Employment

California Governor Signs CCPA and Breach Notification Statute Amendments into Law

With the January 1, 2020 effective date of the California Consumer Privacy Act (the “CCPA”) rapidly approaching, all eyes have been on the California legislature’s consideration of a robust suite of amendments that would clarify ambiguities and address discrepancies underlying the prominent privacy statute. On October 11, 2019, six CCPA amendments were signed into law by the California Governor, as well as an amendment to the state’s breach notification statute. The rest of the CCPA amendments have either failed or will have to wait until next year for further consideration.

READ MORE

Up for Interpretation: Proposed CCPA AG Regulations Open for Public Comment

On October 10, 2019, the California Attorney General added to the complexity of the California Consumer Privacy Act of 2018 (“CCPA”) by releasing long-awaited proposed regulations that provide guidance on various elements of the CCPA. The text of the proposed regulations is available here and the California Attorney General has made other documents and information relating to the proposed regulations available here. The comment period for the proposed regulations will close on December 6, 2019. Interested parties may review and provide written comments addressing the proposed regulations prior to that date or attend one of four scheduled public hearings on the proposed regulations to be held on December 2-5, 2019. READ MORE

Orrick Webinar: Last-Minute Amendments – Changes to California’s New Privacy Law Ahead of the Effective Date

Webinar | October 30, 2019

Download Powerpoint Presentation

Please join Heather Sussman, Emily Tabatabai, and Nick Farnsworth for the Cyber, Privacy & Data Innovation practice’s webinar “Last-Minute Amendments- Changes to California’s New Privacy Law Ahead of the Effective Date.”

READ MORE

New law decreases the number of companies required to designate a Data Protection Officer in Germany

On June 28, 2019, the German parliament (Bundestag) passed new legislation imposing several changes to the current German Federal Data Protection Act (“BDSG”).  Although many of the changes addressed privacy aspects of criminal proceedings, the new legislation makes an important change for small companies by increasing the threshold to designate a Data Protection Officer (“DPO”). Whereas currently companies have to designate a DPO if they constantly employ at least 10 employees who deal with the automated processing of personal data, the new legislation increases the minimum number of employees from 10 to 20, significantly decreasing the financial and administrative burden for small companies doing business in Germany. This article explains the changes and their impact and explains what companies should do.

READ MORE

Orrick Webinar: New U.S. Privacy Laws – What Companies Need to Know

Webinar (recording available) | June.25.2019

Click to Play

Download Powerpoint Presentation

Please join Heather Sussman and Matthew Coleman for the Cyber, Privacy & Data Innovation practice’s webinar “California’s and Nevada’s New Privacy Laws – What Companies Need to Know.”

California was the first U.S. state to enact a sweeping new privacy law, known as the CCPA, with an effective date of January 2020. Nevada has now enacted a scaled-down version of the CCPA that is slated to take effect even sooner – as early as October 2019.
READ MORE

Orrick Launches Automated Tool to Assess Readiness for California Consumer Privacy Act

Today, Orrick announced the launch of our automated CCPA Readiness Assessment Tool which helps businesses globally determine whether they are covered by the California Consumer Privacy Act (CCPA) and, if yes, their readiness to comply with the new law that is revolutionizing the United States privacy landscape. This free tool is available to all organizations and takes 10-30 minutes to complete.  It segments the CCPA into five workable themes and guides users through a series of dynamic questions relating to each theme. Upon completion of the questionnaire, the tool provides a free and comprehensive readiness assessment tailored to the business’s unique positioning and individual needs.

READ MORE

European Court Restricts Employer Access to Employee’s Private Communications

(Editors’ note: Thanks to Orrick trainee associate, Arne Senger, for his help with this blog post.)

With its recent ruling in Bărbulescu v. Romania (application no. 61496/08), the Grand Chamber of the European Court of Human Rights (ECHR) made a decision of enormous impact for employers in Europe. The decision makes clear that even when private use of business resources is prohibited, employers do not have unlimited access to all communications that occur on corporate systems.

Companies should carefully review their policies to ensure that they can access their corporate IT equipment, at least to the extent permitted by European data privacy law. READ MORE

Orrick Launches Automated GDPR Readiness Tool for Companies

Today, Orrick announced the launch of our automated General Data Protection Regulation (GDPR) Readiness Assessment Tool, which makes the EU’s new, complex, data privacy law, the GDPR, more accessible. The free tool is available to all organizations and allows businesses to stress test their compliance against the upcoming GDPR. It segments the GDPR into 14 workable themes and guides the user through a series of dynamic questions relating to each theme. Upon completion of the assessment, the tool provides a complimentary tailored report summarizing the likely key impacts of the GDPR for an organization. READ MORE

Cybersecurity Whistleblowing Is Murkier Than You May Think

Emerging Issue of Cybersecurity Whistleblowing Corporate Counsel SEC Securities and Exchange Comission

In this Corporate Counsel article, Orrick attorneys Renee Phillips and Shea Leitch discuss the emerging issue of cybersecurity whistleblowing.  The authors discuss scenarios in which cybersecurity whistleblowers may step forward and how a company can best address complaints internally and mitigate the potential of regulatory scrutiny.  Click here to read the full article.