Our team provides in-depth coverage of major cybersecurity and data privacy changes, focused on the law, business, and technology. To see an index of all of our prior blog posts, please click on our Blog Index.

Leave the Excepetion, Take the Lesson from British Airways

If you are a regular follower of XPAN’s blog for cybersecurity news and updates or have tuned in to hear us at one of our speaking engagements, you know that we have been closely monitoring the European Union’s (“EU”) thorough investigation and corresponding enforcement action against British Airways for violations under the General Data Protection […]

Illinois Biometric Privacy Act Update: An Overview of the Defenses

By Michael Simon Biometrics has become big business, according to one report, with the global market expected to reach a staggering $59.1 billion by 2025. As biometrics has grown as an industry, so have the legal concerns over the proper use of this particularly personal information. After all, you can change a stolen password, but […]

The US Response to Schrems II: The Next Phase of EU-US Data Transfers

On July 16, 2020, the Court of Justice of the European Union (“ECJ”) held that the EU-US Privacy Shield, a mechanism to transfer data from the EU to the US, was invalid. (You can see our summary of the ECJ’s Schrems II decision here). This decision rocked much of the international privacy world, causing organizations […]

California Extends Employee and B2B Communication Exemptions under the CCPA until January 2021

California and data privacy continue to make headlines. Last week, California Governor Gavin Newsom extended two key exemptions under the California Consumer Privacy Act of 2018 (“CCPA”) until January 1, 2022: Employee personal information; and Business to business communications. See AB1281. Now, before you pop champagne, it is important to understand how these exemptions apply […]

Are You A Controller or a Processor? Understanding the recent draft EDPB Guidance

On September 2, 2020, the European Data Protection Board (EDPB”) released draft Guidelines 07/2020 on the concepts of controller and processor in the GDPR (“Guidelines”). The Guidelines provide a comprehensive understanding of the key roles under the European Union’s General Data Protection Regulation (GDPR”), and their corresponding responsibilities: (1) controller; (2) joint controller; (3) processor; […]

The Evolving Threats of Cybersecurity

The last six months has seen the world drastically change, facing a once-in-a-life time pandemic. Our lives rapidly transitioned to almost a completely digital world and, for many, have stayed there ever since. With this dramatic and instantaneous shift to an online society, cybersecurity threats have increased in frequency and evolved in sophistication. And, while […]

Transferring data from Switzerland for eDiscovery purposes in a post-Schrems II world

Michael Simon Introduction: another one bites the dust On September 8, 2020, Adrian Lobsiger, the Swiss Federal Data Protection and Information Commissioner (FDPIC), announced in a position paper that he no longer considers the Swiss US Privacy Shield agreement to be adequate for the purposes of lawfully transferring personal data from Switzerland to the US. […]

Transferring data from the EU for eDiscovery purposes in a post Privacy Shield World

Michael Simon A few weeks ago, I had the privilege of participating in a Masters’ Conference webinar on the topic of how to lawfully transfer EU data to the US after the Court of Justice of the European Union (“CJEU”) invalidated the Privacy Shield agreement on July 16, 2020. Despite many uncertainties that remain from […]

Cannabis, Cybersecurity and Data Privacy – What should you do right now under the approved CCPA regulations

Where the Legalized Cannabis Industry Stands Today with the CCPA Just this past week, the Office of Administrative Law (“OAL”) for California approved the California Consumer Privacy Act of 2018 (“CPPA”) regulations, submitted by the state’s Attorney General (“AG”) in June. Those regulations went into effect immediately (more information on the scope & requirements of […]

Lessons from the Twitter Hack

Employees continue to be one of the biggest problems facing organizations when it comes to cybersecurity and data privacy. No matter how expensive or comprehensive a company’s technological infrastructure, the human component is still the biggest threat. Employees inadvertently click links, unknowingly download files, plug in potentially infected USB drives, and thoughtlessly put personal information […]