On July 7, 2021, Governor Jared Polis signed into law the Colorado Privacy Act (CPA), making Colorado the most recent state to enact comprehensive privacy legislation. While the CPA does not take effect until July 1, 2023, it contains robust provisions that businesses will need some time to prepare for.
The CPA draws many principles from and has a similar framework to the California Consumer Privacy Act (CCPA),… More
The EU Commission issued today a “Communication to the European Parliament and the Council” which is entitled “Data protection rules as a trust enabler in the EU and beyond- taking stock”, which outlines the current state of EU data protection, with particular focus on the impact of GDPR.
The Commission notes that all EU Member States have updated their national data protection laws except for three (Greece,… More
The French National Assembly voted on May 14, 2018 to adopt changes that bring its existing Data Protection Act of 1978 in line with the EU’s General Data Protection Regulation (GDPR).
Paradoxically, while France was the first EU Member State to adopt a data protection act, it is one of the latest EU countries to adapt to GDPR,… More
Recent legislation in the New York State Assembly reflects a growing governmental interest in blockchain as a technology in cybersecurity systems. On November 27, four different bills addressing blockchain technologies were introduced into the New York State Assembly. Most significant among these is Assembly Bill 8793, which would establish a task force to study and report on the potential implementation of blockchain technology in state record keeping,… More
The Economist certainly thinks computer security is broken (and it’s hard to argue the contrary). In its April 8 edition, The Economist’s cover story proclaims, “Why computers will never be safe.” While that’s good news for some of us (at least in the short run), for most of us it’s a daunting proposition. So how to address the problem? Do we need more regulation, as The Economist suggests? … More
What the recent Amazon decision tells us
On 28 July 2016, the European Court of Justice rendered a decision in a dispute between an Austrian Consumer Protection organization known as VKI (Verein für Konsumenteninformation) and Amazon EU Sàrl, a subsidiary of Amazon registered in Luxembourg. The main issue in this case is whether Amazon General Conditions were enforceable under Consumer Law; however; one of the questions referred to the European Court was about the territorial scope (Article 4) of the 95/46/EC Directive on Data Protection.… More
A key distinguishing feature of U.S. data privacy laws is their patchwork nature. There are industry-specific data privacy laws at the federal level (think HIPAA or the GLBA), yet there are no comprehensive federal standards that governs an entity’s obligations in the event of a data breach like the EU’s Data Privacy Directive. For data breach response, in addition to the possible application of an industry-specific law or regulation,… More
Today’s Law360 addresses “HHS Data-Scrubbing Guidance” with quotes from me and others on the subject:
Clarifying the types of data that need to be removed from data sets can also help companies maximize the value of the information that they hold as the value of and ability to use this data for research and public health purposes increases, Foley Hoag LLP security and privacy practice co-chair Colin Zick added.… More
Interesting article from Of Counsel regarding both the substance and the business of data privacy and security law. Lawyers from several firms (including me) talk about current and pending legislation, the mechanisms of compliance and breach response, and the pipeline for new lawyers in the field of data security and privacy.
One of the other attorneys discussed the shortage of trained attorneys in this area as follows:
You’d think,… More
A bill to adopt the Uniform Trade Secrets Act (“UTSA”) has been pending in the Massachusetts Legislature since late January. Forms of the UTSA have been adopted in 46 states, as well as the District of Columbia, Puerto Rico, and the U.S. Virgin Islands. Only New York, Texas, North Carolina, and Massachusetts have not adopted the UTSA.
The bill would supersede the definitions, procedures, and remedies applied in Massachusetts chapter 93A actions (regulating unfair and deceptive trade practices) for trade secret misappropriation.… More