Cybersecurity and Privacy

When the law was signed by then Governor Brown (see our prior Alert here), the expectation was that Attorney General Becerra would issue the enabling regulations by July of this year, which would allow a phase-in period. Then by January 1, 2020, the requirements would be clear and companies would be able to properly

In the last week, both the Dept. of Homeland Security and the Food and Drug Administration have issued a consumer alert about the potential hacking risk regarding cardiac devices, specifically because those devices have no encryption on their software. The devices in question are implantable cardiac devices, clinic programmers and home monitors which are used

Background

Title III of the Americans with Disabilities Act (“ADA”) mandates that public accommodation must be provided to disabled persons to allow for the “full and equal enjoyment” of the related privileges, goods, services, advantages and accommodations as those provided to able bodied persons.  The owner of any business is responsible for making sure those

Published originally by the Journal of Commerce in December 2018

When the General Data Protection Regulations (“GDPR”) took effect on May 25, 2018, American companies found themselves in a quandary. The language of the regulations was sufficiently broad to initially conclude that even if a company had no presence or operation in Europe, it would

In the September 18, 2017 Federal Register notice (see 82 FR 43556) , U.S. Citizenship and Immigration made clear it will now routinely require those applying to enter the U.S. to provide social media handles. As such, the obvious starting point for these tips must be a reminder that Customs and Border Protection (“CBP”) officers

Originally published by the Journal of Commerce in January 2017

The Senate Armed Services Committee hearing on January 5, 2017 was an opportunity to learn what the intelligence community determined regarding cyber-attacks related to the 2016 Presidential election.  For those of us having to deal with the potential consequences to our businesses, it was the

On April 13, 2016, the Article 29 Working Party took action which some found surprising and others predicted. It found the EU-U.S. Privacy Shield did not contain adequate protections and needs further improvement. The Working Party’s statement can be found at http://ec.europa.eu/justice/data-protection/article-29/press-material/press-release/art29_press_material/2016/press_release_shield_en.pdf.

While acknowledging the Privacy Shield contains “significant improvements” over the previous Safe Harbor,

Corporate compliance programs come in all shapes and sizes and apply whether your company is privately owned or publicly traded. These internal controls take the form of accounting and audit procedures, import-export/regulatory policies, employment guidelines, ethics/anti-corruption initiatives and so on. The intent of any compliance program is to ensure that employees know what is expected

Originally published by the Journal of Commerce in January 2016

In the lead-up to President Obama signing into law on December 18, 2015 the Cybersecurity Act of 2015, Public Law. 114-113, there was hope that finally there would be a vehicle through which the federal government would be able to share broad ranges of supply

Originally published in January 2016

On December 18, 2015, President Obama signed into law the Cybersecurity Act of 2015. Beginning at Division N, Public Law 114-113 deals with cyber threats and includes the framework for the means and methods by which the private sector may submit such information to the government and by which the