The Federal Rules of Civil Procedure, as well as state procedural rules, permit parties to a lawsuit to conduct discovery, in search of information and documents that may be relevant to the litigation. Parties can issue requests for documents, information (called interrogatories), and admissions of fact to other parties to the lawsuit; parties may use

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual Description and Implications
Background. Company A retains Company Z in Country Q to process personal data (e.g., collect personal data from data subjects). Company

Some modern data privacy statutes require organizations to consider and document privacy-related risks regarding certain types of processing activities. These assessments are sometimes referred to as “data protection assessments” or “data protection impact assessments” (generically a DPIA). DPIAs are intended to make an organization identify and weigh the benefits that may flow from processing personal

On Aug. 11, 2022, the U.S. Consumer Financial Protection Bureau issued guidance indicating that financial institutions and service providers that fail to adopt sufficient data security measures to protect consumer financial data may violate the Consumer Financial Protection Act provision prohibiting unfair acts and practices.

Click here to continue reading the full GT Alert.

On June 24, 2022, China’s National Information Security Standardization Technical Committee (commonly referred to as “TC260”) finalized the Technical Guideline on Personal Information Cross-Border Transfer Certification (Final Cert Guideline). Although the Final Cert Guideline largely remains the same as the draft version released this past April, which is described in our prior blog post, China

Several modern state data privacy statutes refer to precise geolocation information as a “sensitive” category of personal information. What constitutes precise geolocation information differs slightly between and among states. The following table provides a side-by-side comparison of the how the states have defined the term.

Click here for a side-by-side comparison of the how the

The Boston Patent Law Association’s Computer Law Committee is hosting the webinar “U.S. and EU Data Privacy Compliance in the Healthcare Space” Wednesday, June 29 at 12 p.m. EST. Greenberg Traurig Shareholder Gretchen A. Ramos, co-chair of the firm’s Global Data, Privacy & Cybersecurity Practice, will be a panelist on the webinar,

Some privacy statutes explicitly reference “sensitive” or “special” categories of personal information. While such terms, when used, often include similar data types that are generally considered as raising greater privacy risks to data subjects if disclosed, the exact categories that fall under those rubrics differ between and among statutes. Furthermore, other privacy statutes do not

The term “targeted advertising” is defined relatively consistently between and among modern U.S. data privacy statutes with the noticeable exception of California which deviates somewhat in the California Privacy Rights Act’s (CPRA) definition of the similar term “cross-context behavioral advertising” by omitting any reference to tracking a person over time, or making predictions about a

On April 29, 2022, China’s National Information Security Standardization Technical Committee (commonly referred to as “TC260”) released a draft Technical Guideline on Personal Information Cross-Border Transfer Certifications (Cert Guideline). While the Cert Guideline is still in draft form and thus subject to change, it provides some clarification regarding the certification process for cross-border transfers of