA”) was signed into law on June 28, 2018. Although it is a state law, it has national and international ramifications. Here are some key aspects to be aware of.

1. Effective date

The law is slated to go into effect on January 1, 2020. However, the California State Legislature has the option of offering amendments to alter the law between now and its effective date,… More

Regulators Step Up Scrutiny of Cryptocurrency Advertising as Industry Stance Softens

We posted earlier this year about increased scrutiny of cryptocurrency advertising, especially the promotion of Initial Coin Offerings, or ICOs.  The key takeaway from that post was that the frenzy around cryptocurrencies – including as an investment opportunity for individuals who aren’t otherwise active investors – has led to a number of efforts to curtail cryptocurrency promotion, from both regulators and industry stakeholders.… More