Brazilian Congress passes a data protection bill that seeks to improve privacy and cybersecurity.

By Amadeu Ribeiro and Thiago Luís Sombra (Mattos Filho, Veiga Filho Marrey Jr e Quiroga Advogados) and Jennifer Archie and Terese Saplys

The Brazilian Congress has been working on a bill relating to the protection of personal data for over eight years. The Senate approved the bill, known as the General Data Protection Act (GDPA), on 10 July 2018, and the bill was sent to the President for execution.  A window of 15 business days (i.e., up to and including 13 August 2018) within which the President may veto the bill now follows. If the President does not actively reject the bill, it automatically becomes law. Thereafter, businesses will have an 18-month grace period (i.e., up to and including 13 February 2020) to adjust to the change in law before it becomes effective on 14 February 2020.

What Is the GDPA?

The GDPA was motivated in part by Brazil’s desire to be admitted to the OECD and to prevent disruption in its commerce with the European Union and other important trading partners. As such, the GDPA seeks to match the level of protection afforded to data subjects by the laws of these trading partners.

Businesses active in California should promptly assess whether the law applies to their practices and start planning towards compliance with the new law.

By Jennifer Archie, Michael Rubin, and Scott Jones

Key Points:

  • A sweeping new privacy law — the California Consumer Privacy Act of 2018 — was signed into law on June 28, 2018.
  • The Act imposes substantial new obligations on businesses that collect, process, and disclose the data of California residents.
  • The Act was drafted, voted on, and enacted in a matter of days, but it will not go into effect for another 18 months: on January 1, 2020. Given this rushed process, changes to the law before its effective data can be expected.

Facing pressure from a significantly stronger ballot measure in the state, on Thursday, June 28, 2018, the Governor for the State of California signed into law the California Consumer PrivacyAct of 2018 (the CCPA). Effective January 2020, this law ushers in widespread changes to California’s law on the information practices for covered businesses collecting, processing, and disclosing information gathered from or about California consumers or their devices.

Latham partners Serrin Turner, Jennifer Archie and Jeffrey Tochner sat down with Eric Friedberg, Executive Chairman at Stroz Friedberg, and Matt Olsen, President – Consulting at IronNet Cybersecurity, to discuss current cyberthreat levels and the growing need for companies to devote resources for future risk mitigation.

https://youtu.be/rGuH-mvg9h4

 

By Gail Crawford and Lore Leitner

Today, after more than four years of debate, the General Data Protection Regulation (GDPR, or the Regulation) enters into force. The GDPR will introduce a rigorous, far-reaching privacy framework for businesses that operate, target customers or monitor individuals in the EU. The Regulation sets out a suite of new obligations and substantial fines for noncompliance. Businesses need to act now to ensure that they are ready for when the Regulation becomes enforceable after the