Regulation

New Privacy Browser Extension Released under CCPA Global Do Not Sell Rules

October 8, 2020 By Daniel Felz and Aaron Wasser

On October 7, 2020, an organization named Global Privacy Control (“GPC”) issued a press release announcing an initiative to make a new “global privacy control” available to consumers as contemplated by the CCPA Regulations. As analyzed in prior advisories, the CCPA Regulations appear to revive the possibility for Do Not Track technology, albeit in the […]

SEC Focused on Protecting Customer Accounts from Credential Stuffing Attacks

September 24, 2020 By Kate Hanniford

OCIE has released a risk alert regarding credential stuffing in the context of compliance with Regulation S-P and Regulation S-ID, and is encouraging firms to both (i) review and update their policies and procedures to address the risks associated with credential stuffing and (ii) consider proactive outreach to customers regarding measures taken to safeguard their […]

California Mandates COVID Exposure and Outbreak Reporting to Employees, Government Agencies

September 23, 2020 By Aaron Wasser and Daniel Felz

On Thursday, September 17, 2020, California Governor Gavin Newsom signed Assembly Bill 685 (“AB685”) into law. AB685 amends a number of portions of California’s Labor Code to address the COVID-19 pandemic. In addition to provisions that regulate reopening activities at California worksites, AB685 introduces two new COVID-related notification obligations for California employers: (1) a requirement […]

Final CCPA Regulations Approved, Effective Immediately

August 18, 2020 By Daniel Felz and Aaron Wasser

On Friday, August 14, 2020, the California Office of Administrative Law (OAL) approved the California Office of the Attorney General’s (OAG) Final CCPA Regulations (the “Regulations”) and filed them with California Secretary of State. The Regulations became effective immediately. The OAL-approved Regulations contain several modifications from prior versions. While many of the changes are purely […]

EDPB Guidance on the Schrems II Ruling: An Early Response to the Cry for Clarity

August 5, 2020 By Wim Nauwelaerts, Yung Shin Van Der Sype and Paul Greaves

(This blog post summarizes Wim Nauwelaerts’ (Alston & Bird), Early EDPB Guidance in the Wake of Schrems II – Where E.U.-U.S. Data Transfers Are Headed, Cybersecurity Law Report, Aug. 5, 2020) On July 23, 2020, the European Data Protection Board (EDPB) adopted its first set of guidelines on the Schrems II judgment of the Court […]