Cybersecurity and Privacy

The California Consumer Privacy Act (“CCPA”) took effect on January 1, 2020. In October 2019, the California Attorney General (“CA AG”) published proposed regulations. In the lead up to January 1, 2020, the CA AG repeatedly made the point that those subject to the CCPA should plan for compliance with its broad principals by the

In Part 1, see https://www.canada-usblog.com/2019/10/23/california-consumer-privacy-act-are-you-ready-part-1/, we summarized the recent legislative changes regarding the California Consumer Privacy Act (“CCPA”). Bearing in mind the CCPA takes effect on January 1, 2020 and the Attorney General is required to issue regulations by July 1, 2020, these regulations both meet that timeframe, but also seek to provide much-needed guidance

When the law was signed by then Governor Brown (see our prior Alert here), the expectation was that Attorney General Becerra would issue the enabling regulations by July of this year, which would allow a phase-in period. Then by January 1, 2020, the requirements would be clear and companies would be able to properly

In the last week, both the Dept. of Homeland Security and the Food and Drug Administration have issued a consumer alert about the potential hacking risk regarding cardiac devices, specifically because those devices have no encryption on their software. The devices in question are implantable cardiac devices, clinic programmers and home monitors which are used

Background

Title III of the Americans with Disabilities Act (“ADA”) mandates that public accommodation must be provided to disabled persons to allow for the “full and equal enjoyment” of the related privileges, goods, services, advantages and accommodations as those provided to able bodied persons.  The owner of any business is responsible for making sure those

Published originally by the Journal of Commerce in December 2018

When the General Data Protection Regulations (“GDPR”) took effect on May 25, 2018, American companies found themselves in a quandary. The language of the regulations was sufficiently broad to initially conclude that even if a company had no presence or operation in Europe, it would

In the September 18, 2017 Federal Register notice (see 82 FR 43556) , U.S. Citizenship and Immigration made clear it will now routinely require those applying to enter the U.S. to provide social media handles. As such, the obvious starting point for these tips must be a reminder that Customs and Border Protection (“CBP”) officers

Originally published by the Journal of Commerce in January 2017

The Senate Armed Services Committee hearing on January 5, 2017 was an opportunity to learn what the intelligence community determined regarding cyber-attacks related to the 2016 Presidential election.  For those of us having to deal with the potential consequences to our businesses, it was the

On April 13, 2016, the Article 29 Working Party took action which some found surprising and others predicted. It found the EU-U.S. Privacy Shield did not contain adequate protections and needs further improvement. The Working Party’s statement can be found at http://ec.europa.eu/justice/data-protection/article-29/press-material/press-release/art29_press_material/2016/press_release_shield_en.pdf.

While acknowledging the Privacy Shield contains “significant improvements” over the previous Safe Harbor,