womblebonddickinson com Hot Topics in Privacy and Security

  • Slides: 10
Download presentation
womblebonddickinson. com Hot Topics in Privacy and Security Compliance Tara N. Cho, Partner Peter

womblebonddickinson. com Hot Topics in Privacy and Security Compliance Tara N. Cho, Partner Peter F. Mc. Laughlin, Partner ACC Compliance & Ethics Network September 17, 2019

Agenda • “I know what you did last weekend” (CCPA & Online Advertising) •

Agenda • “I know what you did last weekend” (CCPA & Online Advertising) • CCPA amendments over the weekend • Spawn of CCPA in other states • Recent EU Guidance and Enforcement • Trends in FTC data security enforcement • Becoming more specific; vendor risk • Other issues • AI in Recruiting; Brexit; ISO & NIST Privacy Frameworks 2

CCPA: Core Elements • Scope • Key Definitions • Personal Information • Business vs.

CCPA: Core Elements • Scope • Key Definitions • Personal Information • Business vs. Service Provider vs. Third Party • Sale • Consumer Rights • Notice, copy/access, opt-out/do not sell, non-discrimination, deletion • Preparedness / Unintended Consequences 3

CCPA: Past Weekend’s Amendments • Employee & B 2 B relationships (1 year exemption)

CCPA: Past Weekend’s Amendments • Employee & B 2 B relationships (1 year exemption) • Reasonably identifiable • Publicly available • Verified Consumer Requests clarified • Data broker registration • Several other narrow carve outs (e. g. , vehicle registration, online only business need not have a toll-free number) 4

CCPA: Implications (Assuming Signature) • Employee & B 2 B relationships (1 year exemption)

CCPA: Implications (Assuming Signature) • Employee & B 2 B relationships (1 year exemption) • B 2 B marketing? • Reasonably identifiable • Publicly available • Online Advertising • List purchasing, lead generation, MICE… • Verified Consumer Requests • Contract supplements/amendments with your third parties • Data broker registration only narrowly applicable 5

CCPA: Spawn of Copy-Cat Laws • Shift in privacy focus • Initially 10+ states

CCPA: Spawn of Copy-Cat Laws • Shift in privacy focus • Initially 10+ states considered or proposed similar-ish privacy regulations or amendments • Key bills: • Nevada (effective October 1, 2019) • Maine (effective July 1, 2020) • New York • Massachusetts • Other related state legislation • State vs. Federal debate & preemption 6

GDPR: Recent Enforcement & Guidance • Marriott – potential $124 MM fine • Do

GDPR: Recent Enforcement & Guidance • Marriott – potential $124 MM fine • Do your diligence • British Airways – potential $230 MM fine • Secure your data • Fashion ID • Know your processing role & responsibilities • Online Advertising (UK ICO & FR CNIL) • Schrems Case (Will Privacy Shield & Model Contracts survive? ) • Privacy Shield got a clean bill of health last week (EU Comm. ) 7

FTC: Lessons from Recent Data Security Enforcement • The FTC consent decrees have been

FTC: Lessons from Recent Data Security Enforcement • The FTC consent decrees have been increasingly specific in stating what was wrong – not ‘reasonable security’ • Why so? • Fundamentally, increased liability for D&Os • Do not let internal warning go unheeded • Treat cyber (& privacy) as an issue to understand (not simply delegate) • Understand implications of data collection • At least quarterly discussions • Risk management & prioritization 8

Other Interesting Topics • AI and Recruiting • Biometrics & HR • Brexit •

Other Interesting Topics • AI and Recruiting • Biometrics & HR • Brexit • Recognition of all EC approved transfer mechanisms • Privacy Shield • Contracts (Schrems) (EU Adv Gen op Dec. 2019) • New Privacy Frameworks: • ISO 27701 (a privacy-specific extension to ISO 27001) • NIST Privacy Framework (prelim draft Sept 6, 2019) 9

Thank you! Tara Cho Privacy & Cybersecurity Partner Tara. Cho@wbd-us. com +1. 919 -755

Thank you! Tara Cho Privacy & Cybersecurity Partner Tara. [email protected] com +1. 919 -755 -8172 (o) +1. 919. 280. 2999 (c) Peter Mc. Laughlin Privacy & Cybersecurity Partner Peter. Mc. [email protected] com +1. 857. 287. 3113 (o) +1. 617. 480. 1545 (c)