Privacy & Security Law Blog
Cyber and National Security Resources
- Department of Justice’s Cybersecurity Unit: White papers and other documents
- Executive Order on Maintaining American Leadership in Artificial Intelligence (Feb 11, 2019)
- Executive Order Enhancing the Effectiveness of Agency Chief Information Officers (May 15, 2019)
- Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (May 11, 2017)
- GAO: Technology & Science Homepage
- NIST Cybersecurity Framework
- The Communications Security, Reliability and Interoperability Council
- U.S. Small Business Administration Cybersecurity site
- Homeland Security Cybersecurity
- Homeland Security: Cybersecurity and Infrastructure Security Agency (CISA)
- European Union
- Regulators and Authorities websites
In today’s world, where companies are collecting, using, and sharing personal information on an unprecedented scale, honoring consumers’ choices about how data is used and disclosed and securing personal data from unauthorized disclosure is critical. We have been pioneers in the dynamic area of privacy and security law, serving highly regulated industries, such as communications, healthcare and financial services, for decades. As privacy and information security requirements have evolved to extend beyond these historically regulated industries to apply to virtually every business organization, we have expanded our counseling to advise companies in other industry sectors, such as technology, media, entertainment, retail, advertising, and more.
Our core Privacy and Security team counsels clients regarding internal employee information, consumer-facing requirements associated with marketing and payments, protecting companies from cyber-attacks, cross-border data transfers, vendor management, due diligence in the context of mergers and acquisitions, and more.
This resource is intended to provide regular updates and commentary with respect to this multifaceted field, from a legal perspective. As detailed in the Disclaimer, we are not providing specific legal advice; for that, our firm can provide an array of legal services that may interest you. We hope to provide a one-stop source of important news and information about privacy and security for your perusal. Please bookmark us or subscribe to our RSS feed, and feel free to contact us if you have any comments or suggestions.
With its first-mover advantage and large economy, California is at the forefront of privacy legislation in the United States. As privacy laws are adopted in California, they become the de facto national standard and create legal pitfalls for businesses across the country.
The next evolution of California privacy law is the California Privacy Rights Act (CPRA), also known as Proposition 24, which transforms the short-lived California Consumer Privacy Act (CCPA) into a more holistic, but technically complicated, statute. Moreover, with the CPRA creating a new mandate for rulemaking, monitoring developments and operationalizing new obligations promises to be a constant task for the next two years and beyond.
California's evolving privacy law has been on our legal radar from the very start. DWT's Privacy and Security practice is laser-focused on giving you straightforward, actionable advice to help you comply and hopefully avoid costly litigation.
- Applies to California for-profit businesses that process the personal information of California residents and meet certain thresholds.
- Passed November 3, 2020, effective January 1, 2023. Enforcement begins on July 1, 2023. The CCPA and its implementing regulations remain in effect until January 1, 2023.
- Creates an entirely new regulatory agency, the California Privacy Protection Agency, which has concurrent enforcement authority with the California Attorney General. The CPRA's implementing regulations are scheduled to be finalized July 1, 2022.
- Requires businesses to implement reasonable security measures, minimize the personal information they process, and respond to an expanded set of consumer rights: access, deletion, and correction of personal information; limitation of the business's use of sensitive personal information; and opt out of "sale" or "sharing" of personal information.
- Maintains the CCPA's private right of action with statutory damages for victims of data breach involving personal information (as defined in California's data breach notification law) due to a business's failure to implement reasonable security.