On October 7, 2015, the Court of Justice of the European Union invalidated the U.S./E.U. Safe Harbor framework, on which many companies relied as a basis for the lawful transfer of personal information from the E.U. to the United States. The invalidation means that any company that had previously relied on the Safe Harbor to process personal information should evaluate alternatives. For more information, please see Goodwin Procter’s Client Alert.
Closer to home, California remains active on the privacy and data security front. As previously reported, we at Founders Workbench highlighted a settlement between Houzz, Inc. and the Office of the California Attorney General over Houzz’s practices of recording customer and employee conversations without providing proper notice (view post). And on October 8, 2015, Governor Jerry Brown signed into law the California Electronic Communications Privacy Act (CalECPA). This legislation, hailed by privacy advocates, now requires California government entities to get a warrant before accessing electronic information (with limited exceptions). CalECPA is broad and covers not just the content of electronic communications, but metadata and location data. In this time of increasing government scrutiny of all manners of electronic communications, companies of all sizes should be aware of their rights and what they need to turn over and what they do not. More information can be found in Goodwin Procter’s Client Alert.