European Data Protection Board Guidelines Clarify when Processing is an International Transfer under the GDPR
202112.02
0

European Data Protection Board Guidelines Clarify when Processing is an International Transfer under the GDPR

in Cross-Border Data Transfers, Data Security, GDPR

The European Data Protection Board (“EDPB”) has started a public consultation for new Guidelines. Although the Guidelines will not be legally binding, they do provide needed guidance regarding the interaction between GDPR art. 3 (addressing territorial scope of the GDPR) and chapter 5 (addressing transfers of personal data to third countries or international organizations).

Fey LLC Article on Nation State Hacking Published in Kansas Journal of Law & Public Policy
202110.19
0

Fey LLC Article on Nation State Hacking Published in Kansas Journal of Law & Public Policy

in Data Privacy, Data Security, Fey LLC News

The recent SolarWinds cyberattack, America’s “Cyber Pearl Harbor,” is a painful reminder of the vulnerability of government agencies, academia, for-profit corporations, and non-profit organizations to nation state cyberattacks.  Such cyberattacks against public and private sector organizations of all sizes are increasing in volume, sophistication, effectiveness, and covertness.  In their article America the Vulnerable: The Nation…

Newly Formed California Privacy Protection Agency Invites the Public to Comment on Proposed CPRA Rulemaking and Implementation
202110.09
0

Newly Formed California Privacy Protection Agency Invites the Public to Comment on Proposed CPRA Rulemaking and Implementation

in CPRA, Data Privacy, State Privacy Laws

On September 22, 2021, the newly formed California Privacy Protection Agency (“CalPPA”) released the Invitation for Preliminary Comments on Proposed Rulemaking Under the California Privacy Rights Act (“CPRA”) of 2020. CalPPA was established by the CPRA.  The CPRA provided CalPPA with full administrative power, authority, and jurisdiction to implement, enforce, and update the CPRA [1].

The New EU Standard Contractual Clauses Have Arrived: Next Steps for Compliance
202109.27
0

The New EU Standard Contractual Clauses Have Arrived: Next Steps for Compliance

in Cross-Border Data Transfers, Data Privacy, Data Security, GDPR

Starting today, the new EU standard contractual clauses (“SCCs”) officially replace the old SCCs for use as a GDPR-compliant transfer mechanism for EU personal data.  On June 4, 2021, the European Commission released its Implementing Decision on the final version of the new SCCs for the transfer of personal data to third countries.  The new…

Lessons Learned from the JBS and Kaseya Ransomware Attacks: 5 Preventative Steps to Help Avoid Becoming the Next Ransomware Victim
202108.06
0

Lessons Learned from the JBS and Kaseya Ransomware Attacks: 5 Preventative Steps to Help Avoid Becoming the Next Ransomware Victim

in Data Security

The “Meat” of the Issue On May 31, 2021, JBS Foods, the world’s largest meat supply, experienced a ransomware attack.  Then on July 2, 2021, along with other IT management companies, the major software supplier, Kaseya Ltd., also suffered a ransomware attack. These high-profile attacks signify the upward trend in the sophistication and frequency of…

Pegasus Spyware on Mobile Devices: Your Privacy and Security Risks
202107.21
0

Pegasus Spyware on Mobile Devices: Your Privacy and Security Risks

in Data Security

What Happened? Amnesty International, with assistance from Forbidden Stories, has uncovered a wave of “zero-click” and other spyware attacks that have compromised thousands of iPhones and Android mobile devices. These spyware attacks have targeted journalists, government officials, and activists across the globe, using Israeli technology firm NSO Group’s highly sophisticated and military-grade Pegasus spyware. While…

European Commission Deems the UK as an Adequate Jurisdiction
202106.28
0

European Commission Deems the UK as an Adequate Jurisdiction

in Cross-Border Data Transfers, Data Privacy, GDPR

On June 28, 2021, the European Union (“EU”) Commission (“European Commission”) adopted two adequacy decisions for cross-border data transfers from EU and EEA member states to the United Kingdom (UK) – one under the General Data Protection Regulation (GDPR) and the other for the Law Enforcement Directive. The European Commission found that the UK’s implementation of GDPR-based data…

Data Trans(Atlantic)fer: Enhanced EU-U.S. Privacy Shield Framework Negotiations Heating Up
202103.30
0

Data Trans(Atlantic)fer: Enhanced EU-U.S. Privacy Shield Framework Negotiations Heating Up

in Cross-Border Data Transfers, GDPR, Privacy Shield

On Thursday, March 25, 2021, U.S. Secretary of Commerce Gina Raimondo and European Commissioner for Justice Didier Reynders released a joint press statement regarding the intensifying negotiations on an “enhanced” EU-U.S. Privacy Shield framework to comply with the Schrems II decision.  The press release emphasized their “shared commitment to privacy, data protection and the rule…

Virginia Joins the Data Privacy Party: Introducing the VCDPA
202103.12
0

Virginia Joins the Data Privacy Party: Introducing the VCDPA

in State Privacy Laws

Proposed state data privacy laws are springing up across the country as states race to enact comprehensive data privacy laws and regulations. California passed the highly anticipated California Consumer Privacy Act (CCPA) in 2018.  This November, the state significantly amended the CCPA when state voters passed the California Privacy Rights Act (CPRA), which goes into…

Data Privacy Day 2021
202101.28
0

Data Privacy Day 2021

in CCPA, Data Privacy, Data Security, GDPR, Information Governance

Today is Data Privacy Day, an annual international event to raise awareness about the importance of safeguarding data and the promotion of data protection and privacy best practices.  In honor of Data Privacy Day, we are providing our followers with links to three of our most popular data protection and privacy checklists: