Subscribe

* indicates required

Explore MVALAW.COM

USDOL Offers Guidance on Data Security for Plan Fiduciaries and Service Providers

The Employee Benefits Security Administration of the United States Department of Labor (“EBSA”)  recently published guidance regarding cybersecurity best practices for recordkeepers and service providers responsible for plan related information technology systems and data for ERISA-covered plans, including 401k and other pension plans.

The EBSA counseled that a plan’s service providers should implement the following practices:

  1. Have a formal, well documented cybersecurity program.
  2. Conduct prudent annual risk assessments.
  3. Have a reliable annual third-party ...

Virginia’s Consumer Data Protection Act makes it the second state to pass a comprehensive data privacy law.

Another Major Setback for EU-U.S. Data Transfer in “Schrems II”

On July 16, 2020, the Court of Justice of the European Union (“CJEU”) issued its judgment in the “Schrems II” case, cautiously upholding Standard Contractual Clauses (SCCs) and invalidating the popular EU-U.S. Privacy Shield.  The judgment is the second major triumph affecting transatlantic commerce for Austrian privacy activist, Max Schrems. 

Under the EU’s General Data Protection Regulation (“GDPR”), an organization may only transfer individuals’ personal data to non-EU countries for processing if the European Commission determines the third country ...

Beware Compromised Business Email . . .and the Litigation That Follows

Businesses are facing this system hack with ever-increasing frequency:  An accounts payable employee receives new or updated payment instructions from a vendor via email.  The email appears to be from a familiar counterpart at the vendor; it contains accurate details specific to a current transaction; the new bank is well known; and the new instructions have the vendor’s name, or a version of it, as the beneficiary.

Update: The Washington Privacy Act

For more background on the Washington Privacy Act, see: Washington State Legislature Takes Another Shot At a Consumer Data Privacy Law (DataPoints, 1/22/2020)


Senate Bill 6281, the Washington Privacy Act, passed out of the Senate on February 14 and moved to the House of Representatives where it is expected to run up against some skepticism and questions. 

The bill was drafted to help bring Washington state more in line with California’s and the EU’s data privacy regulation efforts, in the absence of comprehensive privacy regulation at the federal level.  The Act places ...

Washington State Legislature Takes Another Shot At a Consumer Data Privacy Law

Following an unsuccessful attempt last year at passing a comprehensive data privacy bill, the Washington State Legislature is hoping the second time’s the charm. Senate Bill 6281, this session’s updated version of The Washington Privacy Act, is based on the best practices taken from the European Union’s General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA) which went into effect on January 1 of this year. Although last year’s effort fizzled in Washington’s House of Representatives after passing the Senate 46-1, SB 6281 has been ...

Schrems II Opinion Casts Doubt on EU-US Data Protection Rules

Facebook is at the center of the “Schrems” case, which exposed contradictions between U.S. and EU data privacy rules and toppled the U.S./EU Safe Harbor (Schrems I). In Schrems II, Austrian Max Schrems challenges the adequacy of standard contractual clauses and the Privacy Shield (the replacement to the Safe Harbor).  A recent opinion in Schrems II questions the adequacy of privacy protections guaranteed by the U.S. but for now preserves the Privacy Shield and standard contractual clauses as potential adequate means of transferring personal data from the EU to the U.S.

The ...

The Wait is Over: Proposed Regulations Implementing the CCPA are Released

By Suzanne Gainey and Tandy Mathis.  On October 10, California Attorney General Xavier Becerra announced that the long-awaited proposed regulations implementing the California Consumer Privacy Act (“CCPA”) are available for public comment.  Although the regulations are not yet final, they do provide some visibility into what the Attorney General will expect from businesses that are subject to the CCPA.  While the proposed regulations add some clarity to the (sometimes unclear) language of the CCPA, the regulations also raise new questions about the application of the CCPA ...

California Consumer Privacy Act Update: AB25 and AB1355 Approved by California Governor

Earlier we posted an article regarding the amendments to the California Consumer Privacy Act by AB 25 and AB1355 creating a moratorium on the application of much of the CCPA to employee personal information—subject to approval by California’s governor. Pleased to report that Governor Newsom approved both AB25 and AB1355 and therefore the moratorium will be in effect until January 1, 2021. Some welcome relief to businesses trying to comply with the CCPA’s requirements.

California Consumer Privacy Act Update: California Legislature Provides Relief for Businesses Processing Employee Data

The California Consumer Privacy Act (CCPA) imposes significant protections for California residents covered by the law, and significant burdens for companies required to comply with it.    One area of concern is whether the CCPA applied to employee data collected by a business.  The language of the CCPA was unclear, but was open to the interpretation that its protections covered such data.  With an effective date of January 1, 2020, employers have been watching to see if the California legislature would clear up the uncertainty.  The good news is that for at least until January 1, 2021, most ...

About Data Points: Privacy & Data Security Blog

The technology and regulatory landscape is rapidly changing, thus impacting the manner in which companies across all industries operate, specifically in the ways they collect, use and secure confidential data. Moore & Van Allen’s Privacy & Data Security Group recognizes the challenges clients face in the effort to stay abreast of such volatility. “Data Points” seeks to educate by providing transparent and cutting-edge insight on the most critical issues and dynamics. Our goal is to inform business decision-makers who are navigating these waters about the information they must protect, and what to do if/when security is breached. Read About Our Practice and Meet the MVA Privacy & Data Security Team.

Interested in Other Topics?

Jump to Page

Subscribe To Our Newsletter

Subscribe

* indicates required

By using this site, you agree to our updated Privacy Policy and our Terms of Use.