What types of documents, policies, procedures, and protocols should service providers consider putting in place to comply with the CCPA?

The written policies and procedures that service providers put into place to assist in their compliance with the CCPA differ depending upon several factors including the size of the service provider, the quantity of personal

Greenberg Traurig is sponsoring the ACC’s 2022 Cybersecurity Summit, taking place March 8-10, 2022.

On March 9, Shareholder Gretchen A. Ramos, co-chair of the firm’s Global Data, Privacy & Cybersecurity Practice, will deliver the keynote session, “New Global Data Protection Laws.” The session will cover new privacy laws, structuring compliance efforts, obtaining

It depends on the purpose for which a TIA is created. It is unlikely that the attorney-client privilege would apply to a TIA that is created, and used, to satisfy the requirements of the Standard Contractual Clauses (SCCs).

The attorney-client privilege in the United States refers to a judicially recognized ability for a client to

Modern privacy laws contain different definitions for the term “consent,” and different standards for when consent will, and will not, be effective.

In Europe, the right of an individual to withdraw consent for the processing of their personal data has become near axiomatic and is often referred to by Member State supervisory authorities. The right

David A. Zetoony, a shareholder of global law firm Greenberg Traurig, LLP, is recognized as a 2021 “Go-To Thought Leader” for Privacy Law by The National Law Review (NLR). This recognition is based on NLR’s analysis of more than 20,000 pieces of thought leadership.

According to NLR, a database of legal

2022 is poised to be a busy year for privacy, as California begins rulemaking for its updated consumer privacy statute and dozens of states are expected to reintroduce legislation. GT Data, Privacy & Cybersecurity Global Co-Chair Gretchen A. Ramos is quoted in this Jan. 3 Bloomberg Law article. Click here to read the full article

Global Privacy Control, a way for consumers to signal privacy preferences to a host of websites without manually reaching out to each one, is gaining traction. It is unclear if it can be used as a legal compliance mechanism. GT Shareholder Darren Abernethy is quoted in this article on Global Privacy Control and privacy laws

It depends.

While most modern data privacy statutes allow individuals to request access to the personal information held by an organization about the individual, they do not confer upon individuals a right to understand how or why a business has made decisions about them. That said, one privacy statute – the California Privacy Rights Act

No.

Modern state privacy statutes in the United States (set to go into effect in 2023) and European privacy regulations adopt a similar definition of “profiling,” which occurs when three elements are met:

  1. An activity must involve “an automated form of processing;”
  2. An activity must be “carried out on personal data;”
  3. The objective of

No.

Within the United States organizations will only be required to conduct data protection assessments under the Virginia Consumer Data Protection Act (VCDPA) and the Colorado Privacy Act (CPA) beginning in 2023 if the processing of personal data for purposes of profiling presents a “reasonably foreseeable risk” to individuals. The type of risks contemplated by