As the anticipated January 1, 2020 effective date of the California Consumer Privacy Act (“CCPA” or “the Act”) draws closer, determining whether a company falls under its mandate is of critical importance. Unfortunately, making that determination can be unexpectedly complicated. Unpleasant surprises may await the unwary.
This article was written by Alison Bird, my partner at Clearview Privacy Consulting LLC.
These days, more and more IT departments are choosing to move data hosting to the cloud. This decision makes a lot of sense. Cloud storage relieves the company of the operational burden of maintaining systems and moves critical data to locations that are more secure than your office basement. [Read more…]
Co-authored by Alison Bird
On March 5, 2019, the FTC proposed changes to the Safeguards Rule of the Gramm-Leach-Bliley Act (GLB) which would create new, prescriptive security obligations for companies regulated under GLB, similar to those under the New York State Department of Financial Services. While most people think of GLB as applicable only to financial institutions, the FTC defines a financial institution very broadly. An entity is a “financial institution” if its business is engaging in an activity that is financial in nature or incidental to such financial activities as described in Section 4(k) of the Bank Holding Company Act, provided such entities are not subject to other regulators under GLB. Some examples of financial institutions mentioned in the proposal are:
In this post, Thomas Ritter and I take a look at cyber security laws affecting the insurance industry and offer recommendations about how affected companies can get in good cyber shape. Thomas is a leading cyber security attorney with Thomson Burton in Nashville. He advises clients on regulatory compliance, incident response, and risk mitigation techniques.
In May of 2018, the EU’s groundbreaking privacy and cyber security regulation, the General Data Protection Regulation (GDPR), went into effect. The GDPR covers virtually every aspect of how companies handle protected data and empowers individuals with a wide range of rights over their data. Implementing these sweeping GDPR requirements has proved to be strategically and operationally challenging for affected businesses, with few expecting to have achieved full compliance by the Regulation’s May 25, 2018, effective date.
Just as companies were catching their collective breath after racing toward the GDPR deadline, Governor Jerry Brown of California signed the hastily enacted and similarly groundbreaking California Consumer Protection Act (CCPA). Like the GDPR, the CCPA also vests individuals with more control over their protected data. Although the CCPA is expected to be further clarified prior to its January 1, 2020, effective date, it also promises to create challenging strategic and operational hurdles for covered businesses. While there are a number of similarities between GDPR and CCPA — some commentators actually refer to CCPA as “GDPR light” — understanding the specific areas of overlap as well as the differences between the two standards can help companies more efficiently and effectively work towards ongoing compliance with both.