The Federal Rules of Civil Procedure, as well as state procedural rules, permit parties to a lawsuit to conduct discovery, in search of information and documents that may be relevant to the litigation. Parties can issue requests for documents, information (called interrogatories), and admissions of fact to other parties to the lawsuit; parties may use

After Europe blazed the trail by passing the sweeping General Data Protection Regulation (“GDPR”) in 2016, California followed closely in the footsteps of European efforts by passing the most comprehensive data privacy law in the United States, the California Consumer Privacy Act (the “CCPA”). Effective January 1, 2020, the CCPA provided a number of obligations

GT Shareholders Gretchen A. Ramos and Darren Abernethy will lead a webinar hosted by the Association of Corporate Counsel titled “Website and Mobile App Compliance Under the CPRA and New State Privacy Laws Effective in 2023” Oct. 6 at 11 a.m. PDT.

Starting Jan. 1, 2023, the California Privacy Rights Act and the CPRA

GT Shareholder Timothy A. Butler will deliver a “Regulatory Roundup” during a meeting for industry members at the Money Transmitter Regulators Association (MTRA) 2022 Annual Conference in Fort Worth, Texas. The presentation, beginning Sept. 20 at 1:15 p.m., will address how money services businesses (MSBs) can comply with the ever-changing set of data privacy

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual Description and Implications
Background. Company A retains Company Z in Country Q to process personal data (e.g., collect personal data from data subjects). Company

Tim Butler, a shareholder in GT’s Data, Privacy & Cybersecurity Practice, participated in the 2022 LEND360 Conference in Chicago. Tim was a panelist on the presentation “Data Ownerships and Security,” including a breakout session titled “The Road Forward for Banks and Fintech,” on Sept. 14, 2022.

Amid new innovations in the

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual Description and Implications
  • Background. Company A transmits personal data to its processor Company Z, and then instructs its processor to onward transfer the personal

Some modern data privacy statutes require organizations to consider and document privacy-related risks regarding certain types of processing activities. These assessments are sometimes referred to as “data protection assessments” or “data protection impact assessments” (generically a DPIA). DPIAs are intended to make an organization identify and weigh the benefits that may flow from processing personal

Some modern data privacy statutes require organizations to consider and document privacy-related risks regarding certain types of processing activities. These assessments are sometimes referred to as “data protection assessments” or “data protection impact assessments” (generically a DPIA). For example, several state data privacy statutes mandate that a DPIA be conducted if an organization intends to

Recent developments from the ANPD provide insight into the path ahead.  

On July 7, 2022, Brazil’s National Data Protection Authority (ANPD) published its semiannual Regulatory Agenda Monitoring Report. This report updated the public on the current status of the ANPD’s regulatory agenda. With the comment period for regulations on international data transfers officially closing June