Photo of Kate Black

Kate Black’s practice focuses on data privacy, information protection, and commercial transactions in consumer technology, digital health, life sciences, and genetics. Kate provides companies with comprehensive, practical strategies for meeting their regulatory obligations while building and maintaining public trust and advancing innovative and emerging models of health care research and delivery. She’s managed every aspect of global privacy programs, including supervising privacy assessments, providing product strategy and counseling, managing complex vendor and partner agreements, and overseeing security policy audits for leading health technology companies. She regularly advises on proposed regulatory and legislative changes that will impact the health technology environment and has been a featured speaker and frequent lecturer on data privacy and cybersecurity, data analytics, digital health, mobile medical applications, and privacy issues related to genetic and health research.

Prior to joining the firm, Kate served as 23andMe’s first Global Privacy Officer in Mountain View, CA and worked in the Office of Policy and Planning in the Office of the National Coordinator for Health IT in the U.S. Department of Health and Human Services in Washington, D.C.

Notwithstanding a two-month-long pandemic shutdown, a wave of new legislation has flooded the halls of the California legislature, including four discreet privacy-related bills, each with different objectives and consequences. Upon the closing of the signature period, Gov. Newsom signed only two of the bills into law, vetoing the other two.

Read the full GT Alert,

On Aug. 30, 2020, the California legislature passed Assembly Bill 1281 (AB-1281), which would extend the exemptions for “employee” information and business-to-business (B2B) transactions from its original expiration date of Jan. 1, 2021, to Jan. 1, 2022, if approved by the governor.

Read the full GT Alert, “Extension to CCPA’s Employment and

In a major plot twist over the last few days, Brazil’s new General Data Protection Law (Lei Geral de Proteção de Dados Pessoais) – Law No. 13,709/2018 (LGPD) will take effect in two short weeks, after a last-minute decision not to delay its rollout.

The Background: A Very Brief Overview of the LGPD

The LGPD is similar to the EU’s General Data Protection Regulation (GDPR), applying data protection obligations to companies processing personal data regarding Brazilian residents. Among other requirements, the LGPD requires certain legal bases for processing data and provides Brazilian residents with many enumerated rights over their personal data. For a helpful overview of the LGPD’s provisions, including the individual rights, legal bases for processing, and sanctions as enumerated in the legislation, see GT Alert, 6 Months Until Brazil’s LGPD Takes Effect – Are You Ready?
Continue Reading Brazil’s Data Protection Law Will Be Effective After All, But Enforcement Provisions Delayed Until August 2021

On August 14, 2020, the California Attorney General (AG) announced that the Office of Administrative Law (OAL) approved the California Consumer Privacy Act (CCPA) regulations, which will take effect immediately. The OAL’s approval concludes the expedited review process requested by the AG on June 1. For more information on the review process, see GT’s June

As the way we work, consume, travel, and interact has changed due to Coronavirus Disease 2019 (COVID-19), so too has the way our children learn and play changed. Millions of children (and families) affected by the closures of in-person schools, day cares, athletics, summer camps, and other kids programming now rely on home computers and

The Court of Justice of the European Union (CJEU) declares invalid a decision of the European Commission which attested that the EU-U.S. Privacy Shield provided adequate protection to personal data transferred from the EU to the U.S., if the receiving party had self-certified its adherence to the Privacy Shield Principles. At the same time, the

On June 24, the California Secretary of State announced that the California Privacy Rights Act (CPRA) has qualified as a statewide ballot initiative to be listed on this November’s General Election ballot.

The announcement follows official confirmation that the nonprofit group behind the ballot initiative, Californians for Consumer Privacy, obtained in excess of the 623,212

While many companies across the United States transition to remote working, scammers are taking this opportunity to target vulnerable and unsuspecting employees. Some emails and websites promising information about keeping safe from, and offering resources for, the Coronavirus Disease 2019 (COVID-19) pandemic have turned out to be scams that push malware, ransomware, and disinformation, or

In August 2018, Brazil took a significant step by passing comprehensive data protection legislation: the General Data Protection Law (Lei Geral de Proteção de Dados Pessoais – Law No. 13,709/2018, as amended) (LGPD). The substantive part of the legislation takes effect August 16, 2020, leaving fewer than six short months for companies to prepare.

On February 7, 2020, the California Attorney General’s Office (OAG) issued proposed changes to the California Consumer Privacy Act Regulations (Modified Regulations), which were originally issued on October 11, 2019. Organizations have until February 24 to submit written comments on the proposed changes to the regulations implementing the CCPA.

Key Changes

Some of the major