Nichole Sterling

Subscribe to all posts by Nichole Sterling

New York State Adds Health Care Geofencing Prohibition, Taking a More Measured Approach Than Washington’s Similar Ban

Photo of Nichole SterlingPhoto of Andreas KaltsounisBy Nichole Sterling and Andreas Kaltsounis on Posted in Healthcare
As part of the health budget bill signed by Governor Hochul in early May, New York has amended its General Business Law, introducing a prohibition on geofencing of health care facilities that goes into effect on July 2, 2023 – just three weeks before a similar ban in Washington state. This addition to the General … Continue Reading

International Data Protection Update

Photo of Nichole SterlingPhoto of Melinda L. McLellanPhoto of Andreas KaltsounisBy Nichole Sterling, Melinda L. McLellan and Andreas Kaltsounis on Posted in Data Protection
This Update highlights some of the international data protection issues that caught our attention and the attention of our clients over the winter, including updates on European data transfers and cookie compliance, regulatory enforcement actions, and data protection laws in Canada, China, India and Saudi Arabia. Russia’s Attack on Ukraine Government cybersecurity agencies worldwide are … Continue Reading

Are More European Standard Contractual Clauses Coming?

Photo of Andreas KaltsounisPhoto of Nichole SterlingBy Andreas Kaltsounis and Nichole Sterling on Posted in Data Protection, GDPR
On November 18, 2021, the European Data Protection Board (EDPB) adopted its new draft guidance on the interplay between Article 3 of the European Union’s General Data Protection Regulation (GDPR) and Chapter V of the same law. This new guidance specifies that personal data processing by organizations in countries outside the European Economic Area (EEA) is … Continue Reading

International Data Protection Update – Summer 2021

Photo of Nichole SterlingPhoto of Melinda L. McLellanPhoto of Andreas KaltsounisBy Nichole Sterling, Melinda L. McLellan and Andreas Kaltsounis on Posted in Data Protection, Enforcement, EU, GDPR, International Privacy Law
This update highlights some of the international data protection issues that caught our attention, and the attention of our clients, over the summer. Asia-Pacific China’s Data Security Law and Personal Information Protection Law – This summer, the People’s Republic of China passed two new data protection laws. The Data Security Law (DSL) passed in June … Continue Reading

Data Breach Enforcement Is a Global Risk

Photo of Seungjae LeePhoto of Nichole SterlingBy Seungjae Lee and Nichole Sterling on Posted in Data Security Incident Response
The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report highlights some regulatory enforcement trends we saw from the European Union (EU) data protection authorities (DPAs) during the past year. EU DPA enforcement actions increased significantly in 2020, as DPAs followed up on personal data breach notices and individual complaints and also launched investigations … Continue Reading

Updated EU Standard Contractual Clauses Are Finally Here

Photo of Nichole SterlingPhoto of Andreas KaltsounisPhoto of Melinda L. McLellanBy Nichole Sterling, Andreas Kaltsounis and Melinda L. McLellan on Posted in EU, GDPR
On June 4, 2021, the European Union’s (EU) executive branch, the European Commission (EC), released their new Standard Contractual Clauses (SCCs) for compliant cross-border data transfers under the EU’s General Data Protection Regulation (GDPR), ending a long wait for revised SCCs. The new SCCs resolve certain practical issues companies faced when using the older versions but … Continue Reading

The Not-So-Hidden FTC Guidance on Organizational Use of Artificial Intelligence (AI), from Data Gathering Through Model Audits

Photo of James A. ShererPhoto of Nichole SterlingPhoto of Stanton BurkeBy James A. Sherer, Nichole Sterling and Stanton Burke on Posted in AI
Our last AI post on this blog, the New (if Decidedly Not ‘Final’) Frontier of Artificial Intelligence Regulation, touched on both the Federal Trade Commission’s (FTC) April 19, 2021, AI guidance and the European Commission’s proposed AI Regulation. The FTC’s 2021 guidance referenced, in large part, the FTC’s April 2020 post “Using Artificial Intelligence and … Continue Reading

The New (if Decidedly Not ‘Final’) Frontier of Artificial Intelligence Regulation

Photo of James A. ShererPhoto of Chad RutkowskiPhoto of Stanton BurkePhoto of Nichole SterlingBy James A. Sherer, Chad Rutkowski, Stanton Burke and Nichole Sterling on Posted in AI
The week of April 19 was an eventful one for practitioners following the evolution of potential artificial intelligence (AI) enforcement both in the United States and abroad, answering some questions regarding which regulators were going to take a more active and prospective role in regulating and advising on AI use and what those roles might look … Continue Reading

International Data Protection Update – First Quarter 2021

Photo of Nichole SterlingPhoto of Andreas KaltsounisPhoto of Melinda L. McLellanBy Nichole Sterling, Andreas Kaltsounis and Melinda L. McLellan on Posted in Data Protection
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months. Europe, the Middle East and Africa Cookies and Tracking Technologies – On March 31, 2021, the revised guidelines on cookies and trackers from the French data protection authority, … Continue Reading

Privacy and Product Counseling: 2020 in Review

Photo of Gerald J. FergusonPhoto of Nichole SterlingBy Kyle R. Fath, Gerald J. Ferguson and Nichole Sterling on Posted in Privacy
Summary Advising our clients on compliance with laws and regulations is, hands down, the most important aspect of our role as attorneys. In addition to seeking counsel on their obligations under laws and regulations, however – motivated by industry trends, utilization of and dependence on third-party services and platforms, and, this year, the COVID-19 pandemic … Continue Reading

European Authorities Release Back-to-Back Drafts Addressing Cross-Border Data Transfers

Photo of Melinda L. McLellanPhoto of Nichole SterlingBy Melinda L. McLellan and Nichole Sterling on Posted in EU, GDPR
Last week, both the European Data Protection Board (EDPB) and the European Commission released highly anticipated draft documents offering guidance to organizations that engage in cross-border data transfers involving EU personal data. The EDPB, an independent body responsible for consistent application of data protection rules throughout the EU, published draft recommendations on supplemental measures for transfer … Continue Reading

Employee Training and Record-Keeping Requirements in the Final CCPA Regulations and a Preview of New Retention Requirements in the CPRA

Photo of Nichole SterlingPhoto of James A. ShererBy Nichole Sterling and James A. Sherer on Posted in CCPA
The California Consumer Privacy Act (CCPA) does not in itself outline specific employee training or record-keeping requirements that demonstrate business compliance with the law. However, the California attorney general’s final CCPA Regulations, intended to guide the application of the CCPA, detail that specific types of employee training and record-keeping are required for CCPA compliance. Specifically, … Continue Reading

5 Key Things to Know about the Landmark Schrems II Decision

Photo of Andreas KaltsounisPhoto of Melinda L. McLellanPhoto of Jeewon SerratoPhoto of Nichole SterlingBy Andreas Kaltsounis, Melinda L. McLellan, Jeewon Serrato and Nichole Sterling on Posted in EU-U.S. Privacy Shield Framework, GDPR
Quick Links CJEU Press Release CJEU Decision Press Releases from the Parties Irish Data Protection Commission Max Schrems U.S. Department of Commerce Electronic Privacy Information Center (EPIC) BSA The Software Alliance DIGITALEUROPE 1. Is the EU-U.S. Privacy Shield framework dead? Yes, the Privacy Shield framework has been invalidated. The Court of Justice of the European … Continue Reading

Belgian Authority Raises Red Flag for DPOs with Multiple Roles

Photo of Nichole SterlingPhoto of Andreas KaltsounisPhoto of Melinda L. McLellanBy Nichole Sterling, Andreas Kaltsounis and Melinda L. McLellan on Posted in Enforcement
Following its investigation of a personal data breach, the Belgian Data Protection Authority (DPA) issued a ruling on April 28, 2020, imposing a €50,000 fine on an organization for negligence in having appointed the company’s head of compliance, risk and audit as its data protection officer (DPO). This decision should cause entities to reconsider appointing … Continue Reading

Record-Keeping and Training Requirements in the Proposed Regulations for the CCPA

Photo of Nichole SterlingPhoto of James A. ShererBy Nichole Sterling and James A. Sherer on Posted in CCPA
The California Consumer Privacy Act (CCPA), California Civil Code §1798.100 and following, does not in itself outline specific training and record-keeping requirements that demonstrate business compliance with consumer requests. However, in October 2019, the California attorney general proposed additional CCPA Regulations intended to guide the application of the CCPA, and Section 999.317 of the proposed … Continue Reading

Advocate General Opinion Supports Limiting the “Right to be Forgotten” to the EU

Photo of Nichole SterlingBy Laura E. Jehl, Emily R. Fedeles and Nichole Sterling on Posted in GDPR, International Privacy Law
On January 10, Advocate General Maciej Szpunar released an opinion recommending that Google and other search engines should not be forced to apply the EU’s “right to be forgotten” beyond the EU.  The advocates general assist the judges of the Court of Justice of the European Union (CJEU), providing independent legal solutions to issues presented … Continue Reading

The CLOUD Act and the Warrant Canaries That (Sometimes) Live There

Photo of James A. ShererPhoto of Nichole SterlingPhoto of Brittany YantisBy James A. Sherer, Nichole Sterling and Brittany Yantis on Posted in Cloud Computing
The Clarifying Lawful Overseas Use of Data Act (Pub. L. No. 115-141 (2018), or the CLOUD Act, was enacted in the U.S. on March 23, 2018, in response to difficulties U.S. law enforcement agencies (LEAs) had when attempting to gain access to data held by cloud service providers through Stored Communication Act (SCA) warrants, as … Continue Reading

European Court Provides Further Clarity on Employee Monitoring

Photo of Nichole SterlingBy Emily R. Fedeles and Nichole Sterling on Posted in International Privacy Law, Workplace Privacy
The September 5, 2017, decision of the Grand Chamber of the European Court of Human Rights (ECHR) in Bărbulescu v Romania (Bărbulescu) has interrupted a recent trend toward limiting privacy in the European workplace. The Bărbulescu decision held that a Romanian employee’s legally protected right to privacy was violated when his employer monitored personal messages … Continue Reading
LexBlog