A MoFo Privacy Minute Series
Morrison Foerster's highly respected global privacy and data security practice group is comprised of more than 60 lawyers in offices in the United States, Europe and Asia.
A MoFo Privacy Minute Series
Will the ICO develop a more efficient way to approve these types of UK BCRs?
A MoFo Privacy Minute Q&A: How to Avoid Nasty Surprises When Responding to Access Requests in the UK
How should organizations best respond to access requests in the UK in order to avoid hitting the headlines?
A MoFo Privacy Minute Q&A: New TCPA Requirements For Informational Robo Calls
My company makes informational calls using pre-recorded messages or artificial voices. The federal regulation that regulates these calls under the Telephone Consumer Protection Act has been amended, and the new rules become effective on July 20, 2023. What are the new requirements for these kinds of calls?
What can I learn from the California AG’s CCPA settlement with Sephora to check whether my own business’s privacy notice and opt-out mechanisms relating to online advertising and analytics meet the AG’s expectations?
I heard that the public comment period on the proposed regulations under the California Privacy Rights Act (“CPRA”) recently started. What issues in the proposed regulations are businesses likely to comment on to influence the final regulations to be more business-friendly?
Preventing, detecting, and responding to credential-stuffing attacks has always been a challenge for my company, and every company, since the credentials are not actually stolen from us. Yet our customers are still harmed if the credentials are used to access their accounts with us. What measures can companies use to address credential-stuffing attacks?
My company has a location in New York City. What are the requirements for employers under New York City’s new law about automated employment decision tools, and what happens if my business fails to meet the requirements?
During our webinars, our attendees ask us great questions. In this final issue of A MoFo Privacy Minute for the year 2021, we chose three of your questions to answer. Stay tuned for more in 2022! Q: Please explain the difference between pseudonymous and de-identified information under the three laws. Can I consolidate the definitions together and apply one protocol for my business? Q: What is the difference in scope between the HIPAA and GLBA exceptions under the CPRA, VCDPA, and CPA? Q: What must contracts with services providers/processors say about audit rights?
My company is a financial institution subject to the FTC’s Safeguards Rule under the Gramm-Leach-Bliley Act and we have an information security program that conforms to the Safeguards Rule that has been in effect for almost two decades. What do we need to add to our program to comply with the revised Safeguards Rule, and how much time to do we have to add it?
My company would like to collect COVID-19 vaccination status of its employees and clients. Is this permitted under HIPAA?
Can a company require proof of a COVID-19 vaccination to visit work sites and/or venues in the EU or the UK?
I think of cookie consent requirements as being driven by European law, specifically the EU ePrivacy Directive. But I recently heard that Russia also has a cookie consent requirement. Is this really the case? If so, do the requirements apply to a business that is not a Russian company?
I heard that the Russian data protection authority (Roskomnadzor) has sent out thousands of inquiries to businesses (including businesses outside Russia) asking them to confirm, within 30 days, that they store personal information of Russian citizens in Russia in compliance with Russia’s data localization law. My company received the letter. What do I need to know? My company is registered with the Russian tax authority, but we did not receive such an inquiry. Should I be concerned?
Who is Lina Khan, and what is the likely impact of her appointment as chair of the Federal Trade Commission?
Do breach notification laws require me to notify regulators or individuals when my business inadvertently sends an email to the wrong person that contains a small amount of personal information about another person?
The new California Privacy Rights Act (CPRA) and Virginia Consumer Data Protection Act (VCDPA) will be operative on January 1, 2023. That seems like a lot of time to prepare, and the CPRA regulations are not out yet. When should I begin, and how can I phase out the work over 2021 and 2022?
We recently notified our lead data protection authority in the EU of a data breach we suffered. Do we need to also notify the UK data protection authority (ICO) or will our lead DPA forward the notification to the ICO as part of an ongoing cooperation?
Our cyber insurance broker is bracing its clients for a tough cyber insurance renewal this year. Is there anything we can do to help make things go more smoothly?
Privacy + Data Security Practice
Morrison Foerster's highly respected global privacy and data security practice group is comprised of more than 60 lawyers in offices in the United States, Europe and Asia.
U.S. State Privacy Laws Resource Center
U.S. State Privacy Laws Resource Center
Your Resources for the CCPA, CPRA, VCDPA, CPA, CTDPA, and UCPA.
Cybersecurity Resource Center
Cybersecurity Resource Center
We work with clients to help them be aware of critical cyber risks and prepare for incidents.
GDPR + European Privacy Resource Center
GDPR + European Privacy Resource Center
Privacy and data protection compliance in Europe is a C-suite level priority for all organizations.
Whistleblowing Resource Center
Whistleblowing Resource Center
Your Resources for the GDPR and the Whistleblowing Directive
Privacy Library
Privacy Library
MoFo’s database of privacy laws and regulations for more than 90 countries around the world.
China Privacy and Data Security
China Privacy and Data Security
Our China Privacy and Data Security team advises clients on a host of issues.