Data, privacy and cybersecurity issues are critical for companies that collect, use, process, store, license and/or disclose personally identifiable information (“Personal Information”), whether from customers or prospects, employees, business partners or other third parties. The regulation of privacy and data security continues to rapidly evolve. Many of these laws may be sector specific or intended to address specific uses, for example the collection and use of biometric data, personal data in the advertising sector or financial services sector, or products and services that are child directed or can prompt young children to provide their personal information.
If you are doing business in the European Union (“EU”), you should consider the whether your company is subject to EU privacy and data protection requirements, including the General Data Protection Regulation or GDPR other EU rules governing marketing communications or other specific data driven activities.
If you collect personal information from California consumers you may be subject to the recently enacted California Consumer Privacy Act is intended to give individuals control significantly enhanced control over their data and restrict certain downstream uses of personal data.