Data

China 301 List 3 Exclusion Process Announced

Photo credit: iStock.com/FilmColoratStudio

By Susan Kohn Ross

 

In the June 20, 2019 pre-publication edition of the Federal Register, the U.S. Trade Representative announced the long awaited process for seeking exclusions for goods on List 3, the one which recently went from 10% to 25%. While the exclusion process itself generally mirrors the process applied to those goods on Lists 1 and 2, there are a few differences, but let’s start at the beginning.

Any exclusion request for List 3 goods must be filed between June 30 and September 30, 2019. The request must be filed through the portal: http://exclusions.ustr.gov (active beginning June 30, 2019). One new wrinkle is parties must register in the portal before filing. (more…)

CA Consumer Privacy Act Gets a Rewrite

Cybersecurity of network of connected devices and personal data security

Photo credit: iStock.com/NicoElNino

By Susan Kohn Ross

When the law was signed by then Governor Brown (see our prior Alert here), the expectation was that Attorney General Becerra would issue the enabling regulations by July of this year, which would allow a phase-in period. Then by January 1, 2020, the requirements would be clear and companies would be able to properly formulate and implement their compliance policies. Regretfully, things are not going as expected.

First, in accordance with the law, General Becerra organized a series of public meetings: (more…)

The GDPR is Coming – Are You Ready?

GDPR Webinar Invite l BackgroundBy Susan Kohn Ross and Aaron Wais

On May 25, 2018, important European regulations regarding data privacy and protection go into effect that will have a major impact on American companies, many of whom don’t realize they will be subject to compliance with its requirements. The General Data Protection Regulations (the “GDPR”) will have severe penalties for non-compliance (as high as €20 million or 4% of annual worldwide turnover). The GDPR will also have very broad territorial reach applying not only to European entities, but also to entities located outside of Europe (including those in the U.S.) that process the personal data of living European individuals residing in the covered countries, including if the company:

  • Offers goods or services to individuals in the covered countries (e.g., e-commerce, capital raising, fund raising, immigration);
  • Employs individuals in one or more of the countries;
  • Monitors the behavior of individuals in any of these countries; and
  • Collects, stores, or processes the personal data of affected individuals on behalf of others.

For these purposes, the European definition of personal data mirrors nicely the American definition of personally identifiable information. Given the severe penalties and broad reach, it is important that each company in the U.S. consider whether the GDPR applies to its operations and, if so, how best to comply. (more…)