In Part II of this series, California-based Ali Baiardo, and London-based Alice O’Donovan, continue their comparison of the GDPR and California privacy law. To view Part I in the series, click here.

NEW DATA PROTECTION PRINCIPLES AND OBLIGATIONS ON BUSINESSES
a. Key data protection principles
The GDPR revolves around seven key data protection principles:

  • Lawfulness, fairness and transparency;
  • Purpose limitation;
  • Data minimisation;
  • Accuracy;
  • Storage limitation;
  • Integrity and confidentiality (security); and
  • Accountability

    • Heritage Group has announced the closing of its oversubscribed third fund with more than $300 million.

    Heritage Group, based in Nashville, Tenn., makes control and minority equity investments exclusively in the healthcare industry. Founded in 1986, the firm has flexibility on investment size, including interest in pre-EBITDA businesses, as it pursues provider services companies

    As discussed in a previous McGuireWoods alert, the U.S. Department of Health and Human Services (HHS) published final rules expected to be effective Jan. 19, 2021, that significantly amend the Physician Self-Referral Law (Stark Law) and the federal Anti-Kickback Statute (AKS). This client alert, the latest in McGuireWoods’ summary series on these final rules,

    On January 1, 2021, the United States Senate joined the House of Representatives in overriding President Trump’s veto, and the National Defense Authorization Act (NDAA) became law. The NDAA was passed chiefly to authorize appropriations for military activities of the Department of Defense. The NDAA also includes a provision codifying the U.S. Securities and Exchange Commission’s (SEC) authority to seek in federal court actions disgorgement up to five years after the occurrence of securities laws violations, and expands that authority to ten years where those violations involve scienter-based (intentional) fraud. The new law resolves the much debated issues regarding the SEC’s disgorgement authority and the extended period during which the SEC now may seek disgorgement will have an immediate, significant impact on individuals and entities involved in SEC investigations and litigation.

    As discussed in a previous McGuireWoods alert, the U.S. Department of Health and Human Services (HHS) published final rules expected to be effective Jan. 19, 2021, that significantly amend the Physician Self-Referral Law (Stark Law), the federal Anti-Kickback Statute (AKS) and the Civil Monetary Penalties (CMP) Law. This client alert, the first in McGuireWoods’

    A major consumer privacy law is likely this legislative session in Florida that stands to jeopardize not only technology companies, but financial services, healthcare entities, and thousands of small and medium-sized businesses that rely on digital marketing and advertising to conduct business.
    Florida legislators are generally pro-business, but this year could be an exception. Talks

    Last week, we reported that on December 30, 2020, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) issued compliance assistance sandbox (“CAS”) approval to Payactiv, Inc. (“Payactiv”) regarding specific aspects of its earned wage access (“EWA”) product.

    Payactiv’s Chief Legal Officer, David Reidy, expressed Payactiv’s reaction to the Approval Order this way – “We are grateful for the hard work and commitment the Bureau showed through this whole process. Everyone involved believes in EWA as an important and innovative benefit for workers. I couldn’t be more proud that Payactiv is the first and only EWA provider to be granted this approval.”

    The recently-passed California Privacy Rights Act (CPRA) augments and supplements California’s existing privacy law, the California Consumer Privacy Act (CCPA).  We are sure many practitioners are wondering how it stacks up with the European Union’s General Data Protection Regulation (GDPR). See below for Part I of our two part series comparing the CPRA and the GDPR (and see Part II here).

    HOW DOES THE CPRA CHANGE THE CCPA?

    The CPRA makes several significant changes to the CCPA:

    • It introduces the concept of “sensitive personal data”;
    • It introduces new obligations on businesses, and GDPR-style “principles”;
    • It introduces new rights for consumers; and
    • It creates a new supervisory authority for data protection and privacy in California — the California Privacy Protection Agency.

    These changes are very significant – but do they represent a move closer to GDPR, or a move away?