Data Breach: Is Your Forensic Report Privileged?

Laptop Data TransferA financial institution has asked a Virginia federal court to overturn a magistrate judge’s order to disclose its forensic report, detailing its 2019 data breach.  If your company experiences a data breach, it is imperative to immediately retain outside counsel who understands the nuances of cybersecurity events and attorney work product privileges.  Here we provide the following practical takeaways: Continue Reading

Complimentary Webinar: Privacy and Employee Surveys in Germany

Maintaining a positive and productive work environment helps retain valued employees and aids in recruiting new talent, ultimately saving costs and providing an advantage over competitors. To monitor employee satisfaction organizations are increasingly turning to conducting workplace surveys.

On June 16, 2020 at 4:00p CEST  Annette Demmel and Tarek Hajj-Khalil of our Data Privacy & Cybersecurity team will discuss what companies should consider when implementing and conducting employee surveys in order to be in line with applicable data protection laws, in particular the GDPR.

They will explain the different legal bases for acquiring employee feedback; which information has to be given to the employees prior or during a survey; what needs to be taken into account when survey results are being evaluated; as well as how to avoid unnecessary risks in this context.

Additional information and registration is available here.

1.0 hour CLE available for CA, NJ and NY

1.0 hour CPE (IAPP).

California Attorney General Submits Final Proposed Regulations and Accompanying Materials

CCPA-California-Consumer-Privacy-ActAfter months of waiting, on June 1, 2020, the California Office of the Attorney General (“AG”) unveiled the final proposed California Consumer Privacy Act (“CCPA”) regulations, which are unchanged from the last version circulated in early March 2020 (summarized here).  The AG also published extensive materials, including more than 500 pages of responses to public comments, that provide a wealth of (non-binding) guidance on tricky issues.  Finally, the AG requested the Office of Administrative Law to expedite its review to make the regulations effective July 1, 2020, but it is unclear whether that will occur. Continue Reading

EU and National Guidance and Approaches to Contact Tracing Apps

In considering methods to relax the COVID-19 lockdown measures and revive the economy, while at the same time containing the spread of the virus, the EU and national EU governments have been actively pursuing the development and use of contact tracing apps.

To be effective, any contact tracing app would require the majority of the population to use it. Of course, there are reservations about the overall benefit of such an app as a means of responding to the COVID-19 crisis (among others because it may lead to false positives or negatives, the technology may be unable to distinguish between people in crowded places, as well as because of the possible abuse of the data). Continue Reading

COVID-19: Key Privacy Concerns Raised by the UK’s “Back-to-Work” COVID-19 Safety Measures

Consulting helpAs businesses in the UK begin to re-open, as the lockdown lifts, they must ensure that they have effective measures in place to combat the spread of the virus within their workplace. This may include physical measures, such as the use of personal protective equipment and restructuring the office or site to enable social distancing. It may also include measures such as the use of temperature testing or thermal imaging cameras, rolling out a ‘track and trace’ app to employees or testing employees for the virus, all of which raise data privacy issues, as they involve the processing of ‘personal data’, which is governed by strict data protection laws. Continue Reading

EasyJet Cyber-Attack: How to Avoid an Easy Hack

Padlock on PaperworkA cyber-attack on budget airline EasyJet that has resulted in the exposure of the email addresses and flight details of 9 million of its customers and the credit card details of 2,208 of them is a reminder to all of the vulnerabilities, risks and obligations in relation to personal data.

Two years on from the General Data Protection Regulation (GDPR), Data Protection Act 2018 (DPA), and the Network and Information Systems Regulations 2018 (NIS) coming into force, there is an expectation that cybersecurity programmes exist in organisations to protect data.  Implementation of programmes that adequately protect against potential attackers and ensure compliance with the GDPR, DPA and NIS remains a key challenge faced by businesses operating in the UK and beyond. Continue Reading

Use of Digital Health Passports in the Live Entertainment Industry

If you are interested in learning more about the data privacy issues associated with digital health passports in the live entertainment sector, please read, Francesca Fellowes and Emma Yaltaghian’s post,  Are Digital Health Passports the Key to Unlocking UK Stadiums? The data privacy perspective, published in our sister blog, Sports Shorts.