Image of gears directing arrows to shield.

California Consumer Privacy Act vs GDPR – How to Maximize Your Privacy Compliance Program

California’s recent passage of the Consumer Privacy Act of 2018 now places the world’s fifth-largest economy under European style data protection rules. Given the new law, US businesses that were previously hesitant to implement GDPR are now reconsidering their position.

Luckily, the GDPR and the California Consumer Privacy Act (CCPA or CaCPA) share some similarities. Both provide for consumer-facing privacy notices, data access rights, and data portability. As businesses automate their GDPR compliance processes, they should also leverage those same processes under the CaCPA to save significant time and expense.

Below, we have listed five common operational steps that all businesses should take in their GDPR and CaCPA privacy compliance programs:
Continue Reading California Consumer Privacy Act vs GDPR – How to Maximize Your Privacy Compliance Program

Image of man preaching

EU Court Finds GDPR Applies to Religious Preaching

On July 10, 2018 the Court of Justice of the European Union (CJEU) published an opinion finding that the General Data Protection Regulation (“GDPR”) applied to the collection of personal data during “door-to-door” preaching by the Jehovah’s Witnesses religious community. This data included the name and addresses of individuals contacted, and in certain cases, the individuals’ religious beliefs and family circumstances. Members of the Jehovah’s Witnesses community used this data to coordinate preaching efforts across territories and to maintain lists of individuals who did not wish to be visited.

The judgment in this case (CJEU C-25/17) highlights the broad scope of the GDPR in several ways. First, it shows the limitation of the “personal or household” exception to the GDPR. Continue Reading EU Court Finds GDPR Applies to Religious Preaching

Decorative image for Gen Why Podcast

Keeping up with Privacy Laws: Lily Li on The Gen Why Lawyer Podcast

On July 2, 2018 attorney Lily Li appeared as a guest star on The Gen Why Lawyer Podcast. During the half-hour segment, Ms. Li discussed starting her own dedicated privacy practice, the recent enactment of the General Data Protection Regulation, and growing developments in state privacy regulation.

Listeners may tune into this broadcast on ITunes, Stitcher, and The Gen Why Lawyer website at the links below:

 

***
The Gen Why Lawyer is a weekly podcast hosted by California Patent Attorney and Millennial, Karima Gulick. Join Karima each week as she chats with some of the greatest innovators and leaders in the legal profession. Listen in to hear their inspiring stories and learn from their insight on how to build a meaningful life and fulfilling career. For more information, check out their website.

KUCI local radio logo

Metaverse Law Discusses GDPR and State Privacy Laws on KUCI 88.9 FM Privacy Piracy Radio

On Monday, June 25 at 8 A.M. Pacific, attorney Lily Li appeared as a guest star on KUCI 88.9 FM’s Privacy Piracy radio show. During the half-hour segment, Ms. Li discussed the impact of the recent General Data Protection Regulation, growing developments in state privacy regulation, and the California Consumer Privacy Act.

To listen to this broadcast, please click on the MP3 below.

KUCI 88.9 FM is a commercial free radio station, based out of the University of California – Irvine. For more information, see http://kuci.org/

Privacy Piracy is a half-hour public affairs radio show broadcasting on KUCI 88.9 FM. The show is co-hosted by attorney and privacy consultant Mari Frank and production engineer Lloyd Boshaw. For more information, see http://privacypiracy.org/

American Privacy Laws in a Global Context: Predictions for 2018

Should putative class members have privacy rights in class action claims under the CCPA?
Image Credit: kmicican from pixabay.com

[Originally published as the May 2018 Cover Story: Data Privacy and the Law – American Privacy Laws in a Global Context: Predictions for 2018, by Lily Li, in Orange County Lawyer Magazine, May 2018, Vol. 60 No.5.]

Cybersecurity Attacks Are Inevitable

Cybersecurity attacks are on the rise. According to the non-profit organization, Identity Theft Resource Center, there were over 1,579 publicly reported data breaches in 2017, compared to 1,091 in 2016, and 780 in 2015. Not only are these cyberattacks happening at high-profile companies like Equifax, Uber, and Yahoo, they are increasingly happening to businesses of all sizes. Any entity able to pay a ransom is now a potential target.

Law firms are no exception. In 2017, DLA Piper was hit with a “wiper-ware” attack, following previous email hacks of Cravath and Weil Gotshal in 2016. Earlier this year, UK-based cybersecurity firm, RepKnight, reported that almost 800,000 UK law firm email addresses and affiliated passwords were available on the dark web, with over 50% of these credentials posted in the last six months. These law firms did not just include local UK firms, but global law firms with a UK presence.

Given these alarming statistics, what should legislators do?

In the EU, Canada, and China, legislators have decided to develop and implement national data privacy and cybersecurity frameworks: GDPR, PIPEDA, and CSL respectively. The United States, by contrast, still relies upon a patchwork of sectoral laws and inconsistent state rules. This article will take a brief look at developments in the EU, Canada, and China, discuss the current United States privacy framework, and predict likely developments in U.S. privacy law over the next year.Continue Reading American Privacy Laws in a Global Context: Predictions for 2018

1 2 3