Select Page

Author: Norton Rose Fulbright LLP

New California “sanctuary” law restricts access to workers and their records

A new state law places California businesses on the front line in responding to federal immigration enforcement actions.  Effective January 1, 2018, AB 450 requires California employers to protect employees and their private information from warrantless “workplace raids” and I-9 form demands, and to warn employees who become targets of an immigration investigation. Background Under federal law, immigration agents may arrive unannounced at a worksite for the purpose of investigating employees’ authorization to work in the U.S.  Agents may enter non-public areas of the workplace only with a judicial warrant or the employer’s consent.  Once inside, agents may demand...

Read More

South Dakota and Colorado strengthen data breach protections

Last week, South Dakota moved closer to implementing a data breach notification law, while Colorado legislators introduced a new bill requiring “reasonable security procedures,” imposing data disposal rules and shortening the time frame in which to alert authorities regarding a breach.  South Dakota and Colorado are the latest states taking steps in cybersecurity lawmaking in light of Congress’s inaction regarding data breach legislation. South Dakota On Tuesday, January 23, 2018, the South Dakota State Senate Judiciary Committee passed a bill that would require companies to inform consumers of any “unauthorized acquisition” of personal data, unless the company and the...

Read More

New security requirements issued for credit card payments on mobile devices

On January 24, 2018, the governing body for credit and debit cards, known as the Payment Card Industry (PCI) Security Standards Council, announced a new set of security requirements designed to address an increasingly popular way that merchants offer to consumers to pay for purchases:  smartphones and tablets.  Especially for smaller merchants, the ability to use a mobile point-of-sale solution offers flexibility, efficiency, and convenience—all enhancing the customer experience. As of October 1, 2015, however, payment mechanisms got more complicated, as the United States began implementing a new credit card security standard called EMV.  (EMV is an acronym for...

Read More

European Commission issues new GDPR guidance

The GDPR will come into force exactly four months from Wednesday.  In preparation, the European Commission has released a new website with extensive guidance on GDPR implementation, together with a Fact Sheet containing Q&As on the GDPR.  While much of the guidance is already known to privacy professionals, there are new insights as well. For example, the Commission posted a Communication explaining that it has convened an “Expert Group” (which has already met 13 times) to assist Member States in GDPR implementation. The Communication also describes the “infringement procedure,” which would be implicated should a Member State fail to properly...

Read More

Recent Posts – All categories