Lexology September 29, 2021
Organizations (big and small) that rely on and process the personal data of individuals can no longer afford to overlook the ever-expanding collection of data privacy and security laws. Historically, U.S. companies have collected, used, and disclosed vast amounts of personal data with few restrictions and little oversight, with the exception of companies subject to sector-specific rules such as HIPAA. However, the days of unhindered collection and processing of personal information are rapidly fading. The EU’s General Data Protection Regulation (GDPR), a stringent law that protects individuals in the EEA whose data is collected and processed by organizations, introduced a shift in data privacy and a new world order when it came into effect in May 2018. Shortly thereafter, California...