Tag archives: personal information

Mic Drop: California AG releases long-awaited CCPA Rulemaking

Data Protection Report - digital privacy, CCPA and cybersecurity

On October 10, 2019, with just weeks to go until the law goes into effect, the California Attorney General released the long-awaited draft regulations for the California Consumer Privacy Act (CCPA).

The proposed rules shed light on how the California AG is interpreting and will be enforcing key sections of the CCPA.  In the press release announcing the proposed regulations, Attorney General Becerra described CCPA as “[providing] consumers with  groundbreaking new rights on the use of their personal information” and added, “It’s time we had control over the use of our personal data.”… Continue Reading

New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR

Data Protection Report - Norton Rose Fulbright

Following the now famous €50m fine imposed on Google LLC in January 2019,[1] the French Data Protection Authority (the CNIL) published a decision taken on 28 May 2019[2] imposing a fine of €400,000 on SERGIC, a company specialised in real estate development, purchase, sale, rental and property management.… Continue Reading

Pennsylvania Supreme Court holds common law duty for employers extends to protecting sensitive employee information

Data Protection Report - Norton Rose Fulbright

On November 21, 2018, the Pennsylvania Supreme Court broke new ground by holding that employers have a legal duty to take reasonable care to safeguard its employees’ sensitive personal information from cyberattacks. Dittman v. UPMC, 2018 Pa. LEXIS 6072199 (Pa. Nov. 21, 2018).… Continue Reading

California Consumer Privacy Act: Disclosure requirements

Data Protection Report - Norton Rose Fulbright

This is the Data Protection Report’s fourth blog posts in a series of CCPA blog posts that will break down the major elements of the CCPA, which will culminate in a webinar on the CCPA in October. Stay tuned for additional blogs and information about our upcoming webinar on the CCPA.

The California Consumer Privacy Act (the “CCPA” or “Act”) includes significant and new disclosure requirements for businesses that collect and or sell or disclose California residents’ personal information. Below we have outlined: (1) disclosures businesses must make in their privacy policy; (2) disclosures businesses must make upon receipt of … Continue Reading

GDPR is upon us: are you ready for what comes next?

Norton Rose Fulbright - Data Protection Report blog

The wait is finally over—this Friday the European Union General Data Protection Regulation (GDPR) will come into force. For many readers of this post, a huge amount of work will have been done in recent months in building up to compliance with the new regime. However, the challenges of GDPR certainly don’t end on the date this law goes into implementation. We have shared below some interesting points that we’ve seen arising recently, all of which relate to how things are likely to develop from today onwards, including enforcement predictions, challenges related to operationalizing data subject access procedures, and how … Continue Reading

California privacy initiative likely to increase costs of civil litigation if passed in November

Norton Rose Fulbright - Data Protection Report blog

A little more than one month from implementation of GDPR, companies may be tempted to relax and exhale (and if GDPR is still causing you headaches, consult our checklist). After all, the U.S. couldn’t be crazy enough to implement something as onerous and difficult, right? RIGHT?!?

Enter California, which appears likely to place an initiative on the November 2018 ballot that could bring some familiar aspects of GDPR to the sixth largest economy in the world. The proposed initiative, the Consumer Right to Privacy Act of 2018 (the “CRPA”), still needs to obtain the necessary signatures to appear on … Continue Reading

Ninth Circuit further entrenches circuit split over standing in data breach cases

Norton Rose Fulbright - Data Protection Report blog

On March 8, 2018, the Ninth Circuit issued its highly anticipated decision in In re Zappos.com, Inc., finding that allegations of future risk of identity theft from a data breach are sufficient to confer standing. This decision fuels an ongoing circuit split, pitting the D.C., Sixth, Seventh and now Ninth Circuits against the Second, Fourth, and Eighth Circuits over whether the mere exposure of personal information – without actual identity theft or credit/debit card fraud – establishes Article III standing.… Continue Reading

South Dakota and Colorado strengthen data breach protections

Norton Rose Fulbright - Data Protection Report blog

Last week, South Dakota moved closer to implementing a data breach notification law, while Colorado legislators introduced a new bill requiring “reasonable security procedures,” imposing data disposal rules and shortening the time frame in which to alert authorities regarding a breach.  South Dakota and Colorado are the latest states taking steps in cybersecurity lawmaking in light of Congress’s inaction regarding data breach legislation.… Continue Reading

Canada amends federal data protection law, PIPEDA

Data Protection Report - Norton Rose Fulbright

On June 18, 2015, Canada’s Senate and House of Commons passed the Digital Privacy Act to amend the country’s federal Personal Information Protection and Electronic Documents Act (PIPEDA). Many of the amendments are scheduled to come into force on a date to be determined by the government. The revised requirements (highlighted below) will have a significant impact on the treatment of personal information by organizations that are subject to PIPEDA. These are organizations that either are federally regulated and fall under the legislative authority of the Parliament of Canada, or operate within a province that does not have in place … Continue Reading

LexBlog