Showing Posts In "Data Protection and Privacy" Category

Third Time’s the Charm? EU-US Data Privacy Framework Revamped and Reloaded

The European Commission has adopted an adequacy decision for a lawful data transfer from the EU to the USA for the third time. The recent adequacy decision follows an Executive Order of President Biden that introduced new binding safeguards to ensure that data can be accessed by the US intelligence agencies only to the extent […]

Texas Data Privacy and Security Act – An Overview

Effective July 1, 2024, the Texas Data Privacy and Security Act (TDPSA) is similar to the state privacy laws in Virginia, Utah, and Iowa, among others, but several notable provisions exist. These include a “small business” carveout, consent to process sensitive data, notices for the sale of sensitive personal data, a requirement to recognize the […]

Oregon Passes Comprehensive Privacy Law

Senate Bill 619 has been passed in Oregon, applying to any business that does business in the state and controls or processes the personal information of at least 100,000 Oregon residents or at least 25,000 Oregon residents while deriving at least 25% of its revenue from the sale of personal information.

Read more

Data Privacy Framework Program Launches New Website Enabling U.S. Companies to Participate in Cross-Border Data Transfers

A website has been launched that will enable eligible U.S. companies to self-certify their participation in the EU-U.S. Data Privacy Framework. The Data Privacy Framework (DPF) program website facilitates cross-border transfers of personal data in compliance with European Union law. Companies that participate in the EU-U.S. Privacy Shield can use the website right away to […]

Delaware General Assembly Passes Personal Data Privacy Act

The Delaware general assembly recently passed the Delaware Personal Data Privacy Act (DPDPA), H.B. 154. The bill is similar to the statutes in Connecticut, Montana, and Oregon, with some differences pertaining to scope and exemptions, sensitive data, consumer rights, opt-in consent, and enforcement.

Read more

CPRA Enforcement Delayed Until at Least March 29, 2024

A Superior Court of California judge has delayed enforcement of the California Privacy Rights Act (CPRA) regulations until March 29, 2024. The decision followed a California Chamber of Commerce lawsuit in which the plaintiff argued that California voters intended for the California Privacy Protection Agency (CPPA) to issue regulations at least one year prior to […]

Connecticut Legislature Passes Amendments to the Connecticut Data Privacy Act

Connecticut SB 3 has been passed by the Connecticut legislation, which would amend the Connecticut Data Privacy Act (CTDPA) to include several provisions related to health and minors’ data. The bill imposes several requirements related to health data, children’s data, and a few other miscellaneous requirements pertaining to online dating and a new task force.

California Attorney General Announces New CCPA Investigative Sweep of Employers

A new CCPA investigatory sweep announced by the California Attorney General will focus on employee data. Inquiry letters have been sent to “large California employers requesting information on the companies’ compliance with the California Consumer Privacy Act (CCPA) with respect to the personal information of employees and job applicants.” The announcement serves as a reminder […]

What is SOC 2, and Do You Actually Need it?

System and Organization Controls 2, or SOC 2, is an information security framework created by the American Institute of Certified Public Accountants (AICPA). Audits for SOC2s can be costly and time-consuming. SOC 2 was developed around five “trust Services” criteria, including security, availability, processing, integrity, confidentiality, and privacy. SOC 2 Type 1 evaluates a company’s […]

Florida Legislature Passes Privacy Law

The Florida House has passed an amended version of SB 262, a bill establishing the Florida Digital Bill of Rights. If signed by the governor, the law would be an important development for companies that meet its extremely narrow definition of a “controller.” In addition to its narrow applicability, a few key provisions of the […]