Data Privacy & Cybersecurity

Join Gretchen Ramos, global co-chair of GT’s Data, Privacy, & Cybersecurity Practice, for PrivacyConnect’s “Data Privacy: 2022 Business Challenges and Solutions” webinar Jan. 27 at 10:00 a.m. EST.

The webinar will discuss questions on global expectations, local challenges, interplay between data privacy and AI, digitalization, competition, consumer affairs, cross-border trade, governance, regulatory enforcement,

A ransomware attack on a major U.S. gas pipeline sharpened people’s concerns about cybercrime in 2021, while the Biden administration balanced working with the private sector and threatening penalties for keeping breaches secret. GT Shareholder Jena M. Valdetero was mentioned in this article on cybersecurity steps the Biden administration has taken, published by Law360 Dec.

While the CCPA went into effect on Jan. 1, 2020, it did not become fully enforceable until July 1, 2020. When we passed the one-year anniversary of the CCPA becoming law, it provided an opportunity to assess the impact of the CCPA on privacy programs and to begin to benchmark against emerging industry standards. To

DRI’s Cybersecurity and Data Privacy Committee’s virtual seminar will take place Tuesday, Oct. 26 and provide an overview of important data protection and privacy concepts and review data protection and privacy obligations imposed by state and global laws and regulations. Topics discussed will include how to comply with the challenging and ever-changing data protection and

No.

The regulations implementing the CCPA require that in-scope businesses must provide two or more designated methods of submitting requests to opt-out, including an interactive form accessible via a clear and conspicuous link titled “Do Not Sell My Personal Information,” on the business’s website or mobile application.[1]

In addition to the “DNSMPI” link noted

Yes.

Where a global privacy control (“GPC”) conflicts with a consumer’s existing business-specific privacy setting or their participation in a business’s financial incentive program, the business must respect the GPC, but may notify the consumer of the conflict and give the consumer the choice to confirm the business-specific privacy setting or participation in the financial

No.

A group of privacy advocates and privacy software companies has proposed an “unofficial” specification for how consumers might transmit, and how companies might receive, a global privacy opt-out signal that indicates an intention for information not to be sold.  As of 12 October 2020, the draft “Global Privacy Control specification” claims to have “no

A group of privacy advocates, publishers, and privacy software companies have proposed an “unofficial” specification for how consumers might transmit, and how companies might receive, a global privacy opt-out signal that indicates an intention for information not to be sold.  They refer to their specification as the Global Privacy Control header, “GPC header,” or “GPC

No.

The regulations implementing the CCPA require that if a business sells personal information and collects personal information from consumers online it must honor “user-enabled global privacy controls” that communicate a desire of the consumer to opt-out of the sale of personal information.[1]  There is no single format or technical specification for creating, transmitting,

No.

The European GDPR permits a company to collect only that information which is “adequate, relevant and limited to what is necessary in relation to the purposes” for which the information is to be processed.”[1]  As a result, a company arguably is not permitted to collect personal data that is not “necessary” for a