Showing Posts In "Data Protection and Privacy" Category





Data Protection Post-Brexit

There is no denying that Brexit will have implications for data protection and the ongoing flow of personal data from the European Union (EU) to the UK (United Kingdom). Currently governed by the EU General Data Protection Regulation (GDPR) as applied by the UK’s Data Protection Act (DPA), if the UK leaves the EU in […]


EU-US Privacy Shield Undergoes Second Review by EU Commission and (Re)Passes the Test—For Certifying Companies, Santa Has Come to Town

On December 19, the EU Commission (“Commission”) published its report to the European Parliament and the Council on the second review of the functioning of the EU-US Privacy Shield (the “Report”). To the relief of the 3,850 US companies who have certified to the Privacy Shield, and those entities transferring personal data to them, the […]


Department of Commerce Updates Privacy Shield FAQs to Clarify Applicability to UK Personal Data

On December 20, 2018, the Department of Commerce updated its frequently asked questions (“FAQs”) on the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (collectively, the “Privacy Shield”) to clarify the effect of the UK’s planned withdrawal from the EU on March 29, 2019. The FAQs provide information on the steps Privacy Shield participants must take to […]


Data Localization and Digital Trade in the New United States-Mexico-Canada Agreement

The new United States-Mexico-Canada Agreement (USMCA), which was announced Sept. 30, 2018, and succeeds the North American Free Trade Agreement (NAFTA), restricts the parties abilities to localize data freely. Some would argue that the USMCA runs counter to the countrys existing data sovereignty and privacy efforts to date with British Columbia and Nova Scotia having […]


California Consumer Privacy Act: The Challenge Ahead CCPA and Employee Data

Although the new California Consumer Protection Act of 2018 (CCPA) was never intended to apply to employee data, the subject has been under debate since it first was introduced on June 21, 2018. Some are skeptical, arguing that the law is meant to be a general consumer protection measure, but others have pointed out some […]


FTC Reaches Settlements with Four Companies that Falsely Claimed Participation in the EU-U.S. Privacy Shield

Four companies have agreed to settle allegations by the Federal Trade Commission (FTC) after they were found to have falsely claimed certification under the European Union (EU)-U.S. Privacy Shield framework. IDmission, LLC, was found to have not completed the steps to be certified under the program, while mResource, LLC (doing business as Loop Works, LLC), […]


FTC Consumer Protection Chief Makes Case for EU Data Privacy Cooperation

Andrew Smith, director of the Federal Trade Commissions bureau of consumer protection, recently trumpeted the agencys efforts to uphold a data transfer pact between the European Union (EU) and U.S. government. The agency is tasked with ensuring that participating companies follow the Privacy Shield agreements data protection requirements. About 4,000 companies have self-certified their compliance […]


New Colorado Statute Provides Data Protection Guidance for Employers in the Centennial State and Beyond

A new data protection law took effect in Colorado in early September that requires state employers to implement procedures to protect and eventually destroy employees personally identifiable information. If said information is provided to a third-party service, the covered entity must be sure that reasonable security procedures and practices are upheld. The new law also […]


The Practical Guide to the California Consumer Privacy Protection Act Part 1

The California Consumer Privacy Protection Act of 2018 (CCPA), designed to emulate the European General Data Protection Regulation (GDPR), has U.S. companies rushing to verify that their practices comply with the statute. Bryan Cave Leighton Paisner has published a multi-part Practical Guide to the CCPA to help address any confusion. In it, he shares that […]


Employment Screening Resources (ESR) Incorporates Fully Compliant GDPR Technology to Help U.S. Employers Screen EU Residents

Employment Screening Resources (ESR) has incorporated fully compliant General Data Protection Regulation (GDPR) policies, procedures and technologies to help employers screen European Union (EU) residents. According to Brad Landin, ESRs president, the ESR Assured Compliance system will provide clients with required GDPR-related tools. The tool will allow the company to present and collect the consent […]




Subscribe to our Publications