Modern state privacy laws mandate that agreements with service providers or processors contain specific contractual provisions to govern the parties’ relationship. Which provisions should be included in a vendor agreement, however, differ by state statute. In addition, some state privacy laws impose statutory obligations upon vendors that do not necessarily need to be memorialized in

UPDATE: The program, “The Proposed CPRA (California Privacy Rights Act) Regulations: What to look for, deciding whether to comment, and how to prepare,” originally scheduled to take place on Thursday, June 30 has been rescheduled as Chairperson Urban of the CPPA recently indicated that she will provide additional information regarding the timeline for public comment

No. A privacy framework describes a set of standards or concepts around which a company bases its privacy program. Typically, a privacy framework does not attempt to include all privacy-related requirements imposed by law or account for the privacy requirements of any particular legal system or regime. As a result, a company can utilize a

The Boston Patent Law Association’s Computer Law Committee is hosting the webinar “U.S. and EU Data Privacy Compliance in the Healthcare Space” Wednesday, June 29 at 12 p.m. EST. Greenberg Traurig Shareholder Gretchen A. Ramos, co-chair of the firm’s Global Data, Privacy & Cybersecurity Practice, will be a panelist on the webinar,

The CCPA’s (California Consumer Privacy Act) exemption on human resources (HR) and business-to-business (B2B) personal information expires on January 1, 2023 when the CPRA takes effect. Unlike the other new state privacy laws effective in 2023, the CPRA will apply to personal information that a business collects from its employees, job applicants, independent contractors and

The Data, Privacy & Cybersecurity Practice of global law firm Greenberg Traurig, LLP is recognized in the 2022 Chambers USA Guide. The guide, which is researched by UK-based Chambers and Partners and is based on thousands of interviews with practicing lawyers and clients, ranked the practice Band 1 for Nationwide Privacy & Data Security:

Modern state privacy laws confer upon individuals the ability to ask for their personal information to be deleted. Statutes differ, however, in the scope of the “deletion right.” For example, some states only permit consumers to request the deletion of personal information that the consumer provided to the organization (allowing the organization to keep personal

All modern data privacy statutes allow individuals the ability to request that organizations take certain actions in relation to their personal information. Organizations are not always required to take the actions requested, however, and often exercise discretion in terms of how to handle a data subject request. For example, if an individual asks an organization

Some privacy statutes explicitly reference “sensitive” or “special” categories of personal information. While such terms, when used, often include similar data types that are generally considered as raising greater privacy risks to data subjects if disclosed, the exact categories that fall under those rubrics differ between and among statutes. Furthermore, other privacy statutes do not