Is Your Business Ready for the Most Stringent Privacy Law in the U.S.? May 30th, 2019cybersecurity, Data Security-Privacy, Resources & Tools The California Consumer Privacy Act of 2018 (“CCPA”) creates new compliance obligations and operational challenges for companies doing business in California, effective January 1, 2020. Given the broad reach of the law, the CCPA may have significant impact on entities that collect and process personal data. The CCPA grants California residents new rights regarding their personal information and imposes various data protection duties on certain entities conducting business in California. The CCPA is considered the most stringent privacy law in the United States. The Act’s requirements include, but are not limited to: Disclosing data collection, data use and data sharing practices to consumers;Complying with a consumer’s requests to opt-out of Read More
Countdown to May 25, 2018: Are You Ready for GDPR? May 15th, 2018Data Security-Privacy, Recent Legal News, Tech Industry News data, GDPR, Privacy/Security, technology By Elizabeth Hinson and Alexander P. Woollcott On May 25, 2018, the General Data Protection Regulation (GDPR), the European Union’s new data privacy and protection law, goes into effect. The most striking aspect of GDPR is that it applies not only inside the European Union but anywhere personal data of individuals located in the EU is being used or accessed. If that does not catch your attention, the fines for non-compliance – up to 4% of global revenue – certainly should. Even at this late date, many companies are not close to being in full compliance with GDPR. This Article addresses some Read More
TAG Southeastern Software Association: MegaTrends – Nov. 9th November 9th, 2016Data Security-Privacy Events Join the TAG Southeastern Software Association and a panel of industry experts, including MMM’s Alex Woollcott, for the annual forum on the impact of emerging issues and trends in the software industry. This conference will examine the two issues of the need for computer security versus the requirement to protect privacy of data and people’s information.In today’s world, information security is a very significant issue technically and from Read More
Brexit and EU Privacy June 28th, 2016Data Security-Privacy By Paul Arne The decision of the United Kingdom to leave the European Union certainly has raised a large number of questions about what things will look like both when and before the dust settles. One issue that will need to be resolved relates to personal privacy. After exit from the EU, will the UK’s laws related to privacy allow personal data to be sent from the EU to the UK? What will the UK require for data transfers to the U.S.? Currently, protecting the privacy of personal information is mostly governed by the EU’s “Data Directive” (Directive 95/46/EC). Read More
Status of the EU-US Privacy Shield Framework April 26th, 2016Data Security-Privacy The eagerly awaited successor to the defunct EU US Safe Harbor Framework for transfer of personal data of EU citizens into the United States was approved by regulators from the United States and the European Union (EU) on February 2, 2016. The new framework, however, does not become effective until approved by the EU member states. The new framework – known as the “EU-U.S. Privacy Shield Framework” — was designed by U.S. and EU regulators to provide a framework for transfer of personal data from the EU to the United States that supported transatlantic commerce while giving significantly stronger Read More
European Court of Justice invalidates US-EU Safe Harbor program – How to continue transferring data in light of ruling October 8th, 2015Data Centers, Data Security-Privacy, International On October 6, 2015, the European Court of Justice (“ECJ”) invalidated the US-EU Safe Harbor Framework (“Safe Harbor”). This ruling will have far-reaching consequences. The Safe Harbor allowed U.S. companies to receive EU citizens’ personal data from the EU if the U.S. companies complied with the Safe Harbor requirements. The Safe Harbor greatly facilitated the transfer of private personal data from the EU to the U.S. by avoiding the necessity of U.S. organizations having to comply with the much stricter EU Data Protection Directive and by allowing the U.S. Federal Trade Commission and Department of Transportation to enforce Read More
Data Security & Corporate Governance: What Is The Individual Liability Of Officers & Directors? March 17th, 2015Data Centers, Data Security-Privacy Cybersecurity, Data Breach by Larry Kunin, Partner and Chair of MMM Data Security & Breach Practice Brian Levy, Associate and Member of MMM Data Security & Breach Practice A lot has been publicized regarding the need for data security, and the damages and tasks that face a company when a breach happens. What about the individual liability officers and directors? Do they face an individual legal obligation to ensure the data breach risks are at a minimum? Do they face ultimate liability? Officers and directors have a fiduciary duty to their corporations, including using competent business judgment, exercising good faith, Read More
California Amends Data Security Breach Notification Law February 12th, 2015Data Security-Privacy by Larry Kunin and Patrick McKenzie Continuing a growing nationwide trend in adopting more stringent data breach laws, California recently amended its security breach notification law—California Civil Code Section 1798 et. seq.—effective January 1, 2015. While this law applies to companies doing business in California, companies in other states that have an office in California will also have to comply. Minnesota and Florida also amended data security laws over the past several months in response to highly publicized data breaches such as the one involving Target. The California security breach notification law requires persons or businesses that own Read More
SEC Pushes Cybersecurity Awareness with OCIE Cybersecurity Initiative June 20th, 2014Data Security-Privacy MMM Articles On April 15, 2014, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert (the “Risk Alert”) pertaining to its initiative to assess cybersecurity preparedness in the securities industry. The OCIE willbe conducting examinations of more than 50 registered broker-dealers and registered investment advisors, focusing on areas related to cybersecurity. This initiative is designed to assess cybersecurity preparedness in the securities industry and to obtain information about the cyber threats that have recently affected the industry. C-level executives, in-house counsel, security officers and risk management officers should Read More
MMM Announces Data Security & Breach Practice April 9th, 2014Data Security-Privacy, Events & Associations Atlanta, April 8, 2014 – Morris, Manning & Martin, LLP has formed a Data Security & Breach Practice to address the myriad of legal issues companies and organizations face with respect to data privacy and security issues. The number of data breach incidents has increased exponentially in the past few years and promise to continue their upward trajectory. Given the costs associated with a data breach or cyber-attack, either in real dollars or in terms of reputational damage, companies need law firms with significant regulatory, risk management and Read More