Data Privacy & Cybersecurity

After Europe blazed the trail by passing the sweeping General Data Protection Regulation (“GDPR”) in 2016, California followed closely in the footsteps of European efforts by passing the most comprehensive data privacy law in the United States, the California Consumer Privacy Act (the “CCPA”). Effective January 1, 2020, the CCPA provided a number of obligations

Join Greenberg Traurig’s Data, Privacy & Cybersecurity Practice for an interactive CLE symposium in Chicago on Wednesday, October 12. Attendees will hear from GT team members and industry peers on a variety of new privacy, cybersecurity, and tech issues. Speakers will also provide timely and practical tips for addressing these issues, with particular emphasis

GT Shareholders Gretchen A. Ramos and Darren Abernethy will lead a webinar hosted by the Association of Corporate Counsel titled “Website and Mobile App Compliance Under the CPRA and New State Privacy Laws Effective in 2023” Oct. 6 at 11 a.m. PDT.

Starting Jan. 1, 2023, the California Privacy Rights Act and the CPRA

GT Shareholder Timothy A. Butler will deliver a “Regulatory Roundup” during a meeting for industry members at the Money Transmitter Regulators Association (MTRA) 2022 Annual Conference in Fort Worth, Texas. The presentation, beginning Sept. 20 at 1:15 p.m., will address how money services businesses (MSBs) can comply with the ever-changing set of data privacy

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual Description and Implications
Background. Company A retains Company Z in Country Q to process personal data (e.g., collect personal data from data subjects). Company

Tim Butler, a shareholder in GT’s Data, Privacy & Cybersecurity Practice, participated in the 2022 LEND360 Conference in Chicago. Tim was a panelist on the presentation “Data Ownerships and Security,” including a breakout session titled “The Road Forward for Banks and Fintech,” on Sept. 14, 2022.

Amid new innovations in the

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual Description and Implications
  • Background. Company A transmits personal data to its processor Company Z, and then instructs its processor to onward transfer the personal

Some modern data privacy statutes require organizations to consider and document privacy-related risks regarding certain types of processing activities. These assessments are sometimes referred to as “data protection assessments” or “data protection impact assessments” (generically a DPIA). DPIAs are intended to make an organization identify and weigh the benefits that may flow from processing personal

Some modern data privacy statutes require organizations to consider and document privacy-related risks regarding certain types of processing activities. These assessments are sometimes referred to as “data protection assessments” or “data protection impact assessments” (generically a DPIA). For example, several state data privacy statutes mandate that a DPIA be conducted if an organization intends to

Some modern data privacy statutes mandate that organizations allow third parties – who are authorized by a data subject – to submit access, deletion, correction, or other requests on behalf of a consumer. Such third parties are sometimes referred to as “authorized agents” – a term created by the regulations implementing the CCPA. The following