Federal Trade Commission Announces Settlements in Privacy Shield Enforcement Actions

The Federal Trade Commission sent an important message to companies participating in the EU-U.S. Privacy Shield when earlier this year, the agency announced that settlements had been finalized with five companies regarding separate allegations that they had falsely claimed certification under the framework. The EU-U.S. and Swiss-U.S. Privacy Shield frameworks make it possible for companies to transfer personal data lawfully from the EU and Switzerland, respectively, to the U.S. (In compliance with the EU – GDPR – General Data Protection Regulation). The FTC announcement can be found here. In individual actions the FTC had alleged that: DCR Workforce, Inc., Thru, Inc., LotaData, Inc., and 214 Technologies, Inc., each…

READ MORE

The Class-Action Risk Inherent in California’s New Strict Data Privacy Law 

Right on the heels of GDPR’s compliance deadline and hitting a little closer to home, the governor of California has signed AB 375—the California Consumer Privacy Act of 2018. This is a first-of-its-kind law, at least from a US-perspective, that has been called historic in terms of privacy and consumer protections.  Much like GDPR, the comprehensive law gives users more control over their data and places penalties on companies that fail to comply. There is a very unique American aspect to this law however – the private cause of action that is given to California residents. Whereas the “teeth” in the EU-law is the threat of regulatory investigation and…

READ MORE

Preparing for May 25th, 2018: GDPR Compliance Requires More Than Technology Solutions

Whether you are in the IT department or on the legal team, in recent weeks you’ve no doubt received announcements and advertisements offering technology solutions that promise to help you “achieve GDPR readiness.” While these products can help address certain compliance issues, it’s important to understand their limitations – and that GDPR compliance requires more than technology solutions. Before any tool can be useful, GDPR demands a combination of review, risk analysis and thoughtful decision-making on the part of your company. While software solutions can help with discrete tasks – data mapping, controlling and monitoring who has access to data, and managing consent, to name a few –…

READ MORE

Technology for GDPR Compliance Will Cost Top U.S. Firms $1 Million

A new survey conducted by Paul Hastings LLP provides a serious reminder that the cost associated with EU General Data Protection Regulation (GDPR) compliance is staggering, and that to be ready to comply when the regulation goes into effect on May 25, 2018, U.S. companies must act now. U.S. firms in the Fortune 500 will spend an average of $1 million on GDPR compliance technology alone. Currently, only 9 percent of U.S. companies surveyed have purchased new technology and just 34 percent have allocated the appropriate budget to hire the additional staff necessary to meet regulatory demands. The consequences of GDPR violation are immense, with fines of up to $22.4…

READ MORE