Shareholder Jena M. Valdetero is quoted in a Law360 article titled “COVID Inflamed Damaging Year For Data Breach Victims.” Click here to access the Law360 article (subscription required).
Ian Ballon Participates in Virtual Roundtable: What You Need to Know About Cybersecurity
Ian C. Ballon, co-chair of Greenberg Traurig’s Global Intellectual Property & Technology Practice, participated in a virtual panel on Feb. 25 titled “What You Need to Know About Cybersecurity.” He discussed the growing threat of cyberattack and how businesses can prepare for and prevent security breaches.
Are law firms considered businesses or service providers of the personal information that they receive from clients as part of a representation?
It depends.
If a written contract between a law firm and its client (e.g., an engagement letter) prohibits the law firm from using, retaining, and disclosing personal information except to the extent permitted by the client, the law firm may be a “service provider” under the CCPA. The CPRA amended the CCPA’s definition of service
Are all businesses required to train their employees, or just those that collect large quantities of personal information?
The regulations implementing the CCPA discuss the education of employees regarding CCPA related responsibilities in two sections:
| Section 999.317(a) | Section 999.317(g)(3) |
|
All individuals responsible for handling consumer inquiries about the business’s privacy practices or the business’s compliance with the CCPA shall be informed of all of the requirements in the CCPA and these regulations and |
Are businesses required to train their employees about the CCPA?
The CCPA does not explicitly reference the requirement to train employees, but it does require that:
All individuals responsible for handling consumer inquiries about the business’s privacy practices or the business’s compliance with this title are informed [concerning the CCPA’s requirements] . . . and how to direct consumers to exercise their rights under those
Does the CCPA adopt a specific standard for deidentifying information?
No.
The CCPA defines “deidentified” data as information that “cannot reasonable identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer.”1 A number of individuals and entities requested that the Office of the California Attorney General provide guidance as to what steps should be
Privacy Compliance Action Items for Businesses Before EOY 2020
One week into the final month of what has been a memorable 2020, maintaining an organization’s privacy hygiene is more pressing than ever – and includes new requirements.
From privacy policy updates mandated by the California Consumer Privacy Act (CCPA), to all businesses needing to stay current and non-deceptive in their public disclosures in relation
2nd Annual ISACA Forum on CCPA
Greenberg Traurig Shareholder David A. Zetoony will be delivering the keynote remarks at the 2nd Annual ISACA Forum on CCPA taking place virtually on Thursday, November 19, 9:00 am – 4:00 pm PST. Attendance at this year’s virtual Forum is complimentary. If you are interested in attending, please register online here.
Webcast: How to Adapt Your Incident and Breach Response Strategy to Today’s Regulatory Environment
Greenberg Traurig Shareholder David A. Zetoony will be a speaker during American Lawyer Media’s webcast, “How to Adapt Your Incident and Breach Response Strategy to Today’s Regulatory Environment,” on Wednesday, November 18, at 2 PM EST / 11 AM PST.
In today’s ever-changing regulatory landscape, it is vital for legal professionals to build an incident
Webinar: Post US Election Privacy Updates & Implications
On Monday, November 16 at 12:00 PM EST, TrustArc, the leader in privacy compliance and data protection solutions, will host the webinar “Post US Election Privacy Updates & Implications.” The United States election on November 3rd impacted the future use of personal information for organizations doing business with US citizens. From presidential results to state