Data Privacy Alert: California Consumer Privacy Act of 2018 Just Enacted
|
|
- Warren Hodge
- 5 years ago
- Views:
Transcription
1 2018 Data Privacy Alert: California Consumer Privacy Act of 2018 Just Enacted After only a few days of legislative debate, Governor Jerry Brown of California signed a bill enacting the California Consumer Privacy Act of 2018 (the CCPA ) on June 28, The CCPA is a comprehensive new data privacy law that will impact businesses around the world that obtain, use, store or otherwise process the personal information of California residents (including California residents who are temporarily located in other places). The CCPA was enacted very quickly, to forestall a proposed November 2018 statewide ballot initiative that would have imposed even more restrictions on businesses. The CCPA represents a rough compromise between the government and the proponents of the ballot initiative. Shortly after Governor Brown signed the bill, the ballot initiative s proponents agreed to withdraw that initiative. The purpose of the CCPA is to give California residents an effective way to control their personal information, by ensuring the following rights: The right to know what personal information is being collected about them. The right to know whether their personal information is sold or disclosed and to whom. The CCPA will become effective on January 1, Because the law was drafted so hastily in light of the pending proposed ballot initiative, many of its provisions are confusing, and may conflict with other California laws. Accordingly, one should not be surprised if the law is amended sometime before its effective date. Moreover, this law may be subject to future challenges in court. As a general matter, the requirements under the new law are similar to those of the European Union s General Data Protection Regulation ( GDPR ), which came into force on May 25, Howeverthe CCPA as currently drafted is even more severe than the GDPR in many respects. Thus, even businesses that are currently GDPR-compliant will need to take additional steps by January 1, 2020 to become compliant with the CCPA. Unfortunately for businesses that are not GDPR-compliant, or that are not subject to the GDPR, they will have even more work to do before I. Whose Personal Information is Protected Under the California Consumer Privacy Act? The CCPA is designed to protect California residents, who are generally defined as: Individuals who are in California for other than a temporary or transitory purpose, and The right to say no to the sale of personal The right to access their personal The right to the same service and the same price, even if they exercise their privacy rights. Individuals who are domiciled in California but who are physically outside the state for a temporary or transitory purpose. (This means that the CCPA will protect the personal information of California residents, even if they are not physically in California at the time the personal information is processed.)
2 II. What Types of Personal Information Will Be Protected? The CCPA defines the term Personal Information as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. The term Personal information is defined very broadly and includes (but is not limited to): The real name, alias, postal address, unique personal identifier, online identifier Internet Protocol (IP) address, address, account name, Social Security Number, driver s license number, passport number, or other similar identifiers. Characteristics of protected classifications under California or federal law. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Biometric psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities and aptitudes. Personal information does not include publicly available information, which is any information that is lawfully made available from government records. Notably, however, many types information that one might expect to be considered publicly available are not within the scope of the term publicly available under the CCPA. For example, the CCPA specifies that information is not considered publicly available if it is used for a purpose that is not compatible with the purpose for which it is maintained and made available in the government records. Moreover, publicly available does not include consumer information that is de-identified or aggregate consumer III. What Types of Businesses Will Be Subject to This Law? The CCPA applies to for-profit entities that do business in California (including any samebranded parent or subsidiary company) that meet any one of the following three criteria: Has gross revenues of more than $25 million; Internet or other electronic network activity information, including browsing history, search history, and information regarding a consumer s interaction with a website, application, or advertisement. Geolocation data. Receives or shares personal information for more than 50,000 consumers, households or devices; or Receives more than 50 percent of its annual revenue from the sale of personal Audio, electronic, visual, thermal, olfactory or similar Professional or employment-related Education information that is not publicly available. Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer s preferences, characteristics, A company that lacks a physical presence in California might not be subject to this law, so long as it is not doing business in the State of California. However, the concept of doing business in California is interpreted very broadly. Accordingly, businesses that may think they are not subject to this law may find that they indeed will be ensnared. 2
3 IV. What Rights and Obligations Do the CCPA Impose? The CCPA provides the following rights to California residents and imposes obligations on businesses that process California residents personal information: Up to two times in any 12-month period, California residents may request that businesses disclose the categories and specific pieces of personal information that they collect, the types of sources from which the businesses collect the personal information, the business purposes for collecting or selling the personal information, and the types of third parties with which the information is shared. businesses will not be able to charge the consumer who opts out a different price or providing the consumer a different quality of goods or services (except if the difference is reasonably related to the value provided by the consumer s data). Businesses will be prohibited from selling the personal information of a child, unless they obtain an opt-in from an appropriate party. Children between the ages of 13 and 16 can opt in for themselves. For children under the age of 13, businesses must obtain an opt-in from a parent or guardian. (Note that the online collection of data of children under the age of 13 remains subject to the federal Children s Online Privacy Protection Act.) California residents will have the right to request deletion of personal information, with certain exceptions. Businesses will be required to delete such information upon receipt of a verified request, as specified. California residents will have the right to request that a business that sells the consumer s personal information, or discloses it for a business purpose, disclose the categories of information that it collects and the identity of third parties to which the information was sold or disclosed. Businesses will be required to provide this information in response to a verifiable consumer request. California residents will have the ability to opt out of the sale of personal information by a business. Businesses must make available, in a form reasonably accessible to consumers, a clear and conspicuous link to the homepage, titled Do Not Sell My Personal Information. The business must wait at least 12 months before requesting to sell the personal information of any California resident who has opted out. Businesses will be prohibited from discriminating against the consumer for exercising their right to opt out of the sale of their personal For example, V. How Does the CCPA Differ From the GDPR? The CCPA: Defines personal information more broadly than the term personal data is defined under the GDPR. Requires the use of disclosures, communication channels and other measures that are not required under the GDPR. Establishes broad rights for California residents to direct the deletion of their personal information (a.k.a., the right to be forgotten ), with different exceptions than those available under GDPR. Establishes broader rights to access personal information than the GDPR offers. Requires businesses not to discriminate against a consumer because he or she exercised any rights under the law. Imposes more rigid restrictions on data sharing for commercial purposes than the GDPR does. 3
4 VI. What Steps Should Businesses Consider Taking? The CCPA may be revised before its January 1, 2020 effective date, and the law may still be challenged in court. Nevertheless, because eighteen months come and go quickly when there is much work to do, businesses should consider taking several actions in the near future to prepare for the CCPA. Such steps may include: Determining and mapping where the business maintains the personal information of California residents, households and devices. Establishing a mechanism for California residents to make requests as to their personal information, including a toll-free telephone number. Implementing appropriate technological and organizational systems to comply with the law s new requirements. Updating privacy policies to explain California residents rights under the CCPA. Implementing processes to obtain the appropriate affirmative consent with respect to sharing of children s personal VII. What Are the Potential Penalties For Non- Compliance? Businesses may face penalties of up to $7,500 for each intentional violation of any provision of the CCPA. Additionally, businesses that suffer a data breach may be obligated to pay damages of not less than $100 to $750 per California resident and incident. If you have any questions about this article, please contact Michael J. Riela at riela@thsh.com or your usual contact at Tannenbaum Helpern. About Tannenbaum Helpern s Cybersecurity and Data Privacy Practice Tannenbaum Helpern s Cybersecurity and Data Privacy Practice regularly advises investment advisers and other types of clients in managing and responding to the ever-evolving data privacy and cybersecurity landscape. We provide the following types of services: 1. Prevention: Helping clients develop proactive procedures and policies designed to mitigate their risk of data security breaches, and to help them be prepared to deal with security breaches efficiently when they inevitably do occur; 2. Compliance: Helping clients comply with applicable privacy and security laws and regulations, including the California Consumer Privacy Act of 2018 (CCPA) and the European Union s General Data Protection Regulation (GDPR); 3. Risk Reduction: Negotiating contractual protections with vendors and contractors who have access to clients and their customers information, conducting employee training to recognize and avoid security threats, and directing clients in how to obtain appropriate cybersecurity insurance protection; 4. Response: Responding to data breach incidents when they occur, including implementing breach response and notification plans as required by applicable law, and liaising with law enforcement and other immediate responders such as insurance companies, forensic experts, technical consultants, and public relations professionals; and 5. Dispute Resolution: Defending clients in connection with any disputes and legal claims that arise from cyber breaches. The effective management of cyber risk often requires input from insurance professionals, information technology experts, forensics 4
5 experts, public relations experts and others. Our Cybersecurity and Data Privacy Practice can connect you with qualified professionals in these fields. About Tannenbaum Helpern Syracuse & Hirschtritt LLP Since 1978, Tannenbaum Helpern Syracuse & Hirschtritt LLP has combined a powerful mix of insight, creativity, industry knowledge, senior talent and transaction proficiency to successfully guide clients through periods of challenge and opportunity. Our mission is to deliver the highest quality legal services in a practical and efficient manner, bringing to bear the judgment, common sense and expertise of well trained, business minded lawyers. Through our commitment to service and successful results, Tannenbaum Helpern continues to earn the loyalty of our clients and a reputation for excellence. For more information, visit Follow us on LinkedIn and 5
What U.S.- Based Investment Advisers Should Know
BulletPoint June 2018 What U.S.- Based Investment Advisers Should Know The European Union s ( EU ) General Data Protection Regulation (the GDPR ) became effective on May 25, 2018, and provides individuals
More informationCalifornia s Groundbreaking Privacy Law: The New Front Line in the U.S. Privacy Debate
California s Groundbreaking Privacy Law: The New Front Line in the U.S. Privacy Debate July 13, 2018 On the heels of the European Union s implementation of the General Data Protection Regulation ( GDPR
More informationThe California Consumer Privacy Act: Overview and Comparison to the EU GDPR
The California Consumer Privacy Act: Overview and Comparison to the EU GDPR Introduction During the months preceding the European Union s General Data Protection Regulation (GDPR) go-live, which occurred
More informationCCPA and GDPR Comparison Chart
Resource ID: w-016-7418 LAURA JEHL AND ALAN FRIEL, BAKERHOSTETLER LLP, WITH PRACTICAL LAW DATA PRIVACY ADVISOR Search the Resource ID numbers in blue on Westlaw for more. A Chart comparing some of the
More informationGlobalNote October 2012
GlobalNote October 2012 Selected Exemption Provisions in the US Affecting Non-US Investment Advisers This memorandum addresses regulatory matters in the United States that most affect non-us investment
More informationCalifornia s Consumer Privacy Act Vs. GDPR
Portfolio Media. Inc. 111 West 19 th Street, 5th Floor New York, NY 10011 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com California s Consumer Privacy Act Vs. GDPR
More informationAre You Prepared for the California Consumer Privacy Act?
Are You Prepared for the California Consumer Privacy Act? Jeffrey M. Goldman Pepper Hamilton LLP Sharon R. Klein Pepper Hamilton LLP Alex Nisenbaum Pepper Hamilton LLP September 7, 2018 Jeffrey M. Goldman
More informationCalifornia Consumer Privacy Act: What you need to know now. July 24, 2018
California Consumer Privacy Act: What you need to know now July 24, 2018 Introductions Mark Brennan Partner, Washington, D.C. Mark Brennan leads an integrated technology practice that spans privacy, communications,
More informationOverview of the New California Consumer Privacy Law
Overview of the New California Consumer Privacy Law In late June, California enacted Assembly Bill 375 (AB 375) as the California Consumer Privacy Act of 2018 (CCPA), a privacy law, unprecedented in the
More informationTHE IMPACT OF THE CALIFORNIA CONSUMER PRIVACY ACT
THE IMPACT OF THE CALIFORNIA CONSUMER PRIVACY ACT WHO IS INTRAEDGE? PROVIDING TECH SOLUTIONS FOR DATA PROTECTION IS HEATING UP Source: https://www.dlapiperdataprotection.com/ WHAT IS THE CCPA? California
More informationThe California Consumer Privacy Act of 2018
The California Consumer Privacy Act of 2018 Kevin Gould SVP & Director State Government Relations California Bankers Association Nancy Thomas Partner Morrison & Foerster LLP The California Consumer Privacy
More informationGDPR CCPA LGPD. Protected information
Stricter data protection laws are on the rise. While only a couple of years ago, data protection legislations and requirements were frequently marginalized and the position of the data protection officer
More informationPreparing for California's New Privacy Law Will Make for a Busy 2019 for Legal, IT and Info Governance Departments
Preparing for California's New Privacy Law Will Make for a Busy 2019 for Legal, IT and Info Governance Departments Overview of the CCPA BY Alan Friel BakerHostetler California has enacted, effective Jan.
More informationEven If You Are a U.S. Company, Don t Ignore the GDPR: Complying with the EU s New Data Privacy Law
Even If You Are a U.S. Company, Don t Ignore the GDPR: Complying with the EU s New Data Privacy Law On May 25, 2018, the European Union (EU)'s General Data Protection Regulation (GDPR) comes into force,
More informationHIPAA vs. GDPR vs. NYDFS - the New Compliance Frontier. March 22, 2018
1 HIPAA vs. GDPR vs. NYDFS - the New Compliance Frontier March 22, 2018 2 Today s Panel: Kimberly Holmes - Moderator - Vice President, Health Care, Cyber Liability & Emerging Risks, TDC Specialty Underwriters,
More informationMEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know
1801 California Street Suite 4900 Denver, CO 80202 303-830-1776 Facsimile 303-894-9239 MEMORANDUM To: Adam Finkel, Assistant Director, Government Relations, NCRA From: Mel Gates Date: December 23, 2013
More informationH 7111 S T A T E O F R H O D E I S L A N D
LC00 01 -- H 1 S T A T E O F R H O D E I S L A N D IN GENERAL ASSEMBLY JANUARY SESSION, A.D. 01 A N A C T RELATING TO COMMERCIAL LAW--GENERAL REGULATORY PROVISIONS -- RHODE ISLAND RIGHT-TO-KNOW DATA TRANSPARENCY
More informationNew legislation brings changes to how data is handled
New legislation brings changes to how data is handled April 2018 Lockton Companies New European Union (EU) data protection rules may require changes to how businesses handle personal data even if the businesses
More informationCalifornia Consumer Privacy Act of 2018
New Statute Introduces Privacy Protections for California Consumers and Subjects Businesses to Potential Liability SUMMARY On June 28, 2018, California enacted the California Consumer Privacy Act (the
More informationThe GDPR Possible Impact on the Life Sciences and Healthcare Sectors
February 14, 2017 The GDPR Possible Impact on the Life Sciences and Healthcare Sectors Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016, (the GDPR ) came into force
More informationConsumer Federation of America Best Practices for Identity Theft Services. March 10, 2011
Consumer Federation of America Best Practices for Identity Theft Services March 10, 2011 Consumer Federation of America Best Practices for Identity Theft Services Table of Contents Introduction 3 About
More informationDetermining Whether You Are a Business Associate
The HIPAApotamus in the Room: When Lawyers and Law Firms are Subject to HIPAA Enforcement, And How to Comply with the Law by Leslie R. Isaacman, J.D., M.B.A. The Omnibus Final Rule 1 of the Health Information
More informationMan and Machine - Data Protection Policy
Man and Machine - Data Protection Policy 1. Introduction This Policy sets out the obligations of Man and Machine Ltd, whose registered office is at Unit 8 Thame 40, Jane Morbey Road, Thame, Oxfordshire,
More informationH 7789 S T A T E O F R H O D E I S L A N D
======== LC001 ======== 01 -- H S T A T E O F R H O D E I S L A N D IN GENERAL ASSEMBLY JANUARY SESSION, A.D. 01 A N A C T RELATING TO INSURANCE - INSURANCE DATA SECURITY ACT Introduced By: Representatives
More informationJOSTENS EUROPEAN PRIVACY POLICY
This website uses different types of cookies to enable, improve and monitor the use of our website. For more information see our cookie policy. By clicking accept or continuing to browse on our website,
More informationCreating a Big Data Strategy: Managing Risk and Enabling Innovation
Creating a Big Data Strategy: Managing Risk and Enabling Innovation Meghan Farmer and Brooke McGuffey 2016 Kilpatrick Townsend What is Big Data? Traditional definition: high-volume, high-velocity and/
More informationDATA PROCESSING TERMS DEFINITIONS
DATA PROCESSING TERMS DEFINITIONS Agency: means KTS Events Limited (company registration number 05289039) and any business entity from time to time controlling, controlled by, or under common control or
More informationDesigning Privacy Policies and Identifying Privacy Risks for Financial Institutions. June 2016
Designing Privacy Policies and Identifying Privacy Risks for Financial Institutions June 2016 Program Overview Regulatory Environment Who Needs a Privacy Program and Common Questions Components of a Comprehensive
More informationDATA PROTECTION NOTICE
DATA PROTECTION NOTICE WSB Property Consultants LLP offer a comprehensive range of property services to its investor, developer, occupier and public sector clients, at every stage of the real estate lifecycle:
More informationThe General Data Protection Regulation s Impact on M&A
The General Data Protection Regulation s Impact on M&A PRACTICAL ADVICE ON HOW TO CONTINUE A SMOOTH M&A PROCESS Presented by Avi Gesser, Davis Polk partner, Litigation/Cybersecurity Pritesh P. Shah, Davis
More informationCyber Insurance 2017:
Cyber Insurance 2017: Ensuring Your Coverage is Sound Thursday, March 23, 2017 Attorney Advertising Prior results do not guarantee a similar outcome 777 East Wisconsin Avenue, Milwaukee, WI 53202 414.271.2400
More informationNEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES PROPOSED 23 NYCRR 500 CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES
NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES PROPOSED 23 NYCRR 500 CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES I, Maria T. Vullo, Superintendent of Financial Services, pursuant to the
More informationH 6087 S T A T E O F R H O D E I S L A N D
LC00 0 -- H 0 S T A T E O F R H O D E I S L A N D IN GENERAL ASSEMBLY JANUARY SESSION, A.D. 0 A N A C T RELATING TO COMMERCIAL LAW--GENERAL REGULATORY PROVISIONS -- RIGHT- TO-KNOW ACT Introduced By: Representatives
More informationHIPAA, 42 CFR PART 2, AND MEDICAID COMPLIANCE STANDARDS POLICIES AND PROCEDURES
SALISH BHO HIPAA, 42 CFR PART 2, AND MEDICAID COMPLIANCE STANDARDS POLICIES AND PROCEDURES Policy Name: BREACH NOTIFICATION REQUIREMENTS Policy Number: 5.16 Reference: 45 CFR Parts 164 Effective Date:
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY OVERVIEW KEY DETAILS Policy prepared by: Roger Dunn Approved by Board/committee on: 23/05/2018 Next review date: 20/05/2020 INTRODUCTION In order to operate, Lancaster and District
More informationCyberMatics SM FAQs. General Questions
CyberMatics SM FAQs General Questions What is CyberMatics? Like telematics for auto insurance, CyberMatics is a technology-driven process to help clients understand their current cyber risk as seen by
More informationDATA PROTECTION POLICY. AtonLine Limited
20 Kyriakou Matsi Avenue, 4 th Floor CY-1082 Nicosia Cyprus Tel: +357 22 68 00 15 Fax: +357 22 68 00 16 Web: www.atonint.com DATA PROTECTION POLICY AtonLine Limited 2018 This Data Protection Policy is
More informationSummary Comparison of Current Senate Data Security and Breach Notification Bills
Data Security reasonable Standards measures Specific Data Security Requirements Personal Information Definition None (a) First name or (b) first initial and last name, in combination with one of the following
More informationLGIM Liquidity Funds plc Privacy Policy
LGIM Liquidity Funds plc Privacy Policy Protecting your personal information is extremely important to LGIM Liquidity Funds plc (the Fund ) and its management company, LGIM Managers (Europe) Limited (the
More informationBeyond the General Data Protection Regulation (GDPR)
Beyond the General Data Protection Regulation (GDPR) Data residency insights in private healthcare from around the world Learn More To read the full report, please visit us at www.mcafee.com/beyondgdpr
More informationDATA PROTECTION NOTICE. The protection of your personal data is important to the BNP Paribas Group 1.
DATA PROTECTION NOTICE The protection of your personal data is important to the BNP Paribas Group 1. This Data Protection Notice provides you with detailed information relating to the protection of your
More informationHIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES
HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment
More informationAll Sorts UK Limited Data Protection Policy 17 th May 2018
All Sorts UK Limited Data Protection Policy 17 th May 2018 1. Introduction This Policy sets out the obligations of All Sorts UK Limited, a company registered in England under number 03534972, whose registered
More informationCybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do
ARTICLE Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do By Gene Griggs and Saad Gul This article analyzes cybersecurity issues for retirement plans. Introduction
More informationWEBSITE TERMS OF USE
Last Modified: November 7, 2017 WEBSITE TERMS OF USE Welcome to www.westsidememberlogin.com (this Website ), a website created by Michael L. Johnson, LLC, a California limited liability company ( Company,
More informationRAMS Privacy Policy. When you trust us with your personal information, you expect us to protect it and keep it safe.
When you trust us with your personal information, you expect us to protect it and keep it safe. We are bound by the Privacy Act 1988 (Cth) ( Privacy Act ) and will protect your personal information in
More informationPrivacy and Data Breach Protection Modular application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationGDPR Essentials. To Meet the May 25th Deadline. FIA Webinar March 1, 2018
GDPR Essentials To Meet the May 25th Deadline FIA Webinar March 1, 2018 3/1/2018 1 Administrative Items The webinar will be recorded and posted to the FIA website following the conclusion of the live webinar.
More informationPrivacy vs Data Protection: The Impact of EU Data Protection Legislation
Privacy vs Data Protection: The Impact of EU Data Protection Legislation Thomas Rivera / Hitachi Data Systems Original Author: SNIA Security TWG SNIA Legal Notice The material contained in this tutorial
More informationUNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP
UNDERSTANDING HIPAA & THE HITECH ACT Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP 1 Objectives of Presentation Learn what HIPAA is Learn the purpose of HIPAA Understand who HIPAA regulates
More informationPension Trustees. Final Countdown to the GDPR
Pension Trustees Final Countdown to the GDPR Introduction The General Data Protection Regulation (GDPR) will come into force in all EU Member States in May 2018. It is not a radical departure from the
More informationCyber, Data Risk and Media Insurance Application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationH E A L T H C A R E L A W U P D A T E
L O U I S V I L L E. K Y S E P T E M B E R 2 0 0 9 H E A L T H C A R E L A W U P D A T E L E X I N G T O N. K Y B O W L I N G G R E E N. K Y N E W A L B A N Y. I N N A S H V I L L E. T N M E M P H I S.
More informationSurprisingly, only 40 percent of small and medium-sized enterprises (SMEs) believe their
When It Comes to Data Breaches, Why Are Corporations Largely Uninsured? Under Attack and Unprepared: Argo Group Cyber Insurance Survey 2017 Surprisingly, only 40 percent of small and medium-sized enterprises
More informationGeorgia Power Valdosta Federal credit union Privacy Policy
Georgia Power Valdosta Federal credit union Privacy Policy Review/Revision Date: October 20,2016 Approval Date: February 26, 2001 Approved by: Board of Directors General Policy Statement: The Georgia Power
More informationData Protection Privacy Notice for people not directly involved in the accident
Data Protection Privacy Notice for people not directly involved in the accident Purpose of this Privacy Notice MIB (or we ) respects your privacy and is committed to protecting your personal data. This
More informationEMPLOYEE PRIVACY STATEMENT
EMPLOYEE PRIVACY STATEMENT 1 INTRODUCTION This is SBM Offshore s Privacy Statement for employee data. This Privacy Statement provides information on the processing of personal data of the employees of
More informationDATA PROTECTION NOTICE
DATA PROTECTION NOTICE The protection of your personal data is important to the BNP Paribas Group, which has adopted strong principles in that respect for the entire Group. The BNP Paribas Group is made
More informationGuidance: The new EU General Data Protection Regulation: Implications for Australia
Guidance: The new EU General Data Protection Regulation: Implications for Australia Introduction After years of negotiations, the new EU General Data Protection Regulation (GDPR) was passed in 2016, bringing
More informationLimited Data Set Data Use Agreement For Research
Limited Data Set Data Use Agreement For Research This Data Use Agreement is dated,, and is between the ( Recipient ) and University of Miami, ( Covered Entity ). This Data Use Agreement is made in accordance
More informationCHARITY & NFP LAW BULLETIN NO. 419
CHARITY & NFP LAW BULLETIN NO. 419 APRIL 25, 2018 EDITOR: TERRANCE S. CARTER IMPLICATIONS OF THE EU S GENERAL DATA PROTECTION REGULATION IN CANADA By Esther Shainblum & Sepal Bonni * A. INTRODUCTION The
More informationUnderstanding the Regulatory Regime Governing the Use of Social Media by Hedge Fund Managers and Broker-Dealers
hedge LAW REPORT fund law and regulation Social Media Understanding the Regulatory Regime Governing the Use of Social Media by Managers and Broker-Dealers By Ricardo W. Davidovich and Karina Bjelland Social
More informationHealthcare Industry Key Issues kkk
Healthcare Industry Key Issues Q1 2018 Federal Healthcare Policy Tax Reform and Appropriations Bills Last year proved to be a case study in confusion for the often-maligned Affordable Care Act (ACA). After
More information(c) "Subject" means the commercial enterprise about which a commercial credit report has been compiled.
CALIFORNIA CIVIL CODE SECTION 1785.41 1785.44 1785.41. Consumer credit reporting is subject to the regulations of the Consumer Credit Reporting Agencies Act. Commercial credit reports, which differ significantly,
More informationCYBER INSURANCE. Tel No: E Riley Road, Riley Road Office Park, Bedfordview, Gauteng, 2008
CYBER INSURANCE CONTACT Tel No: 011 455 5105 www.cib.co.za ADDRESS 15E Riley Road, Riley Road Office Park, Bedfordview, Gauteng, 2008 (Pty) Ltd is an Authorised Financial Services Provider (FSP No. 8425).
More informationWestpac Privacy Policy.
Westpac Privacy Policy. Our privacy commitment to you. Effective date 27 September 2017. Contents. Privacy Policy....3 About this policy....3 What is personal information?...3 What kinds of personal information
More informationAn Overview of Cyber Insurance at AIG
An Overview of Cyber Insurance at AIG Michael Lee, MBA Cyber Business Development Manager AIG 2018 Brittney Mishler, ARM Cyber Casualty Underwriting Specialist AIG Cyber Insurance It s a peril, not a product
More informationCUEd In: The Law and Business of Employee Benefits for Credit Union Executives. In this Issue
CUEd In: The Law and Business of Employee Benefits for Credit Union Executives In this Issue 2 4 5 6 How Big Is This?: Health Care Reform May Impact Your Executive Employment and Severance Agreements Will
More informationAS PASSED BY HOUSE AND SENATE H Page 1 of 37 H.764. An act relating to data brokers and consumer protection
2018 Page 1 of 37 H.764 An act relating to data brokers and consumer protection It is hereby enacted by the General Assembly of the State of Vermont: Sec. 1. FINDINGS AND INTENT (a) The General Assembly
More informationPension Trustees Final Countdown To GDPR
Pension Trustees Final Countdown To GDPR " ROBERT HANIVER SENIOR ASSOCIATE/TECHNOLOGY MASON HAYES & CURRAN " STEPHEN GILLICK PARTNER/PENSIONS MASON HAYES & CURRAN The General Data Protection Regulation
More informationThe Risk Manager. Additional Resources. The Latest News on Managing Your Risk. May 2016 INCREASED LIABILITY IN THE FACE OF UNCERTAIN DATA REGULATIONS
The Risk Manager The Latest News on Managing Your Risk May 2016 INCREASED LIABILITY IN THE FACE OF UNCERTAIN DATA REGULATIONS By Beata Aldridge The new Privacy Shield and other proposed changes to European
More informationThe General Data Protection Regulation (GDPR): action plan for pension scheme trustees
The General Data Protection Regulation (GDPR): action plan for pension scheme trustees July 2017 (revised March 2018) Pension briefing HIGHLIGHTS The European General Data Protection Regulation (GDPR)
More informationDOJ Postpones Website Accessibility Proceeding: How Businesses Can Prepare in Anticipation of a Lawsuit and How to Maximize Your Insurance Once Served
DOJ Postpones Website Accessibility Proceeding: How Businesses Can Prepare in Anticipation of a Lawsuit and How to Maximize Your Insurance Once Served by Kimberly S. Reindl and Selena J. Linde The Department
More informationLake County Library District Circulation Policy 1. Circulation Policy
Lake County Library District Circulation Policy 1 Circulation Policy Introduction Lake County Libraries enrich every person by providing comfortable community spaces to satisfy curiosity, stimulate imagination,
More informationGeneral Data Protection Regulations Briefing (the presentation you ve all been waiting for)
Item 6 General Data Protection Regulations Briefing (the presentation you ve all been waiting for) Current law Data Protection Act 1998 Defines how an individual s personal data may be held lawfully by
More informationRe: Proposed Cybersecurity Requirements for Financial Services Companies DFS P
CATHERINE M. TULLY Director, Government Affairs Submit via electronic mail: CyberRegComments@dfs.ny.gov November 15, 2016 Ms. Cassandra Lentchner Deputy Superintendent for Compliance NYS Department of
More informationWhy your board should take a fresh look at risk oversight: a practical guide for getting started
January 2017 Why your board should take a fresh look at risk oversight: a practical guide for getting started Boards play a critical role in overseeing company risk. Ongoing and evolving challenges call
More informationHIPAA / HITECH. Ed Massey Affiliated Marketing Group
HIPAA / HITECH Agent Understanding And Compliance Presented By: Ed Massey Affiliated Marketing Group It s The Law On February 17, 2010 the Health Information Technology for Economic and Clinical Health
More informationAnatomy of a Data Breach
Anatomy of a Data Breach May 17, 2017 Lucie F. Huger Officer, Greensfelder, Hemker & Gale, P.C. Mary Ann Wymore Officer, Greensfelder, Hemker & Gale, P.C. Information is the New Oil! Companies are collecting
More informationGUIDELINES ON AGENT BANKING FOR BANKS AND FINANCIAL INSTITUTIONS,
GUIDELINES ON AGENT BANKING FOR BANKS AND FINANCIAL INSTITUTIONS, 2017 BANK OF TANZANIA ARRANGEMENT OF GUIDELINES 1. Part I: Preliminary 2. Part II: Objectives 3. Part III: Approval Process and Permissible
More informationThis Policy also explains how we collect information through the use of cookies and related technologies which are relevant if you visit our Site.
PRIVACY POLICY We are committed to protecting your privacy. This privacy policy ("Policy") explains what personal information Sompo International Insurance (Europe), SA ("SIIE", "we", us") collects from
More informationBest Practice: Responding to a Privacy Breach
Best Practice: Responding to a Privacy Breach Introduction The Access to Information and Protection of Privacy Act (ATIPP Act or Act) has a dual purpose: to make public bodies more accountable to the public
More informationPurpose Explanation Legal basis Data processing duration
INFORMATION ON PERSONAL DATA PROCESSING IN BANK MILLENNIUM S.A. This document (hereinafter referred to as: the Rules ) describes the rules governing processing of your personal data in Bank Millennium
More informationManagement of Personal Information Policy (Privacy Policy)
Management of Personal Information Policy (Privacy Policy) Henkel Australia and New Zealand Prepared by: Reviewed by: Human Resources Henkel Australia ANZ EXCOM Henkel Australia & New Zealand Approved
More informationPRIVACY POLICY: INSURANCE OPERATIONS
PRIVACY POLICY: INSURANCE OPERATIONS CAA South Central Ontario ( CAA, we, us, or our ) and its affiliated companies, including CAA Insurance Company ( CAA Insurance ), respect the privacy of your personal
More informationImpact of the European General Data Protection Regulation on U.S. M&A
CLIENT MEMORANDUM Impact of the European General Data Protection Regulation on U.S. M&A March 26, 2018 The winds of change will shortly sweep across the data privacy landscape in the European Union ( E.U.
More informationInsuring your online world, even when you re offline. Masterpiece Cyber Protection
Insuring your online world, even when you re offline Masterpiece Cyber Protection Protect your online information from being an open network 97% of Chubb clients who had a claim paid were highly satisfied
More informationDATA PROTECTION ADDENDUM
DATA PROTECTION ADDENDUM In the event an agreement ( Underlying Agreement ) entered into by and between (i) either Sunovion Pharmaceuticals Inc. or its subsidiary, Sunovion Pharmaceuticals Europe Ltd.
More informationDATA PROTECTION AND PERSONAL INFORMATION FAIR PROCESSING POLICY
Directorate of Clinical and Quality Assurance & Trust Secretary DATA PROTECTION AND PERSONAL INFORMATION FAIR PROCESSING POLICY Reference: CQP013 Version: 1.1 This version issued: 07/03/13 Result of last
More informationDFARS Cyber Compliance And Potential For FCA Risk
DFARS Cyber Compliance And Potential For FCA Risk December 18, 2017 By Colleen Brown, Robert Conlan and Christopher Fonzone For well over a year, defense contractors have had New Year s Eve 2017 circled
More informationMichael R. Cohen CIPP/US, CIPP/E Gray Plant Mooty. Overview of the EU General Data Protection Regulation (GDPR)
Michael R. Cohen CIPP/US, CIPP/E Gray Plant Mooty Overview of the EU General Data Protection Regulation (GDPR) WHAT YOU NEED TO KNOW ABOUT THE EU GENERAL DATA PROTECTION REGULATION (GDPR) What is the GDPR?
More informationCENTURYLINK ELECTRONIC AND ONLINE PAYMENT TERMS AND CONDITIONS
CENTURYLINK ELECTRONIC AND ONLINE PAYMENT TERMS AND CONDITIONS Effective June 1, 2014 The following terms and conditions apply to electronic and online delivery and presentation of your invoices by CenturyLink
More informationGeneral Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) January 2018 Lockton Companies After several years of extensive negotiation, the European Union (EU) adopted the General Data Protection Regulation (GDPR) 1 on
More informationHEALTHCARE BREACH TRIAGE
IAPP Privacy Academy September 30 October 2, 2013 HEALTHCARE BREACH TRIAGE Theodore P. Augustinos EDWARDS WILDMAN PALMER LLP Kenneth P. Mortensen CVS/CAREMARK 2013 Edwards Wildman Palmer LLP & Edwards
More informationLOCAL GOVERNMENT PENSION SCHEME (LGPS) GENERAL DATA PROTECTION REGULATION - THE IMPLICATIONS FOR THE LGPS
LOCAL GOVERNMENT PENSION SCHEME (LGPS) GENERAL DATA PROTECTION REGULATION - THE IMPLICATIONS FOR THE LGPS INTRODUCTION Thank you for providing us with a list of questions and background information in
More informationPRIVACY POLICY 1 INTRODUCTION
PRIVACY POLICY 1 INTRODUCTION 1.1 This Privacy Policy forms part of the Client Agreement which governs the relationship between us in respect of your use of the trading platform made available by us for
More informationAdjustable Block Program Guidelines for Distributed Generation Marketing Materials and Marketing Behavior
Adjustable Block Program Guidelines for Distributed Generation Marketing Materials and Marketing Behavior This document provides marketing guidelines for Approved Vendors in the Illinois Power Agency s
More informationCyber Security Liability:
www.mcgrathinsurance.com Cyber Security Liability: How to protect your business from a cyber security threat or breach. 01001101011000110100011101110010011000010111010001101000001000000100100101101110011100110111
More informationSouth Carolina General Assembly 122nd Session,
South Carolina General Assembly 122nd Session, 2017-2018 R184, H4655 STATUS INFORMATION General Bill Sponsors: Reps. Sandifer and Spires Document Path: l:\council\bills\nbd\11202cz18.docx Companion/Similar
More informationCalifornia Transparency in Supply Chains Act First 90 Days
April 13, 2012 California Transparency in Supply Chains Act First 90 By Remsen Kinne, Edward Sangster and Daniel Fox Introduction Many retail sellers and manufacturers doing business in California are
More information