Supporters of Proposed California Consumer Privacy Act Submit Necessary Signatures for Ballot Inclusion

Earlier this month, supporters of a proposed California data privacy initiative known as The California Consumer Privacy Act of 2018 (the “Act”) announced that they had collected 625,000 signatures for the initiative’s inclusion in the state’s November ballot. The number of collected signatures well exceeds the 365,880 count necessary under state regulations for inclusion of a… Continue reading Supporters of Proposed California Consumer Privacy Act Submit Necessary Signatures for Ballot Inclusion

SEC Announces $35 Million Penalty for Yahoo Breach

The Securities and Exchange Commission today announced that Altaba, formerly known as Yahoo! Inc., agreed to pay a $35 million penalty arising out of a December 2014 data breach that affected hundreds of millions of user accounts. The SEC found that Yahoo misled investors by failing to report the data breach to the public until… Continue reading SEC Announces $35 Million Penalty for Yahoo Breach

GDPR Non-Compliance: Enforcement and Penalties

The GDPR sets out a new investigation and enforcement scheme for supervisory authorities that contains both enumerated and discretionary powers. Supervisory authorities will now possess broad investigative and enforcement powers, including the ability to issue penalties to data controllers and processors for non-compliance. Depending on the type of violation, these penalties can be severe. The… Continue reading GDPR Non-Compliance: Enforcement and Penalties

GDPR and the Privacy Shield

As we previously discussed, the GDPR sets forth new regulations governing the cross-border transfer of personal data. For U.S. companies that might fall within the GDPR’s scope, one particular concern regarding cross border data transfers is how the GDPR affects the applicability and enforcement of the EU–U.S. Data Privacy Shield, which is the current mechanism… Continue reading GDPR and the Privacy Shield

The GDPR and Special Category Data

The GDPR articulates certain principles governing the processing of personal data, which is broadly defined to include any information that can be used to directly or indirectly identify a particular person. Beyond these general provisions however, the GDPR, like its predecessor the Data Protection Directive, enumerates certain restrictions and requirements for the processing of certain… Continue reading The GDPR and Special Category Data

The GDPR’s Territorial Scope

The GDPR represents a complete overhaul to the EU’s current privacy framework. The GDPR is intended to have broader and more comprehensive rules regarding the processing, use, and storage of personal data than the EU’s prior Data Protection Directive 95/46/EC. More importantly, unlike the Data Protection Directive the GDPR will not require transposition into legislation… Continue reading The GDPR’s Territorial Scope

The DOJ Announces the Creation of a New Cybersecurity Task Force

On Tuesday, Attorney General Jeff Sessions announced that the Department of Justice would create a “Cyber-Digital Task Force” designed to investigate and identify ongoing global cybersecurity threats. According to a press release issued by the Justice Department, the proposed task force would prioritize its efforts on specific areas of cybersecurity risk, including efforts to interfere… Continue reading The DOJ Announces the Creation of a New Cybersecurity Task Force