Related insights: Privacy and Cybersecurity


GDPR Update: Top EU Court Strikes Down Validity of EU-US Privacy Shield Framework; Upholds Standard Contractual Clauses

Jul 16 2020
Today, July 16, 2020, the EU’s top court, the Court of Justice of the European Union (CJEU), issued its highly anticipated decision in the Schrems II case. In doing so, CJEU has invalidated the EU-US Privacy Shield Framework and held that its prior decision regarding Standard Contractual Clauses (SCCs) remains valid. Following this decision, US businesses can no longer rely on the EU-US Privacy Shield Framework as a legal mechanism for transferring personal data from the European Economic Area (EEA) to the US. However, companies can still leverage the SCCs in certain instances. The decision highlighted the requirement to for the data exporter to ensure adequate levels of protections are in fact in place prior to transfers.  

California Screamin’ – Privacy Rollercoaster Becoming Steeper for Businesses

Jun 25 2020
As the CCPA enforcement date of July 1, 2020 approaches next week, California privacy rights were already on the minds of many businesses. However, just as organizations wrap up month and year-long projects to address those costly and onerous requirements, the CCPA may be “old news.” Expanded California privacy rights (together with yet more resource and time-intensive compliance projects for businesses) may be coming---we will have to wait until November to find out. Yesterday, June 24, 2020, the California Secretary of State announced that “CCPA 2.0” or the California Privacy Rights Act of 2020 (“CPRA”) has enough valid signatures and will appear on the November 2020 ballot.

Federal Court Finds Cybersecurity Forensic Report Not Privileged Under Attorney Work Product Doctrine

Jun 12 2020
The United States District Court for the Eastern District of Virginia has held that a cyber-forensic investigation report was not protected by the attorney work product doctrine and ordered Capital One to produce it in a multidistrict litigation arising out of a 2019 cyber incident. This opinion makes clear that organizations must be careful when hiring cyber forensic companies in anticipation of future litigation. It is critical for organizations to consider when cyber forensic companies should be retained, how they are retained, how they are paid, and how their work will be used and shared both within and outside an organization. If done properly, attorney client privilege and the attorney work product doctrine can be used to shield communications companies from liability in the event of a lawsuit arising from a cybersecurity breach.

Beth Tyner Jones Discusses Remote Learning Privacy Concerns in Education with Bloomberg Law

Apr 09 2020
Remote learning applications have been a lifeline for schools, colleges and universities during the COVID-19 outbreak, but they may also bring unexpected privacy challenges, according to attorney Beth Tyner Jones, a leader of Womble Bond Dickinson’s Education and School Law Team. Jones recently spoke about these challenge with Bloomberg Law. With regular classes disrupted in virtually every state due to COVID-19 concerns, educators have turned to online video meeting apps to maintain some semblance of a normal school year. But Jones said “There is little time for true diligence or compliance vetting” as schools are scrambling to implement emergency online learning plans.

HeyDataData Blog Noted as a Thought Leader for IP and Technology Insights

Mar 26 2020
HeyDataData is Womble Bond Dickinson’s blog about technology and society. Authored by a team of firm attorneys, the blog is about how humans, primarily Americans, incorporate technology and innovation into our systems by setting rules, defining boundaries, protecting the innocent, punishing the unjust, and recognizing/organizing entirely heretofore unseen sectors of economic growth.