Related insights: Privacy and Cybersecurity

Thumbnail

GDPR Update: Top EU Court Strikes Down Validity of EU-US Privacy Shield Framework; Upholds Standard Contractual Clauses

Jul 16 2020
Today, July 16, 2020, the EU’s top court, the Court of Justice of the European Union (CJEU), issued its highly anticipated decision in the Schrems II case. In doing so, CJEU has invalidated the EU-US Privacy Shield Framework and held that its prior decision regarding Standard Contractual Clauses (SCCs) remains valid. Following this decision, US businesses can no longer rely on the EU-US Privacy Shield Framework as a legal mechanism for transferring personal data from the European Economic Area (EEA) to the US. However, companies can still leverage the SCCs in certain instances. The decision highlighted the requirement to for the data exporter to ensure adequate levels of protections are in fact in place prior to transfers.  
Thumbnail

California Screamin’ – Privacy Rollercoaster Becoming Steeper for Businesses

Jun 25 2020
As the CCPA enforcement date of July 1, 2020 approaches next week, California privacy rights were already on the minds of many businesses. However, just as organizations wrap up month and year-long projects to address those costly and onerous requirements, the CCPA may be “old news.” Expanded California privacy rights (together with yet more resource and time-intensive compliance projects for businesses) may be coming---we will have to wait until November to find out. Yesterday, June 24, 2020, the California Secretary of State announced that “CCPA 2.0” or the California Privacy Rights Act of 2020 (“CPRA”) has enough valid signatures and will appear on the November 2020 ballot.
Thumbnail

Federal Court Finds Cybersecurity Forensic Report Not Privileged Under Attorney Work Product Doctrine

Jun 12 2020
The United States District Court for the Eastern District of Virginia has held that a cyber-forensic investigation report was not protected by the attorney work product doctrine and ordered Capital One to produce it in a multidistrict litigation arising out of a 2019 cyber incident. This opinion makes clear that organizations must be careful when hiring cyber forensic companies in anticipation of future litigation. It is critical for organizations to consider when cyber forensic companies should be retained, how they are retained, how they are paid, and how their work will be used and shared both within and outside an organization. If done properly, attorney client privilege and the attorney work product doctrine can be used to shield communications companies from liability in the event of a lawsuit arising from a cybersecurity breach.
Thumbnail

Beth Tyner Jones Discusses Remote Learning Privacy Concerns in Education with Bloomberg Law

Apr 09 2020
Remote learning applications have been a lifeline for schools, colleges and universities during the COVID-19 outbreak, but they may also bring unexpected privacy challenges, according to attorney Beth Tyner Jones, a leader of Womble Bond Dickinson’s Education and School Law Team. Jones recently spoke about these challenge with Bloomberg Law. With regular classes disrupted in virtually every state due to COVID-19 concerns, educators have turned to online video meeting apps to maintain some semblance of a normal school year. But Jones said “There is little time for true diligence or compliance vetting” as schools are scrambling to implement emergency online learning plans.
Thumbnail

HeyDataData Blog Noted as a Thought Leader for IP and Technology Insights

Mar 26 2020
HeyDataData is Womble Bond Dickinson’s blog about technology and society. Authored by a team of firm attorneys, the blog is about how humans, primarily Americans, incorporate technology and innovation into our systems by setting rules, defining boundaries, protecting the innocent, punishing the unjust, and recognizing/organizing entirely heretofore unseen sectors of economic growth.
Thumbnail

HIPAA-Permitted Disclosures on the Frontlines

Mar 26 2020
Over the last several weeks, the Office for Civil Rights within the Department of Health and Human Services, the agency responsible for HIPAA enforcement, issued a number of bulletins, notices, and similar guidance materials to assist HIPAA covered healthcare providers and entities during the COVID-19 public health emergency. The most recent of OCR’s guidance materials was a March 24, 2020 notice reminding those responding to the COVID-19 pandemic that protected health information can be communicated without a patient’s authorization in responding to the pandemic.