On October 7, 2020, an organization named Global Privacy Control (“GPC”) issued a press release announcing an initiative to make a new “global privacy control” available to consumers as contemplated by the CCPA Regulations. As analyzed in prior advisories, the CCPA Regulations appear to revive the possibility for Do Not Track technology, albeit in the […]
Regulation
SEC Focused on Protecting Customer Accounts from Credential Stuffing Attacks
OCIE has released a risk alert regarding credential stuffing in the context of compliance with Regulation S-P and Regulation S-ID, and is encouraging firms to both (i) review and update their policies and procedures to address the risks associated with credential stuffing and (ii) consider proactive outreach to customers regarding measures taken to safeguard their […]
California Mandates COVID Exposure and Outbreak Reporting to Employees, Government Agencies
On Thursday, September 17, 2020, California Governor Gavin Newsom signed Assembly Bill 685 (“AB685”) into law. AB685 amends a number of portions of California’s Labor Code to address the COVID-19 pandemic. In addition to provisions that regulate reopening activities at California worksites, AB685 introduces two new COVID-related notification obligations for California employers: (1) a requirement […]
Final CCPA Regulations Approved, Effective Immediately
On Friday, August 14, 2020, the California Office of Administrative Law (OAL) approved the California Office of the Attorney General’s (OAG) Final CCPA Regulations (the “Regulations”) and filed them with California Secretary of State. The Regulations became effective immediately. The OAL-approved Regulations contain several modifications from prior versions. While many of the changes are purely […]
EDPB Guidance on the Schrems II Ruling: An Early Response to the Cry for Clarity
(This blog post summarizes Wim Nauwelaerts’ (Alston & Bird), Early EDPB Guidance in the Wake of Schrems II – Where E.U.-U.S. Data Transfers Are Headed, Cybersecurity Law Report, Aug. 5, 2020) On July 23, 2020, the European Data Protection Board (EDPB) adopted its first set of guidelines on the Schrems II judgment of the Court […]