The EDPB releases guidelines to clarify a simple but surprisingly confusing question, “What is a data transfer under the GDPR?” In light of the new guidelines, businesses should review potential transfer activities and ensure that the proper transfer mechanisms are in place.
On November 17, 2021, the Department of Defense (DoD) published an advanced notice of proposed rulemaking in connection with announced changes to the Cybersecurity Maturity Model Certification (CMMC) for the defense industrial base, styled “CMMC 2.0.”
In a Notice of Inquiry, the FCC is requesting public comment in a proceeding that will help determine the scope and nature of regulation of the “Internet of Things” for the next several decades.
Personal information is one of the most valuable assets held by any organization. When dealing with employee benefits, the type of personal information managed is quite sensitive and, therefore, requires a heightened level of care and an increased value.
In Blackbaud Inc. Customer Data Security Breach Litigation, No. 3:20-mn-02972 (D.S.C. Aug. 12, 2021), a federal judge found that defendant, Blackbaud Inc. was subject to the CCPA despite its motion to dismiss asserting that it did not qualify as a “business” under the Act.
Schiff Hardin LLP is pleased to announce that Partner Adam Diederich has been named among Crain’s Chicago Business’ Notable Rising Stars in Law for 2021.
The Middle District of Pennsylvania recently rejected arguments that a report created in response to a data breach was protected as work-product and/or under attorney-client privilege because:
The Department of Labor (DOL) recently issued new guidance on best practices for maintaining cybersecurity in connection with ERISA plans (the Guidance).
Although the Connecticut legislature was not successful in passing a privacy law similar to those passed in California, Colorado and Virginia, on June 24, 2021, the “Act Incentivizing The Adoption Of Cybersecurity Standards For Businesses” (Public Act No. 21-119 ) (“Cybersecurity Standards Act”)
Colorado passes its own omnibus state privacy law. Although there are overlaps with the California and Virginia privacy laws, the Colorado Privacy Act has its own distinctions and variations, namely a longer cure period and an explicit ban on consent obtained through dark patterns.
Crippling data breaches and sophisticated ransomware attacks are increasingly common threats to modern businesses. Ransomware attacks can not only target confidential company data and data collected from customers but employee data as well.
The legislation updates the Children’s Online Privacy Protection Act (COPPA) by prohibiting internet companies from collecting personal information from anyone 13- to 15-years old without the user’s consent
In April 2021, the Second Circuit issued a decision recognizing an increased risk of future, unrealized identity theft or fraud as a basis for establishing Article III standing.
Join Jeff Blake, Managing Partner of Federal Compliance Solutions, Rick Moore, Managing Partner of Federal Compliance Solutions, and Stephanie Trunk, Health Care Partner at Arent Fox, for a Lunch & Learn
The California Consumer Privacy Act (CCPA) requires that the Attorney General establishes a recognizable and uniform opt-out logo or button to promote consumer awareness of the opportunity to opt-out of the sale of personal information.