Now that we’ve reached 2023, it’s time to reexamine privacy policies to comply with California’s new California Privacy Rights Act. To recap, in 2018, California enacted the California Consumer Privacy Act (CCPA). The CCPA became effective in 2020. Many of our clients changed their privacy policies and programs to comply…
Is your company considering a transaction to become acquired or to take in additional financing? If so, the time is now to upgrade your privacy and information security practices before you are in serious discussions or receive a term sheet for the transaction. One obvious question is: why now? Aren’t…
You may have heard that California has a new privacy law. The California Consumer Privacy Act (CCPA) came into effect on January 1, 2020. It covers large(r) businesses in California. Covered businesses have to give “consumers” four key rights: The right to know their privacy practices regarding how they collect,…
Shareholder Stephen Wu will be speaking at the American Bar Association Annual Meeting in San Francisco. On August 9 at 2 pm, he will be presenting in a panel Presidential Showcase continuing legal education program entitled “Law Firm Cybersecurity Requirements You Never Dreamed Of: Emerging Threats, Ethical Obligations, and Survival…
On May 23, 2019, shareholder Stephen Wu spoke with Marianne Kolbasuk McGee of Information Security Media Group about a HIPAA an enforcement case. The case was brought by the Office for Civil Rights, Department of Health and Human Services. It emphasized the importance of conducting a security program risk assessment…
The Internet of Things connects machines to other machines in a wide variety of fields and industries. In our digital lives, we are connecting devices to our networks at work and at home. In addition to work and home, however, we spend much of our waking time in transit from…
The ISO 27001 standard[1] is a specification for managing an information security program in an organization. The International Organization for Standardization (ISO) developed and maintains this standard. Worldwide, ISO 27001 has become the most popular standard for managing information security programs, and many organizations have received a certification that their…
In my first blog post on GDPR, I talked about why some U.S. businesses have an obligation to comply with the European Union’s General Data Protection Regulation (GDPR). This post expands on the territorial scope of GDPR. Which U.S. businesses have to comply with GDPR and which don’t? Starting first…
This is my third blog post on the European Union’s General Data Protection Regulation (GDPR). For basic information about GDPR and why U.S. businesses need to watch out for GDPR, see my first blog post in the series. Or to see what GDPR says about information security requirements, see my…
In my last blog post, I talked about compliance with the European Union’s General Data Protection Regulation (GDPR), why U.S. businesses need to worry about GDPR, and some steps businesses can take to prepare for GDPR’s compliance deadline. The previous post contains the basics about GDPR. This post expands on…