Greenberg Traurig Shareholder David A. Zetoony will be a speaker during American Lawyer Media’s webcast, “How to Adapt Your Incident and Breach Response Strategy to Today’s Regulatory Environment,” on Wednesday, November 18, at 2 PM EST / 11 AM PST.

In today’s ever-changing regulatory landscape, it is vital for legal professionals to build an incident

On Monday, November 16 at 12:00 PM EST, TrustArc, the leader in privacy compliance and data protection solutions, will host the webinar “Post US Election Privacy Updates & Implications.”  The United States election on November 3rd impacted the future use of personal information for organizations doing business with US citizens. From presidential results to state

No.

The regulations implementing the CCPA require that in-scope businesses must provide two or more designated methods of submitting requests to opt-out, including an interactive form accessible via a clear and conspicuous link titled “Do Not Sell My Personal Information,” on the business’s website or mobile application.[1]

In addition to the “DNSMPI” link noted

Yes.

Where a global privacy control (“GPC”) conflicts with a consumer’s existing business-specific privacy setting or their participation in a business’s financial incentive program, the business must respect the GPC, but may notify the consumer of the conflict and give the consumer the choice to confirm the business-specific privacy setting or participation in the financial

A group of privacy advocates, publishers, and privacy software companies have proposed an “unofficial” specification for how consumers might transmit, and how companies might receive, a global privacy opt-out signal that indicates an intention for information not to be sold.  They refer to their specification as the Global Privacy Control header, “GPC header,” or “GPC

No.

The regulations implementing the CCPA require that if a business sells personal information and collects personal information from consumers online it must honor “user-enabled global privacy controls” that communicate a desire of the consumer to opt-out of the sale of personal information.[1]  There is no single format or technical specification for creating, transmitting,

No.

The European GDPR permits a company to retain personal data for “no longer than is necessary for the purposes for which the personal data are processed.”[1]  As a result, if a company no longer needs information to accomplish a specific purpose, the company is, theoretically, required to delete that information.  The requirement that

No.

The European GDPR permits a company to collect only that information which is “adequate, relevant and limited to what is necessary in relation to the purposes” for which the information is to be processed.”[1]  As a result, a company arguably is not permitted to collect personal data that is not “necessary” for a