Data Privacy
Subscribe to Data Privacy's Posts

Privacy Considerations for COVID-19 Digital Contact Tracing

Generally, contact tracing refers to an effort by public health officials to identify individuals with whom a patient who has tested positive for an infectious disease has been in close proximity. Public health officials will inform these individuals that they were exposed to a contagious patient and encourage them to monitor their symptoms and quarantine for a period of time. In response to COVID-19, governments around the world have explored using digital contact tracing, by which smartphone users download an application (app) to enable public health officials to track infected individuals’ contacts. In addition, private sector companies are exploring how digital technologies can be used for contact tracing on employees as they reenter the workplace. Click here to read the full article, and many more in our latest International News: Focus on Global Privacy and Cybersecurity.

Continue Reading

Uber Criminal Complaint Raises the Stakes for Breach Response

On August 20, 2020, a criminal complaint was filed charging Joseph Sullivan, Uber's former chief security officer, with obstruction of justice and misprision of a felony in connection with an alleged attempted cover-up of a 2016 data breach. These are serious charges for which Mr. Sullivan has the presumption of innocence. At the time of the 2016 data breach, Uber was being investigated by the US Federal Trade Commission (FTC) in connection with a prior data breach that occurred in 2014. According to the complaint, the hackers behind the 2016 breach stole a database containing the personal information of about 57 million Uber users and drivers. The hackers contacted Uber to inform the company of the attack and demanded payment in return for their silence. According to the complaint, Uber's response was to attempt to recast the breach as a legitimate event under Uber's "bug bounty" program and pay a bounty. An affidavit submitted with the complaint portrays a...

Continue Reading

The Toughest Problem Set: Navigating Regulatory and Operational Challenges on University Campuses

When the academic year ended in the spring of 2020, many US university students assumed that a return to campus would be straightforward this fall. However, it is now clear—at least in the near term—that a return to the old “normal” will not be possible. Some universities have concluded that their best course of action is to offer only distanced learning for the time being. Other universities, however, are welcoming students back onto campus, and into residence and dining halls, classrooms, labs and libraries. Each of those universities is developing its own approach to retain the benefits of on-campus student life while reducing risk to the greatest extent possible; nevertheless, some have had to adjust their plans to pivot to remote learning when faced with clusters of positive cases on campus. One thing is clear: The fall semester will be a real-time, national learning laboratory. Because widespread, rapid testing remains unavailable in many locations,...

Continue Reading

Schrems II Special Report: What Does the CJEU’s Decision Mean for Transfers From the EEA to the US?

For our Schrems II Practical Guidance special report, members of McDermott’s internationally recognized Global Privacy & Cybersecurity group have outlined practical guidance and next steps to ensure your business is prepared for what’s next following the final ruling in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems. As your organization navigates the post-Schrems II landscape following the CJEU’s recent decision, consider McDermott your first point of call. We have deep experience advising global clients on compliance with the complex array of privacy and cybersecurity obligations affecting data that crosses borders or relates to foreign employees and individuals. Practical Guidance for Businesses (US Edition) Practical Guidance for Businesses (Global – EEA/UK Edition)

Continue Reading

Key Issues We’re Tracking as CCPA Enforcement Nears

Although 2020 has already provided more than its share of surprises for businesses, one thing appears to remain unchanged: the California attorney general’s commitment to enforcing the California Consumer Privacy Act beginning July 1, 2020. As companies work to ensure compliance with this legislation, we explore several key issues. No one will disagree that a lot has happened since the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. Despite the Coronavirus (COVID-19) pandemic, the invasion of murder hornets and a number of other not-entirely pleasant surprises that 2020 has brought us thus far, it appears that the California attorney general is still committed to enforcing the CCPA starting on July 1, 2020. As your business prepares for CCPA enforcement, there are a number of issues to keep in mind: 1. The CCPA regulations still have not been finalized and are unlikely to take effect until October 2020. The attorney general’s...

Continue Reading

Importance of CCPA Compliance Highlighted by First Round of Private Actions

The first wave of California Consumer Privacy Act litigation has begun to roll in, and the complaints are already raising interesting questions about the scope of CCPA’s private right of action. The actions assert a variety of claims under numerous theories and present a broad range of potential risks to businesses subject to CCPA. In light of the many questions that surround CCPA’s private right of action, the extent of possible liability from private litigation is still largely unknown and potentially significant. The first wave of private lawsuits filed under the California Consumer Privacy Act (CCPA) has begun to roll in, and the complaints are already raising interesting questions about the scope of CCPA’s private right of action. The recent explosion in popularity of video conferencing and social media software in response to the COVID-19 pandemic—and the technical issues some of these products have experienced—has inspired its own wave of litigation,...

Continue Reading

New California Privacy Ballot Initiative Would Expand the CCPA

A proposed ballot initiative in California known as the California Privacy Rights Act, which is likely to pass if placed on the 2020 ballot, would both clarify and expand the existing California Consumer Privacy Act. Companies doing business in the state should closely monitor these developments and prepare for compliance, as we outline in this article. A California ballot initiative known as the California Privacy Rights Act (CPRA) would clarify and expand the California Consumer Privacy Act (CCPA), granting significant new rights to consumers and imposing additional liability risks on companies doing business in the state. The CPRA is an update to the California Privacy Rights and Enforcement Act (CPREA) ballot initiative, which was proposed in late 2019 by the Californians for Consumer Privacy, which also sought to broadly amend and prevent changes to the CCPA that would undermine its consumer protections. The proposed ballot initiative, submitted by the...

Continue Reading

Public Backlash Calls Use of Facial Recognition Systems into Question

In recent weeks and months, legal and technical issues related to use of facial recognition systems in the United States have received national attention, including concerns that the technology lacks accuracy in identifying non-white individuals and that its widespread use by police departments may play a role in racially discriminatory policing. Privacy considerations will play a key role in the ongoing debate over the future of facial recognition technology. Facial recognition systems (FRS) are automated or semi-automated technologies that analyze an individual’s features by extracting facial patterns from video or still images. FRS use attributes or features of an individual’s face to create data that can be used for the unique personal identification of a specific individual. FRS use has grown exponentially in recent years. In addition to widespread adoption by law enforcement agencies, FRS are also frequently used in retail, banking and security sectors,...

Continue Reading

Future Forward: Data Arrangements During and After COVID-19

The need for speedy and more complete access to data is instrumental for healthcare providers, researchers, pharmaceutical, biotech and device companies and public health authorities as they work to quickly identify infection rates, disease trends, outcomes, including antibodies, and opportunities for treatments and vaccines for COVID-19. A variety of data sharing and collaborations have emerged in the wake of this crisis, such as: Requests and mandates by public health authorities, either directly or via providers’ business associates requesting real time information on infections and bed and equipment availability Data sharing collaborations among providers for planning, anticipating and tracking COVID-19 caseloads Data sharing among providers, professional societies and pharmaceutical, biotech and medical device companies in search of testing options, treatment and vaccine solutions, and evaluation of co-morbidities CLICK HERE TO VIEW THE FULL...

Continue Reading

Washington State Takes the Lead in CCPA Copycat Legislation Race, Trends Emerge

Since the California Consumer Privacy Act (CCPA) took effect on January 1, 2020, “copycat” legislation has been introduced at a dizzying pace by state legislatures across the country. Taking their cues from CCPA, at last count 16 states have borrowed language from California’s watershed law regarding consumer notices, data subject rights requests, and definitions of “personal information, “sale” of data and other key items. The likely intent is to provide equal (or, in some cases, greater) protections to the residents of their states. As a practical matter, however, none of the proposed laws is identical to CCPA (nor to each other); some look to the EU General Data Protection Regulation (GDPR), and each takes a complex approach that requires careful reading. The proposed Washington Privacy Act (SB 6281) has been touted as the most comprehensive data protection law in the United States and combines elements of CCPA and GDPR, adding specific protections for...

Continue Reading

STAY CONNECTED

TOPICS

ARCHIVES