Sean Tassi

Sean serves the multifaceted needs of public and private colleges and universities. He provides day-to-day outside general counsel services and represents higher education clients in federal court, state court and arbitration.

Follow:

The Year to Come in U.S. Privacy & Cybersecurity Law (2021)

By David Stauss, Michael Hayes, Sean Tassi, Pete Enko, Marci Kawski, Erik Dullea, Anne Mayette, Lauren Capitini & Shelby Dolen on January 27, 2021

Posted in California Consumer Privacy Act, California Privacy Rights Act, HIPAA, Illinois, Privacy, State privacy legislation

On January 28, 2021, privacy professionals around the world will celebrate Data Privacy Day. This year, we decided to mark the occasion by gathering our team’s thoughts and expectations on what we expect to be the biggest privacy law stories in 2021 and beyond.

Last year we wrote a similar article, attempting to predict how the privacy landscape would unfold in 2020. We got some things right (e.g., the emergence of CCPA 2.0). But, let’s be honest, in March everything changed, including privacy law. As spring turned into summer our writing focused on the privacy law implications of COVID-19, including contact tracing, no contact temperature taking, and the unanticipated collection of heath information, among other unexpected topics. We also took note of developments overseas, including the Court of Justice of the European Union’s Schrems II decision and the emergence of Brazil’s federal privacy law, LGPD.

If there was one takeaway from 2020 from a privacy law perspective it was this – while it is impossible to predict its path, privacy law is rapidly growing and evolving, almost on a daily basis, and in nearly every corner of the world. With that, we turn to our 2021 predictions.Continue Reading The Year to Come in U.S. Privacy & Cybersecurity Law (2021)

The Year to Come in U.S. Privacy & Cybersecurity Law

By David Stauss, Bob Bowman, Erik Dullea, Sean Tassi, Michael Hayes, Grant Leach, Cortney Morgan, Bob Tomaso, Malia Rogers, Ephraim Hintz, Megan Beebe & Anne Mayette on January 8, 2020

Posted in California, California Consumer Privacy Act, Data Breach, Data Security, FTC, Illinois, Internet of Things, Privacy, State privacy legislation, Washington Privacy Act

Keypoint: 2020 promises to be another ground-breaking year in privacy and cybersecurity law in the United States.

2019 was an exciting year in privacy and cybersecurity law. In the United States, the California Consumer Privacy Act (CCPA) was the most significant story, but there also were developments in states such as New York and Nevada. Numerous other states also considered consumer privacy legislation, and federal lawmakers even jumped into the fray, proposing a variety of bills and regulations. Overseas, GDPR garnered the most headlines of course, but other countries, such as Brazil, also made news.

But 2019 was just the start. There is no doubt that privacy and cybersecurity law is undergoing a fundamental change in the United States. If nothing else, the legal landscape of privacy law in the United States promises to look very different by the end of the year.

Below we discuss what we anticipate will be the biggest stories in 2020 and beyond.Continue Reading The Year to Come in U.S. Privacy & Cybersecurity Law

What to Know About ED’s New Stance On Data Breach Reporting

By Sean Tassi on February 20, 2018

Posted in Data Security

It’s no longer optional for colleges and universities to report data breaches to the U.S. Department of Education — yet the agency has not clearly defined its expectations. Here’s what institutions should be aware of.
Continue Reading What to Know About ED’s New Stance On Data Breach Reporting

5 simple rules for FERPA contracting compliance

By Sean Tassi on February 16, 2017

Posted in Data Security, Privacy

dataLocks148650499 Colleges and universities frequently hire third-party vendors to provide services that involve student data—cloud storage, online education delivery, and online grade books to name a few. Although the arrangements are common, they can run afoul of the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g; 34 CFR Part 99) (FERPA) and other data privacy best practices. Colleges and universities should contemplate privacy and security issues when contracting with third-party vendors and include language in the service agreement that identifies exactly what information is being shared and protects how the information can be used in the future.
Continue Reading 5 simple rules for FERPA contracting compliance