Data privacy enforcement on the rise in the US – California's CCPA setting the benchmark
On January 1, 2020, California will become the first state in the United States to implement a comprehensive consumer data privacy law called the California Consumer Privacy Act of 2018 (CCPA). The CCPA grants a broad new array of data rights to California residents and imposes significant new attendant obligations on covered businesses.
With just under four months until the law takes effect, covered organizations are working hard to understand the complexities of the new law and build CCPA-ready compliance programs. Some are updating existing corporate compliance programs, including programs built in response to last year's European Union General Data Protection Regulation (GDPR), while others are building programs from scratch. But no matter the organization's posture, all entities are asking the same question: What does CCPA compliance look like?
Our lawyers in the US have prepared the following report with recommendations – read more here
Tip of the month: Human resource compliance
Within past Tips we have discussed general compliance issues. This month, we focus on human resource/employment issues that may arise in connection with compliance investigations.
Compliance investigations may uncover situations suggesting employee discipline or termination. HR specialists are required to be aware of a wide variety of evolving laws and regulations before disciplining an employee, including: (a) anti-discrimination laws; (b) anti-retaliation/whistleblower/qui tam/false claims laws; (c) privacy laws, and (d) collective bargaining laws and agreements. In some jurisdictions specific laws have been enacted to protect workers (e.g. European Works Councils).
TIPS: (1) understand how your human resource department interacts with your in-house or outside legal department. You might be surprised to learn that some human resource departments are very independent and do not always consult with legal before taking disciplinary action; (2) include someone from human resources on your compliance investigative team; and (3) make certain human resources has access to the latest information on laws and regulations affecting discipline.
Joint meetings between human resources and legal on an annual or semi-annual basis are highly recommended. When negotiating a resolution to compliance charges, the question of how you learned about the problem and what you did to correct the problem will likely involve human resource issues.
Dick (Richard) C. Mosher, Dentons
EU establishes new sanctions regime to respond to EU cyber-attacks
On 17 May 2019, the Council of the European Union established a framework which allows the EU to impose targeted restrictive measures to deter and respond to cyber-attacks which constitute an external threat to the EU or its member states. Cyber-attacks falling within the scope of this new sanctions regime are those which have significant impact and which:
- originate or are carried out from outside the EU or;
- use infrastructure outside the EU or;
- are carried out by persons or entities established or operating outside the EU or;
- are carried out with the support of person or entities operating outside the EU.
Restrictive measures within the new sanctions regimes include a ban on persons travelling to the EU and an asset freeze on persons and entities. Besides, EU persons and entities are forbidden from making funds available to those listed.
Anti Money Laundering
European Commission assesses risks and implementation shortcomings in fight against money laundering and terrorist financing
The European Commission carried out a risk assessment in order to identify and respond to risks affecting the EU internal market. It promotes the adoption of global solutions to respond to these threats. The European Union adopted robust legislation to fight against money laundering and terrorist financing which contributes to those international efforts. The Commission ensures effective application of this legislation by reviewing transposition of the EU acquis and working with networks of competent authorities. Therefore, on July 24, 2019, the European Commission adopted a Communication to the European Parliament and the Council towards better implementation of the EU's anti money laundering and countering the financing of terrorism framework.
The latest Report (second link below) on the assessment of the recent (alleged) money laundering cases involving EU credit institutions is particularly interesting for compliance practitioners because of the deficits identified in the compliance measures of many credit institutions.
Spotting trends: environmental change in litigation cases
Climate and environmental change have been the subject of litigation around the world. In recent years there have been attempts to take action against enterprises and governments for environmental damages they caused or did not prevent. Litigation against company actions or negligence attributes climate change impacts to specific companies, whereas shareholder litigation is essentially about the assessment of climate change related financial risk. As plaintiffs, shareholders typically argue that the company's failure to disclose crucial information has harmed their interests as shareholders. The range of remedies claimed in climate change litigation spans from restitution and monetary compensation, to the enforcement of obligations on climate disclosure and declaratory relief for breaches of rights of information, to more determined attempts to change the business strategy of companies with regard to their environmental and climate impacts. The EU has recently started a project to promote, monitor and enforce environmental compliance.
Dentons is the world's first polycentric global law firm. A top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm is committed to challenging the status quo in delivering consistent and uncompromising quality and value in new and inventive ways. Driven to provide clients a competitive edge, and connected to the communities where its clients want to do business, Dentons knows that understanding local cultures is crucial to successfully completing a deal, resolving a dispute or solving a business challenge. Now the world's largest law firm, Dentons' global team builds agile, tailored solutions to meet the local, national and global needs of private and public clients of any size in more than 125 locations serving 50-plus countries. www.dentons.com.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.