By now, most of us have participated in at least one videoconference from the comfort of our homes, be it for a work meeting, a fitness class, or a virtual happy hour with friends across the country. Easing the transition from business-as-usual to social distancing and sheltering-in-place, these video communications platforms and apps have no

There is no doubt that we are generating, processing, and transferring more data RIGHT NOW than we ever have before.  It is almost certain that our data generation, processing and transmission is many, many times that today than it was this same time last week—not to mention last month—because of “work-around” efforts due to the

The number of actions to enforce the European Union’s General Data Protection Regulation (GDPR) against a wide range of companies continues to rise.  Germany, a country where privacy enjoys strong legal protection, is establishing itself as a favorite jurisdiction for enforcement of the GDPR.  And, not surprisingly, Facebook is one of the companies in the

The California Attorney General recently released modified CCPA guidance.  While the modified guidance offers additional examples for CCPA compliance and clarifies certain obligations, several open issues and ambiguities still remain. Below are highlights of the changes, and note that written comments are due by February 25, 2020.

Definitions: The modified guidance specify the

“Reasonable” appears several times in the California Consumer Privacy Act (CCPA), and most notably in the section on the private right of action for a data breach resulting from “a business’s violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal

On February 3, 2020, Bernadette Barnes, a private resident of California (on behalf of herself and others similarly situated), brought the first data breach suit citing CCPA ever.  The suit named Hanna Andersson (company specializing in high end children’s apparel) and Salesforce.com (cloud technology service as a software (“SaaS”) company) as defendants, and brought claims

One notable difference between the California Consumer Privacy Act (CCPA) and Europe’s General Data Privacy Regulation (GDPR) is that only the latter provides the right for individuals to not be subjected to automated decision-making, including profiling, which has legal or other significant effects on that individual.

But, the CCPA still creates issues for covered entities