Data Management Strategy

A forthcoming Harvard Law Review article reviewed 857 cases that cited Carpenter v. United States, the landmark Supreme Court Fourth Amendment case, from its publication in June 2018 to March 2021. The purpose of this study was to evaluate the landscape of post-Carpenter Fourth Amendment law.

The full text of the article can be found here.


Continue Reading Aftermath of Carpenter: An Empirical Study of Fourth Amendment Law, 2018-2021

On September 21, 2021, the U.S. Senate Subcommittee on Competition Policy, Antitrust, and Consumer Rights held a hearing on Big Data, Big Questions: Implications for Competition and Consumers. This hearing was part of a series of hearings on a bipartisan review of competition issues in America. Senator Klobuchar led the hearing, with Senators Lee, Blumenthal, Hawley, Ossoff, Blackburn, and Cruz contributing questions to the witnesses. The witnesses included representatives from technology companies, an author, and a director of a nonprofit.
Continue Reading Takeaways from U.S. Senate Hearing on Big Data, Big Questions: Implications for Competition and Consumers

On April 26, 2021, the Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation, jointly released the draft Interim Regulations on the Administration of Personal Information Protection for Mobile Internet Applications. The Draft Interim Regulations apply specifically to data collection via mobile applications and are intended to function alongside China’s currently proposed omnibus data protection legislation, the Personal Information Protection Law. The Draft Interim Regulations were open for public comment until May 26, 2021, and the US-China Business Council submitted comments from its members, including Perkins Coie.
Continue Reading China Proposes Draft Regulations for the Protection of Personal Information Collected Via Mobile Applications

On April 7, ​​Perkins Coie’s CXO Summit gathered more than 50 C-suite and board leaders for an executive leadership virtual forum addressing how technology is shaping healthcare’s future amid the COVID-19 pandemic.

Hosted by Perkins Coie partners Dominique Shelton Leipzig, David Biderman, and Jill Louis, the CXO Summit participants discussed how technology is being used to further combat COVID-19, monitor patient diagnostics, augment clinical workflows, detect fraud and data breaches, and inform effective treatments, among other key tasks and medical interventions.
Continue Reading Perkins Coie Convenes CXO Summit Addressing Future of Healthcare Technology

On March 11, 2020, the California Attorney General published its second modification to the California Consumer Privacy Act (CCPA) proposed regulations (“Second Modified Proposed Regs”). The redline includes the Second Modification language in blue and green as well as the first modification edits that were issued on February 10, 2020 (“First Modified Proposed Regs”). Collectively, the First Modified Proposed Regs and the Second Modified Proposed Regs are referred to below as the “Modified Proposed Regs.” The redlined comparison between the originally proposed regulations and the Modified Proposed Regs can be found here. All citations below are to the Modified Proposed Regs posted on March 11, 2020.  In addition to changes to the regulations, the Attorney General added supporting documents and information, which can be found here.

Continue Reading Updated: Modifications to Proposed CCPA Regulations: 10 Take-Aways

The CCPA grants consumers the right to request deletion of any personal information which a business has collected from the consumer. Cal. Civ. Code § 1798.105. It also requires a business to fulfill deletion requests, and to direct service providers to do the same, within 45 days of receiving a “verified” or “verifiable” request from the consumer. Cal. Civ. Code § 1798.140(y).

Continue Reading CCPA 12-Month Compliance Series Part 6: Retaining and Deleting Data

Is your business ready for the California Consumer Privacy Act?

The California Consumer Privacy Act (“CCPA”) is a sweeping new law that introduces a host of privacy rights for California consumers, as well as creates a series of robust obligations for certain businesses that collect personal information about those consumers.

Join us for CCPA Week: A series of webinars hosted by Perkins Coie’s Privacy & Data Security practice focused on getting your business ready to comply with this enigmatic statutory scheme. Attendees will receive an overview of the current state of legislative amendments, insight into the high burden of persuasion industries may face, and guidance on leveraging existing compliance and governance programs to build a global privacy program that incorporates responsible data usage and proactive privacy practices.
Continue Reading Perkins Coie’s CCPA Week

It is no secret that artificial intelligence (“AI”) is set to become the next wave in technological innovation. AI is expected to create as many as 133 million new jobs by 2022 and boost the global economy by $13 trillion by 2030. However, successful machine learning depends on large and broad data sets, including personal information, and the extraordinary pace of development is forcing nations to reevaluate their laws in order to compete within the industry.
Continue Reading Promoting and Regulating Artificial Intelligence

When creating a privacy program, it is important to look ahead and think strategically about who your audience might be. For businesses that might find themselves under the scrutiny of regulators and judges because of a lawsuit, unwanted publicity, or data breach, it is critical to be able to demonstrate substantial compliance for the program they’ve implemented. This can be accomplished by developing privacy programs that follow guidance promulgated by their audience—regulators and courts. This guidance includes the CNIL’s (the French Data Protection Authority’s) Six Steps for GDPR Compliance, along with Federal Trade Commission orders such as the Vizio 2017 order, which provide a roadmap for a comprehensive privacy program that can be distilled down to six main phases
Continue Reading Six Phases of Compliance for a Comprehensive Privacy Program

After conducting a data inventory (see Part 2 of our CCPA series), a business should assess its risks by benchmarking its policies and practices with applicable privacy laws and regulations. Conducting a gap analysis is a critical tool in identifying compliance gaps and developing a plan to bridge those gaps. See e.g.Stipulated Order for Permanent Injunction and Monetary Judgment, Federal Trade Commission & Others v. Vizio, Inc., No. 2:17-cv-00758 (D.N.J. Feb. 6, 2017), Document 1-3 at 5 (privacy program includes addressing privacy risks related to the development and management of new and existing products and services) and CNIL (the French Data Protection Authority) Guidance on Six Steps for GDPR Compliance (step three to identify actions to comply with current/future obligations and to prioritize such actions based on risks).
Continue Reading CCPA 12-Month Compliance Series Part 3: Conduct a Gap Analysis