logo-small.png
- BLOG -

Headquarters

501 Boylston Street, 10th Floor

Boston, MA 02116

(617)-737-5000

info@outsidegc.com

ON-DEMAND INSIGHTS

Understanding the CCPA: Key Provisions and Readiness Checklist

Understanding the CCPA: Key Provisions and Readiness Checklist

November 4, 2019 at 8:15 AM - compliance,

A first of its kind in the U.S., the California Consumer Privacy Act of 2018 (CCPA) is shaping up to be one of the most ambitious privacy legislations in the world; and with 17 additional states so far following its lead, data privacy protection is finally having its day in the United States. Effective January 1, 2020, the CCPA will become enforceable as early as next spring. More specifically, the Act will be enforced on the earlier of either July 1, 2020 or 6 months from the date of issuance of the final regulations, following the California Attorney General’s enforcement guidelines (expected mid-September).

Continue Reading
New York's SHIELD Act Bolsters Data Security

New York's SHIELD Act Bolsters Data Security

September 5, 2019 at 11:26 AM - personal data,

It didn’t take long for other states to follow California’s lead in pursuing rigorous data privacy protections for their residents. Although New York was unsuccessful in passing its own version of the California Consumer Protection Act (CCPA) this year, legislation expanding data breach notification protocols was signed into law by Governor Andrew Cuomo on July 25, 2019¹. The SHIELD Act (the Stop Hacks and Improve Electronic Data Security Act) signals a growing trend in the U.S. toward strengthening data privacy protections in the wake of high-profile data breaches through the adoption of more comprehensive and enforceable regulations.

Continue Reading
Reading the Tea Leaves: What Do GDPR Enforcement Efforts Tell Us?

Reading the Tea Leaves: What Do GDPR Enforcement Efforts Tell Us?

May 10, 2019 at 3:47 PM - compliance,

Despite the global angst preceding the GDRP’s effective date, there’s been seemingly little news about enforcement efforts against noncompliant businesses. But, the reality is that EU regulators have been very busy working behind the scenes. As of February, 2019, nearly 100,000 claims under the GDPR have been lodged with EU national data protection authorities (“DPAs”), many relating to telemarketing and promotional e-mails. Similarly, just over 40,000 data breaches were reported to the DPAs; and 255 investigations into EU cross-border processing activities were initiated, mostly as a result of complaints filed by individuals.

Continue Reading
GDPR National Derogations: The Next Phase of EU Privacy Compliance

GDPR National Derogations: The Next Phase of EU Privacy Compliance

July 24, 2018 at 4:29 PM - EU Laws,

U.S. companies handling the personal data of EU residents should now be familiar with the requirements of the General Data Protection Regulation (GDPR), the new data protection law covering all countries in the EU, which went into effect on May 25, 2018. News about the GDPR has been plentiful, including Outside GC’s own alerts. However, compliance with EU privacy laws does not end with this regulation. There are other EU legislations covering privacy matters outside of the GDPR, such as the E-Privacy Directive 2002/58/EC of 2002 (a/k/a the “Cookies Directive”) and the “national derogations” of individual EU member state laws which impose additional responsibilities for U.S. companies that use the personal data of its residents as part of their business activities.

Continue Reading
The Likely Demise of the EU-U.S. Privacy Shield & Its Impact on U.S. Companies

The Likely Demise of the EU-U.S. Privacy Shield & Its Impact on U.S. Companies

July 5, 2018 at 2:58 PM - compliance,

The future of the EU-U.S. Privacy Shield data-sharing arrangement is shaky at best. On June 12, 2018, a resolution was passed by the European Parliament’s Committee on Civil Liberties, Justice, and Home Affairs (LIBE) calling for the suspension of the Privacy Shield, unless the U.S. demonstrates full compliance with the requirements of the program by September 1, 2018. And today, following the recommendation of the LIBE, Parliament itself voted 303 to 223 (with 29 abstentions) in favor of suspension “unless the U.S. is fully compliant” by September 1st.

The European Parliament took this action in response to a number of recent data breaches affecting Privacy Shield Certified-U.S. companies, causing concern over the effectiveness of the regulatory oversight of the framework, as well as well as over the sufficiency of the Shield’s certification requirements which are designed to protect the personal data of EU residents. If suspended, certified U.S. companies will no longer be able to leverage the benefits afforded to them by the Privacy Shield, forcing them to find new compliance mechanisms by which to transfer data from the EU in order to satisfy the requirements of the GDPR.

Continue Reading

Subscribe to our Blog

Popular Posts

   
Outside GC is an innovative approach to legal services for growing and mature businesses. Companies who engage Outside GC fall into two main categories: (1) those without in-house counsel who need regular, on-going legal support but do not wish to hire a full-time in-house lawyer, and (2) those with in-house counsel who do not wish to add more full-time resources to their existing in-house staff. Contact us to speak to one of our on-demand attorneys.