Is Your Business Ready for the Most Stringent Privacy Law in the U.S.?

The California Consumer Privacy Act of 2018 (“CCPA”) creates new compliance obligations and operational challenges for companies doing business in California, effective January 1, 2020. Given the broad reach of the law, the CCPA may have significant impact on entities that collect and process personal data.

The CCPA grants California residents new rights regarding their personal information and imposes various data protection duties on certain entities conducting business in California. The CCPA is considered the most stringent privacy law in the United States. The Act’s requirements include, but are not limited to:

  • Disclosing data collection, data use and data sharing practices to consumers;
  • Complying with a consumer’s requests to opt-out

    Read More


Countdown to May 25, 2018: Are You Ready for GDPR?

By Elizabeth Hinson and Alexander P. Woollcott

On May 25, 2018, the General Data Protection Regulation (GDPR), the European Union’s new data privacy and protection law, goes into effect.   The most striking aspect of GDPR is that it applies not only inside the European Union but anywhere personal data of individuals located in the EU is being used or accessed.  If that does not catch your attention, the fines for non-compliance – up to 4% of global revenue – certainly should.

Even at this late date, many companies are not close to being in full compliance with GDPR.  This Article addresses some

Read More


TAG Southeastern Software Association: MegaTrends – Nov. 9th

November 9th, 2016
Data Security-Privacy

Join the TAG Southeastern Software Association and a panel of industry experts, including MMM’s Alex Woollcott, for the annual forum on the impact of emerging issues and trends in the software industry.

This conference will examine the two issues of the need for computer security versus the requirement to protect privacy of data and people’s information.

In today’s world, information security is a very significant issue technically and from

Read More


Brexit and EU Privacy

June 28th, 2016
Data Security-Privacy

By Paul Arne

The decision of the United Kingdom to leave the European Union certainly has raised a large number of questions about what things will look like both when and before the dust settles. One issue that will need to be resolved relates to personal privacy. After exit from the EU, will the UK’s laws related to privacy allow personal data to be sent from the EU to the UK? What will the UK require for data transfers to the U.S.?

Currently, protecting the privacy of personal information is mostly governed by the EU’s “Data Directive” (Directive 95/46/EC). 

Read More


Status of the EU-US Privacy Shield Framework

April 26th, 2016
Data Security-Privacy

The eagerly awaited successor to the defunct EU US Safe Harbor Framework for transfer of personal data of EU citizens into the United States was approved by regulators from the United States and the European Union (EU) on February 2, 2016.  The new framework, however, does not become effective until approved by the EU member states.

The new framework – known as the “EU-U.S. Privacy Shield Framework” — was designed by U.S. and EU regulators to provide a framework for transfer of personal data from the EU to the United States that supported transatlantic commerce while giving significantly stronger

Read More


European Court of Justice invalidates US-EU Safe Harbor program – How to continue transferring data in light of ruling

On October 6, 2015, the European Court of Justice (“ECJ”) invalidated the US-EU Safe Harbor Framework (“Safe Harbor”). This ruling will have far-reaching consequences. The Safe Harbor allowed U.S. companies to receive EU citizens’ personal data from the EU if the U.S. companies complied with the Safe Harbor requirements.  The Safe Harbor greatly facilitated the transfer of private personal data from the EU to the U.S. by avoiding the necessity of U.S. organizations having to comply with the much stricter EU Data Protection Directive and by allowing the U.S. Federal Trade Commission and Department of Transportation to enforce

Read More


Data Security & Corporate Governance: What Is The Individual Liability Of Officers & Directors?

by Larry Kunin, Partner and Chair of MMM Data Security & Breach Practice
     Brian Levy, Associate and Member of MMM Data Security & Breach Practice

A lot has been publicized regarding the need for data security, and the damages and tasks that face a company when a breach happens.  What about the individual liability officers and directors?   Do they face an individual legal obligation to ensure the data breach risks are at a minimum?  Do they face ultimate liability?

Officers and directors have a fiduciary duty to their corporations, including using competent business judgment, exercising good faith,

Read More


California Amends Data Security Breach Notification Law

February 12th, 2015
Data Security-Privacy

by Larry Kunin and Patrick McKenzie

Continuing a growing nationwide trend in adopting more stringent data breach laws, California recently amended its security breach notification law—California Civil Code Section 1798 et. seq.—effective January 1, 2015. While this law applies to companies doing business in California, companies in other states that have an office in California will also have to comply.  Minnesota and Florida also amended data security laws over the past several months in response to highly publicized data breaches such as the one involving Target.

The California security breach notification law requires persons or businesses that own

Read More


SEC Pushes Cybersecurity Awareness with OCIE Cybersecurity Initiative

On April 15, 2014, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert (the “Risk Alert”) pertaining to its initiative to assess cybersecurity preparedness in the securities industry. The OCIE willbe conducting examinations of more than 50 registered broker-dealers and registered investment

Cyber Security Updateadvisors, focusing on areas related to cybersecurity. This initiative is designed to assess cybersecurity preparedness in the securities industry and to obtain information about the cyber threats that have recently affected the industry. C-level executives, in-house counsel, security officers and risk management officers should

Read More


MMM Announces Data Security & Breach Practice

data security practiceAtlanta, April 8, 2014 – Morris, Manning & Martin, LLP has formed a Data Security & Breach Practice to address the myriad of legal issues companies and organizations face with respect to data privacy and security issues. The number of data breach incidents has increased exponentially in the past few years and promise to continue their upward trajectory. Given the costs associated with a data breach or cyber-attack, either in real dollars or in terms of reputational damage, companies need law firms with significant regulatory, risk management and

Read More