Presentation is loading. Please wait.

Presentation is loading. Please wait.

NCHER 2018 Fall Legal Meeting October 5, 2018

Similar presentations


Presentation on theme: "NCHER 2018 Fall Legal Meeting October 5, 2018"— Presentation transcript:

1 For Your Eyes Only: A Review of Developments in Cybersecurity and Data Privacy Law
NCHER 2018 Fall Legal Meeting October 5, 2018 Hinshaw & Culbertson | Chicago, Illinois

2 Presentation Outline New York DFS Cybersecurity Rules
EU General Data Protection Regulation California Consumer Privacy Act of 2018 Data Breach Notification Laws Enforcement Matters Reg. P Amendments

3 NY DFS Cybersecurity Rules
Cybersecurity Rule, 23 NYCRR Part 500, applicable to “covered entities” Effective March 1, 2017, with various compliance deadlines September 3, 2018 – Sections (audit trails), (application security), (limitation on data retention), (a) (regular monitoring) and (encryption of nonpublic information) March 1, 2019 – Section (third-party service provider security policy)

4 EU GDPR – Scope GDPR, effective May 25, 2018, applies to:
“the processing of personal data of data subjects who are in the [EU] by a controller or processor not established in the [EU], where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the [EU]; or (b) the monitoring of their behaviour as far as their behaviour takes place within the [EU].” GDPR Art. 3.2.

5 EU GDPR – Requirements Consent Requirements
Required Disclosures When Collecting Personal Data Right of Access Right to Rectification Right to Be Forgotten Right to Restriction of Processing Right to Data Portability Data Security Requirements Data Breach Procedures

6 CA Consumer Privacy Act
Cal. Civ. Code §§ et seq. Enacted on June 28, 2018, effective January 1, 2020 S.B. 1121 CA AG regulations on or before January 1, 2020 CA AG cannot bring an enforcement action until the earlier of July 1, 2020 or 6 months after publication of the final regulations

7 CA Consumer Privacy Act
Scope Applies to “businesses” that collect “personal information” regarding California residents Annual gross revenue in excess of $25m Exemptions Comply with federal, state, or local laws, or subject to GLBA

8 CA Consumer Privacy Act
Requirements and Rights Right to know what personal information is being collected, whether personal information is sold or disclosed, and to whom Right to “opt-out” of sale of certain personal information Right “to be forgotten” Right to equal service and price

9 Data Breach Notification Laws
State Law Developments Alabama Data Breach Notification Act of 2018, Ala. Code § 8-19F-1 Arizona, H.B. 2154 Colorado, H.B Connecticut, S.B. 472 Oregon, S.B. 1551 South Dakota, S.D. Codified Laws, Chapter (S.B. 62)

10 Data Breach Notification Laws
Federal Developments Economic Growth, Regulatory Relief, and Consumer Protection Act (2018), Sec. 301 Treasury Dep’t Report, “A Financial System That Creates Economic Opportunities Nonbank Financials, Fintech, and Innovation” (July 2018) Consumer Information Notification Requirement Act (Rep. Luetkemeyer, H.R. 6743)

11 Enforcement Matters Federal Enforcement State Enforcement Actions
LabMD, Inc. v. FTC (11th Cir. June. 6, 2018) State Enforcement Actions State of Pennsylvania v. Uber State of Washington v. Motel 6

12 Reg. P Amendments – Privacy Notices
FAST Act of 2015 GLBA § 503(f) Financial institutions that meet certain conditions are not required to provide annual privacy notices to customers CFPB implementing regulations (Aug. 17, 2018) 83 Fed. Reg Effective Sept. 17, 2018

13 Questions?

14 Contact Information Peter Cockrell Associate, Washington, DC McGlinchey Stafford (202)


Download ppt "NCHER 2018 Fall Legal Meeting October 5, 2018"

Similar presentations


Ads by Google