Data Privacy & Cybersecurity

Please join Greenberg Traurig U.S. Data, Privacy & Cybersecurity Practice Co-Chair David Zetoony and Food, Beverage & Agribusiness Practice Co-Chair Justin Prochnow for a discussion on current U.S. privacy laws impacting the food and beverage industries (CCPA), upcoming legal changes (CPRA/VCPDA), and emerging industry standards. The webinar will take place on Wednesday, Sept. 22 from

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, businesses must report the number of deletion requests that the business

On Thursday, Oct. 21, David A. Zetoony, Co-Chair of the U.S. Data Privacy and Cybersecurity practice, will present the webinar “New Colorado Privacy Law, Effective July 2023: What Attorneys Need to Know.” On July 7, 2021, Colorado officially became the third state to pass broad consumer privacy legislation when Gov. Jared Polis signed the

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, businesses must report the number of deletion requests received.1

Based

The past 12 months have seen an increase in cybersecurity attacks against major companies, placing data breaches on the front page of virtually every major newspaper. The U.S. government has taken notice. In May, the Biden administration issued an executive order requiring government agencies and certain government contractors to comply with cybersecurity requirements. In July,

Some privacy statutes explicitly reference “sensitive” or “special” categories of personal information. While such terms, when used, often include similar data types that are generally considered as raising greater privacy risks to data subjects if disclosed, the exact categories that fall under those rubrics differ between and among statutes. Furthermore, other privacy statutes do not

On June 10, 2021, the final version of Data Security Law (DSL) of the People’s Republic of China was published, and the DSL will take effect Sept. 1, 2021. Prior to the issuance of the final version, two drafts of the DSL were released to the public seeking comments, in July 2020 and

The Fourth of July is usually reserved for fireworks, and this year was no different. On July 2, 2021, Kaseya, a provider of IT and security-management solutions, announced that it was the target of a supply-chain ransomware attack by the REvil/Sodinokibi (REvil) organized ransomware group. Kaseya’s virtual systems/server administrator (VSA) is a server and cloud-based

The ISO 29100 privacy framework sets forth the following eleven core principles:

  1. Consent and choice
  2. Purpose legitimacy and specification
  3. Collection limitation
  4. Data minimization
  5. Use, retention and disclosure limitation
  6. Accuracy and quality
  7. Openness, transparency, and notice
  8. Individual participation and access
  9. Accountability
  10. Information security
  11. Privacy compliance

The ISO 27701 privacy framework is not explicitly organized using the

While theoretically an organization could adopt ISO 27701 as a separate standalone framework to apply to an organization’s privacy program, the framework was conceptualized as an extension of the ISO data security standards. As a result, it is organized based upon the assumption that an organization already has a security program that is built off