Tax-exempt organizations must become increasingly aware of the regulatory landscape in which they operate. In this ACC Docket article, Lakshmi Sarma-Ramani, a Member with our Washington D.C.-based team, provides an overview of state oversight areas that carry registration or reporting requirements.
U.S. companies handling the personal data of EU residents should now be familiar with the requirements of the General Data Protection Regulation (GDPR), the new data protection law covering all countries in the EU, which went into effect on May 25, 2018. News about the GDPR has been plentiful, including Outside GC’s own alerts. However, compliance with EU privacy laws does not end with this regulation. There are other EU legislations covering privacy matters outside of the GDPR, such as the E-Privacy Directive 2002/58/EC of 2002 (a/k/a the “Cookies Directive”) and the “national derogations” of individual EU member state laws which impose additional responsibilities for U.S. companies that use the personal data of its residents as part of their business activities.
New York legislators have recently taken significant steps towards strengthening the sexual harassment laws in both the state and New York City. Employers in these areas should familiarize themselves with the state’s and the city’s new legal requirements and begin immediately to prepare for compliance.
The future of the EU-U.S. Privacy Shield data-sharing arrangement is shaky at best. On June 12, 2018, a resolution was passed by the European Parliament’s Committee on Civil Liberties, Justice, and Home Affairs (LIBE) calling for the suspension of the Privacy Shield, unless the U.S. demonstrates full compliance with the requirements of the program by September 1, 2018. And today, following the recommendation of the LIBE, Parliament itself voted 303 to 223 (with 29 abstentions) in favor of suspension “unless the U.S. is fully compliant” by September 1st.
The European Parliament took this action in response to a number of recent data breaches affecting Privacy Shield Certified-U.S. companies, causing concern over the effectiveness of the regulatory oversight of the framework, as well as well as over the sufficiency of the Shield’s certification requirements which are designed to protect the personal data of EU residents. If suspended, certified U.S. companies will no longer be able to leverage the benefits afforded to them by the Privacy Shield, forcing them to find new compliance mechanisms by which to transfer data from the EU in order to satisfy the requirements of the GDPR.
Starting your own business can be a mammoth undertaking, especially when it comes to managing expenses while working (often tirelessly) to build momentum, and eventually, a revenue stream. Many new business owners grapple with the right time to hire an attorney. Although the thought of engaging an attorney from Day 1 may seem cost-prohibitive, it is a smart business decision even for the smallest companies. Of course, you’ll want a lawyer who is fairly-priced and efficient, and who has experience working with startups.
The Massachusetts Act to Establish Pay Equity (“MEPA”) takes effect on July 1, 2018. The goal of the new law is to reduce pay differentials among men and women doing comparable work. The penalties for violating the new law include back wages, benefits and other compensation, and attorney’s fees. For an overview of MEPA, please see Part I of this two-part series on MEPA.
Introductory note: In addition to my role as on-demand general counsel at Outside GC, I am also the co-founder of Public Safety Network, a new firm providing business and operational expertise to established and start-up companies entering the public safety tech market which has been recently accelerated by the creation of FirstNet, the independent government authority responsible for bringing the first nationwide prioritized broadband wireless network to public service professionals. In the below article, I've shared some key principles on how to empower your workforce. Not only have these principles defined my approach throughout my management career, but they continue to guide my experience as a member of Outside GC's team, and lie at the core of the legal and business advice I provide to all of my clients so as to maximize desired business outcomes. I hope you enjoy! Jason
Complying with the EU’s New Data Privacy Law
On May 25, 2018, the European Union (EU)'s General Data Protection Regulation (GDPR) comes into force, broadening the scope of privacy obligations for companies doing business in or with Europe. The GDPR applies to all businesses that collect and use personal information of EU residents, including organizations located outside the EU.
U.S. companies, including Data Processors in the United States, may be subject to the GDPR if they offer products or services to EU residents or if they monitor the behavior of such residents even if they do not have a physical presence in the EU.
