Carissa has extensive experience developing, implementing, and maintaining customized data privacy compliance programs for companies of all sizes, as well as improving and refining existing programs.

Key Point: The FCC revised its breach notification rules for telecommunication providers to broaden the instances when notifications are required, but even with limited exceptions to the new requirements, the final rule further complicates the existing maze of federal reporting requirements.Continue Reading The Federal Communications Commission Updates its 2007 Breach Disclosure Regulations

Key Point: The European Commission has adopted an adequacy decision for the EU-U.S. Data Privacy Framework, which allows certain businesses to transfer data from the EU to the U.S. without the need for additional transfer mechanisms. 

On July 10, 2023, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework (“Privacy Framework”). This decision declared that United States companies that self-certify under the Privacy Framework will be deemed to provide an adequate level of data protection, which removes the requirement for those companies to implement additional safeguards when transferring data from the EU to the U.S. These safeguard requirements have been standard for decades but have been most recently required under the General Data Protection Regulation (“GDPR”).Continue Reading Adoption of EU/U.S. Data Privacy Framework

Keypoint: Enforcement by the California Privacy Protection Agency of the new CCPA regulations will be delayed until March 2024, but the Agency can still enforce the CCPA statutory changes as of July 1, 2023.

As first reported by Amy Miller at mlex, on June 30, 2023, Judge Arguelles of the Superior Court of California entered an Order granting, in part, the California Chamber of Commerce’s Petition for Writ of Mandate and Compliant for Declaratory and Injunctive Relief. In so doing, the Court held that enforcement of any final regulation published by the California Privacy Protection Agency must be stayed for a period of 12 months from the date that regulation becomes final. This means the Agency cannot enforce the new California Consumer Privacy Act (CCPA) regulations finalized on March 29, 2023, until March 29, 2024. Importantly, the ruling does not prohibit the Agency or the Attorney General’s Office from enforcing the statutory changes to the CCPA that went into effect on January 1, 2023.Continue Reading Enforcement of New CCPA Regulations Delayed By Court Ruling

Keypoint: The AI Act is the first legislation of its kind and is expected to have a significant impact on companies globally.

The European Parliament recently voted in favor of the Artificial Intelligence Act (“AI Act”) with overwhelming majority. Once finalized, the AI Act will have widespread impact for entities using artificial intelligence (“AI”) in their business operations. Similar to the European Union’s (“EU”) General Data Protection Regulation, the AI Act will apply extraterritorially to providers placing on the market or putting into service AI systems in the EU, irrespective of whether those providers are established in the EU or in a third country.

The AI Act is dense and expansive. For entities looking for an introduction to the topic, below we provide a brief overview of the current legislation, as well as what you can expect procedurally as the AI Act progresses toward final passage.Continue Reading An Introduction to the EU AI Act