A MoFo Privacy Minute Series

  • A MoFo Privacy Minute Q&A: Belgian Regulator Further Shapes the Contours on When to Appoint a DPO and Who Can Hold the Position (10 March 2022)

    Preventing, detecting, and responding to credential-stuffing attacks has always been a challenge for my company, and every company, since the credentials are not actually stolen from us. Yet our customers are still harmed if the credentials are used to access their accounts with us. What measures can companies use to address credential-stuffing attacks?
    Q:Do I need to appoint a DPO if I use cookies?
    Q:Does the GDPR require documenting the decision on whether or not to appoint a DPO?
    Q:Are purely advisory leadership roles compatible with the DPO role?

  • A MoFo Privacy Minute Q&A: How to Defend, Detect, Prevent, and Respond to Credential Stuffing (2 February 2022)

    Preventing, detecting, and responding to credential-stuffing attacks has always been a challenge for my company, and every company, since the credentials are not actually stolen from us. Yet our customers are still harmed if the credentials are used to access their accounts with us. What measures can companies use to address credential-stuffing attacks?

  • A MoFo Privacy Minute Q&A: New York City Enacts New Law Regulating the Use of Artificial Intelligence Tools in Employment Decisions (5 January 2022)

    My company has a location in New York City. What are the requirements for employers under New York City’s new law about automated employment decision tools, and what happens if my business fails to meet the requirements?

  • A MoFo Privacy Minute Q&A: 14 December 2021

    During our webinars, our attendees ask us great questions. In this final issue of A MoFo Privacy Minute for the year 2021, we chose three of your questions to answer. Stay tuned for more in 2022!
    Q: Please explain the difference between pseudonymous and de-identified information under the three laws. Can I consolidate the definitions together and apply one protocol for my business?
    Q: What is the difference in scope between the HIPAA and GLBA exceptions under the CPRA, VCDPA, and CPA?
    Q: What must contracts with services providers/processors say about audit rights?

  • A MoFo Privacy Minute Q&A: 11 November 2021

    My company is a financial institution subject to the FTC’s Safeguards Rule under the Gramm-Leach-Bliley Act and we have an information security program that conforms to the Safeguards Rule that has been in effect for almost two decades. What do we need to add to our program to comply with the revised Safeguards Rule, and how much time to do we have to add it?

  • A MoFo Privacy Minute Q&A: 13 October 2021

    My company would like to collect COVID-19 vaccination status of its employees and clients. Is this permitted under HIPAA?

  • A MoFo Privacy Minute Q&A: 21 September 2021

    Can a company require proof of a COVID-19 vaccination to visit work sites and/or venues in the EU or the UK?

  • A MoFo Privacy Minute Q&A: 9 September 2021

    I think of cookie consent requirements as being driven by European law, specifically the EU ePrivacy Directive. But I recently heard that Russia also has a cookie consent requirement. Is this really the case? If so, do the requirements apply to a business that is not a Russian company?

  • A MoFo Privacy Minute Q&A: 5 August 2021

    I heard that the Russian data protection authority (Roskomnadzor) has sent out thousands of inquiries to businesses (including businesses outside Russia) asking them to confirm, within 30 days, that they store personal information of Russian citizens in Russia in compliance with Russia’s data localization law.

    My company received the letter. What do I need to know?

    My company is registered with the Russian tax authority, but we did not receive such an inquiry. Should I be concerned?

  • A MoFo Privacy Minute Q&A: 24 June 2021

    Who is Lina Khan, and what is the likely impact of her appointment as chair of the Federal Trade Commission?

  • A MoFo Privacy Minute Q&A: 1 June 2021

    Do breach notification laws require me to notify regulators or individuals when my business inadvertently sends an email to the wrong person that contains a small amount of personal information about another person?

  • A MoFo Privacy Minute Q&A: 18 May 2021

    The new California Privacy Rights Act (CPRA) and Virginia Consumer Data Protection Act (VCDPA) will be operative on January 1, 2023. That seems like a lot of time to prepare, and the CPRA regulations are not out yet. When should I begin, and how can I phase out the work over 2021 and 2022?

  • A MoFo Privacy Minute Q&A: 4 May 2021

    We recently notified our lead data protection authority in the EU of a data breach we suffered. Do we need to also notify the UK data protection authority (ICO) or will our lead DPA forward the notification to the ICO as part of an ongoing cooperation?

  • A MoFo Privacy Minute Q&A: 14 April 2021

    Our cyber insurance broker is bracing its clients for a tough cyber insurance renewal this year. Is there anything we can do to help make things go more smoothly?

Close
Feedback

Disclaimer

Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.