Photo of Gretchen A. Ramos

Gretchen A. Ramos is Co-Chair of the Data, Privacy & Cybersecurity Practice and focuses her practice on privacy, cybersecurity, and information management. A creative problem-solver with a long track record of success in commercial disputes, she never loses sight of the simple fact that she works in a service industry. Clients appreciate not only her legal skills, but also her direct, no-nonsense approach to client service, including her bullet-pointed emails, snapshot executive summaries, and creativity in finding ways to streamline communications for in-house counsel with dozens of other projects—and little time—on their hands.

Gretchen’s clients come from diverse industries, including technology (SaaS), health care and life sciences, consumer products, manufacturing, academic institutions, and non-profits. She provides clients with practical business advice on compliance with state and federal U.S. laws, GDPR, APEC, and other global privacy laws in relation to their external and internal privacy and security procedures, product and app development, and advertising practices. Gretchen also regularly drafts and negotiates contracts concerning data-related vendors, assists clients in assessing privacy risks in corporate transactions, and provides guidance on and conducts privacy and security assessments. She has managed dozens of data breaches, and helps clients prepare for and immediately respond to security incidents and breaches.

On Nov. 22, 2019, the representatives of the EU member states rejected the Finnish Presidency’s proposed text for the ePrivacy Regulation, making the future of ePrivacy Regulation uncertain. The ePrivacy Regulation, which if adopted would be binding across all EU member states, will govern direct electronic marketing messages, cookies, and similar tracking technologies. The ePrivacy

On Nov. 5, California Congresswomen Anna G. Eshoo and Zoe Lofgren introduced the Online Privacy Act of 2019, H.R. 4978, to balance the actual needs of businesses with users’ fair privacy rights and expectations. The proposed privacy bill seeks for the United States to adopt many of the requirements of the California Consumer Privacy Act (CCPA), which is effective Jan. 1, 2020, and that exist under the EU’s General Data Protection Regulation (GDPR). Below is a brief summary of the main components of the Act. A copy of the Online Privacy Act can be found here, and a section-by-section analysis by the Congresswomen can be viewed here.
Continue Reading

On Oct. 10, the California Attorney General’s Office issued the California Consumer Privacy Act Proposed Regulations.  Stakeholders have until Dec. 6 to submit comments, and there will be four public hearings prior to that date. On the same day, the Attorney General’s Office also published the Initial Statement of Reasons describing the basis for each

On the heels of the California Attorney General’s release of the draft California Consumer Privacy Act (CCPA) Regulations, on Friday Gov. Newsom signed seven bills amending various provisions of the CCPA. The relevant amendments signed by the governor are described below. With less than three months before the CCPA becomes effective on January 1,

On Oct. 10, 2019, the California Attorney General’s Office issued the California Consumer Privacy Act Proposed Regulations. The proposed regulations focus on the following CCPA provisions:

  1. notice to consumers;
  2. business practices for handling requests;
  3. verification of requests;
  4. special rules regarding minors; and
  5. nondiscrimination.

Organizations will have until December 8 to submit comments on the

As state legislatures across the country adjourn for summer recess, privacy legislation has stalled in many states. Nevertheless, organizations should be aware of several developments on the horizon, including:

  • Nevada’s new opt-out law is effective October 1, 2019, less than six weeks from today;
  • California’s legislature is set to finalize proposed amendments to the California

On July 29, 2019, the Court of Justice of the European Union (CJEUfound that a website operator using a social media plugin is a joint controller with the social media company providing the plugin and can be held jointly liable in relation to such processing activities. Although the case was decided under

While businesses prepare to comply with the California Consumer Privacy Act (CCPA), Nevada has followed California’s lead and has amended its law to provide consumers with the right to opt-out of the “sale” of their personal information by website operators.

The amendment, SB 220, will take effect October 1, 2019, three months before the

On April 23, 2019, the California Assembly Privacy and Consumer Protection Committee voted to advance several key amendments to the California Consumer Privacy Act (CCPA), which are outlined below. If these amendments pass into law, they would limit the scope of the CCPA. For guidance on CCPA compliance or more information about these bills and