Laura E. Jehl

Subscribe to all posts by Laura E. Jehl

FTC Announces Enforcement Action, Warning Letters for Companies Falsely Claiming Privacy Shield Participation

Photo of BakerHostetlerBy Laura E. Jehl and BakerHostetler on Posted in EU-U.S. Privacy Shield Framework
The Federal Trade Commission (FTC) recently announced a compliance sweep of companies claiming to be in compliance with the U.S.-EU Privacy Shield and U.S.-Swiss Privacy Shield Frameworks. The U.S.-EU Privacy Shield and the U.S.-Swiss Privacy Shield programs enable companies to self-certify that they have adopted a number of data protection practices to bring their businesses … Continue Reading

Deeper Dive: GDPR a Game-Changer for Data Breach Notification

Photo of Andreas KaltsounisBy Laura E. Jehl and Andreas Kaltsounis on Posted in Data Breach Notification Laws, Data Security Incident Response, GDPR
When the EU General Data Protection Regulation (GDPR) took effect on May 25, 2018, it dramatically changed the way multinationals manage the reporting of personal data breaches. It also substantially raised the stakes: Entities found to have violated the GDPR’s data security and breach reporting obligations could face much steeper regulatory fines than those available … Continue Reading

The California Consumer Privacy Act: Frequently Asked Questions

Photo of Melinda L. McLellanBy Alan L. Friel, Laura E. Jehl and Melinda L. McLellan on Posted in CCPA
The California Consumer Privacy Act (CCPA) is a comprehensive new consumer protection law set to take effect on January 1, 2020. In the wake of the CCPA’s passage, approximately 15 other states introduced their own CCPA-like privacy legislation, and similar proposals are being considered at the federal level. Among the many differences between the CCPA … Continue Reading

EU Regulators Increase Focus on Cookie Practices

Photo of Jean ShinPhoto of Monique MatarBy Laura E. Jehl, Kyle R. Fath, Jean Shin and Monique Matar on Posted in Enforcement, GDPR
In the absence of cookies-related guidance and enforcement by regulators against ordinary website publishers and operators, many e-commerce sites, online publishers and other website operators have taken a “wait and see” approach with respect to implementing GDPR-compliant cookies consent procedures. Recent cookies-related regulatory guidance, however, from the Dutch data protection authority, Autoriteit Persoonsgegevens (“Dutch DPA”), … Continue Reading

“No Deal” Brexit May Bring Practical Problems for Privacy and Data Protection

By Laura E. Jehl, Kyle R. Fath and Jaime B. Petenko on Posted in EU-U.S. Privacy Shield Framework, International Privacy Law
With a “No Deal” Brexit seeming more likely than ever after the UK Parliament voted down a proposed deal in January 2019, concerns are rapidly multiplying about the effects of such a withdrawal from the EU for organizations doing business in the UK, and how those organizations will address numerous practical issues, privacy and data … Continue Reading

Racing to Meet the 72-hour Deadline to Report a Personal Data Breach in the EU? A GDPR Resource Is Available

By Laura E. Jehl and Jaime B. Petenko on Posted in GDPR, International Privacy Law
Companies face substantial challenges in complying with breach notification requirements under Article 33 of the General Data Protection Regulation (GDPR). Article 33 requires a data controller to report a personal data breach to European Union (EU) supervisory authorities within 72 hours of becoming aware of the breach if it is likely to result in a … Continue Reading

Advocate General Opinion Supports Limiting the “Right to be Forgotten” to the EU

Photo of Nichole SterlingBy Laura E. Jehl, Emily R. Fedeles and Nichole Sterling on Posted in GDPR, International Privacy Law
On January 10, Advocate General Maciej Szpunar released an opinion recommending that Google and other search engines should not be forced to apply the EU’s “right to be forgotten” beyond the EU.  The advocates general assist the judges of the Court of Justice of the European Union (CJEU), providing independent legal solutions to issues presented … Continue Reading

Brazil Enacts Measure Creating a Data Supervisory Authority; Delays Implementation of the LGPD

By Laura E. Jehl and Brian P. Bartish on Posted in GDPR, International Privacy Law
While the inauguration of a polarizing new president dominated the news of Brazil around the beginning of the new year, outgoing President Michel Temer, before leaving office, issued an executive order that has important ramifications for Brazil’s recently enacted General Data Protection Regulation (Lei Geral de Proteção de Dados or LGPD). Provisional Measure No. 869/2018 … Continue Reading

A New Year Brings a New Vermont Law Aimed at Data Brokers and Credit Reporting Agencies

Photo of Sara GoldsteinBy Laura E. Jehl and Sara Goldstein on Posted in Consumer Data, State Legislation
On Jan. 1, 2019, a new Vermont law intended to protect consumers by imposing new requirements on “data brokers,” companies that aggregate and sell consumer information, and credit reporting agencies took effect. Under the new law, data brokers must comply with registration, information security safeguards and reporting requirements, while credit reporting agencies are prohibited from … Continue Reading

GDPR Spurring Legal Reforms in South America With New Legislation in Brazil

By Brian P. Bartish and Laura E. Jehl on Posted in Breach Notification, GDPR, Privacy Litigation
As organizations continue to grapple with the requirements of the EU General Data Protection Regulation (GDPR) even months after its effective date, one thing is clear: The impact of the regulation extends far beyond an organization’s European operations. The global effects of the GDPR are even more apparent when one surveys new and proposed data … Continue Reading

Is a New Federal Data Privacy Law on the Horizon? The Tech Industry Sure Hopes So

Photo of Sara GoldsteinBy Laura E. Jehl and Sara Goldstein on Posted in Federal Legislation, Privacy Litigation
Despite several failed attempts in recent years, there is a new effort underway to enact a federal data privacy law, and it’s being led by a somewhat unlikely source – the tech industry. Although they were resistant to a federal privacy law in the past, powerful tech industry players now appear to be publicly embracing … Continue Reading

Deeper Dive: Key findings From Baker Hostetler’s 2018 Data Security Incident Report

By Laura E. Jehl on Posted in Data Security Incident Response
In our 2018 Data Security Incident Report, “Building Cyber Resilience: Compromise Response Intelligence in Action,” we identify and analyze the most important trends and takeaways from the more than 560 incidents we handled last year. These incidents affected nearly every industry and impacted anywhere from a single individual to millions of people. Our report distills … Continue Reading

Blockchain ‘Smart Contracts’ – A New Transactional Framework

By Laura E. Jehl and Brian P. Bartish on Posted in Blockchain
While the term “smart contract” has created some confusion, there is a growing buzz around these powerful and flexible software programs. With the support of a host of key players across multiple industry sectors spurring development, smart contracts continue to see an array of new applications. Partner Laura Jehl and Associate Brian Bartish detail some … Continue Reading

Aetna Agrees to Pay $17 Million and Implement Best-Practices Policy to Settle Claims of HIV-related Privacy Violations

By Brian P. Bartish and Laura E. Jehl on Posted in Data Breaches, HIPAA/HITECH, Privacy Class Actions
Last week, Aetna agreed to resolve class action claims of privacy violations related to the disclosure of thousands of members’ HIV status. The agreement will require the insurance giant to pay over $17 million into a settlement fund, the majority of which will be distributed to members of the affected class and to develop and … Continue Reading

The IRS Succeeds in Compelling Crypto Exchange to Disclose User Information

By Laura E. Jehl and Stephanie N. Malaska on Posted in Financial Privacy, Virtual Currency
As the price of bitcoin leaps and lurches toward new highs, it seems fitting that the legal regime surrounding it and other virtual currencies is similarly unpredictable. With bitcoin edging its way into mainstream finance, and Coinbase, one of the world’s largest exchanges of bitcoin and other cryptocurrencies, currently holding the top spot on Apple’s … Continue Reading

Blockchain – The Future of Digital Identity?

By Laura E. Jehl on Posted in Financial Privacy
Government agencies, prominent tech companies, startups and newly-created foundations are all working to develop a new paradigm for proof of identity based on blockchain technology. Known as “digital identity,” “decentralized identity,” or “self-sovereign identity,” it would allow individuals to control their own digital identities, limit access to personal data, and provide a much-needed, secure replacement … Continue Reading

Uber Settles With FTC Over Allegedly Deceptive Privacy And Data Security Practices

By Laura E. Jehl on Posted in Cybersecurity, Enforcement
Uber, the ride-hailing giant, agreed this week to implement a comprehensive privacy program and to undergo 20 years of privacy and data security audits in order to settle allegations by the Federal Trade Commission (FTC) that Uber did not keep its promises to protect customer data. The FTC had alleged two separate failures by Uber: … Continue Reading
LexBlog