David M. Stauss

David M. Stauss

David Stauss is a partner at Husch Blackwell LLP and co-leader of the firm’s privacy and data security practice group. David regularly assists clients in preparing for and responding to data security incidents, including managing multi-state breach notifications. He also regularly counsels clients on complying with existing and emerging privacy and information security laws, including the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act of 2018 (CCPA) and state information security statutes. To stay up to date on these issues, subscribe to Husch Blackwell’s privacy blog. Stauss can be reached at david.stauss@huschblackwell.com.

Articles

ARTICLES

technology-data freepik

European Commission adopts new standard contractual clauses

Keypoint: Companies using the previous standard contractual clauses will have eighteen months to transition to the new documents.
david stauss
David M. Stauss
June 21, 2021
Earlier this month, the European Commission announced that it has adopted “two sets of standard contractual clauses, one for use between controllers and processors and one for the transfer of personal data to third countries.” The new SCCs take into account new requirements under the General Data Protection Regulation as well as the Court of Justice’s Schrems II opinion.
Read More
privacy freepik

CPRA update: Board appointments announced for California Privacy Protection Agency

Keypoint: The appointment of the five California Privacy Protection Agency board members is the first significant step to the California Privacy Rights Act becoming fully operative in 2023.
david stauss
David M. Stauss
March 24, 2021
On March 17, California officials announced the establishment of the five-member inaugural board for the California Privacy Protection Agency (CPPA). The CPPA was established by the California Privacy Rights Act (CPRA), which California voters approved in the November election. The CPPA will take over rulemaking duties from the California Attorney General’s office and will administratively enforce the CPRA. Given that California has the world’s fifth largest economy, the CPPA has the potential to be one of the most important data privacy authorities in the world.
Read More
cyber freepik

CCPA update: New regulations approved

Keypoint: Modifications to the CCPA regulation’s provisions regarding requests to opt-out and authorized agent requests are now final.
david stauss
David M. Stauss
March 23, 2021
On March 15, 2021, the California Attorney General’s office announced that the Office of Administrative Law has approved the Attorney General’s proposed changes to the CCPA regulations. The new regulations make three general changes relating to the right to opt out of sales and one change to authorized agent requests. In addition, the Attorney General’s press release reaffirms that enforcement activities are proceeding.
Read More
data-enews

Analyzing the draft standard contractual clauses

Once finalized, US entities can use the new Standard Contractual Clauses to legally transfer data out of the EEA when combined with appropriate supplementary measures.
david stauss
David M. Stauss
December 1, 2020
As discussed in our prior post, on November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses (SCCs) for the transfer of personal data to third countries and draft standard contractual clauses. Once finalized, the SCCs will replace the existing SCCs for data transfers out of the EEA.
Read More
Combating Complacency: Getting the Most Out of Your Data Breach Response Plan

Analyzing the EDPB’s draft recommendations on supplementary measures

In the wake of Schrems II, the EDPB’s much-anticipated recommendations provide extensive guidance on supplementary measures parties can use to legally transfer data out of the EEA in the absence of an adequacy decision.
david stauss
David M. Stauss
November 20, 2020

In a flurry of activity last week, the European Data Protection Board (EDPB) and the European Commission made major announcements affecting cross-border data transfers out of the EEA. First, the EDPB announced the adoption of draft recommendations on measures that supplement cross-border data transfer tools as well as recommendations on the European Essential Guarantees for surveillance measures. The below post will examine the EDPB’s draft recommendations on supplementary measures. The draft new standard contractual clauses will be discussed in a separate post.


Read More
Combating Complacency: Getting the Most Out of Your Data Breach Response Plan

What U.S. companies should know about LGPD – Brazil’s new General Data Protection Law

LGPD is a complicated regulatory regime that will required U.S. entities subject to its requirements to undertake substantial compliance efforts.
david stauss
David M. Stauss
September 23, 2020
As documented in Dirceu Santa Rosa’s article for the IAPP’s Privacy Tracker, efforts to delay the effective date of Brazil’s General Data Protection Law – Lei Geral de Proteção de Dados or LGPD – recently failed, and the law is expected to go into force in the coming days. Brazil’s federal government also published a decree approving the regulatory structure of the Autoridade Nacional de Proteção de Dados, i.e., Brazil’s national data protection authority.
Read More
cyber

Switzerland’s DPA concludes that Swiss-US Privacy Shield does not provide adequate level of protection

david stauss
David M. Stauss
September 18, 2020
The fallout from the Schrems II judgment continued with an announcement from Switzerland’s Federal Data Protection and Information Commissioner (FDPIC) that the Swiss-US Privacy Shield regime “does not provide an adequate level of protection for data transfer from Switzerland to the US pursuant to [Switzerland’s] Federal Act on Data Protection (FADP).”
Read More
SEC0219-data-Feat-slide1_900px

European Commission and EDPB provide update on efforts to address cross-border transfers after Schrems II

Keypoint: Representatives of the European Commission and EDPB advised that further guidance on cross-borders data transfers are forthcoming.
david stauss
David M. Stauss
September 11, 2020
Last week, Didier Reynders, European Commissioner for Justice, and Dr. Andrea Jelinek, Chair of the European Data Protection Board (EDPB), appeared at a hearing conducted by the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs, and updated committee members on their work since the Schrems II decision. In his remarks, Mr. Reynders identified three main areas on which the Commission is focusing.
Read More
SEC0219-data-Feat-slide1_900px

CCPA update: Analyzing the changes to the final CCPA Regulations

david stauss
David M. Stauss
malia rogers
Malia Rogers
August 18, 2020

On Friday, August 14, 2020, the California Office of Administrative Law (OAL) approved the California Office of the Attorney General’s (OAG) final CCPA regulations and filed them with the California Secretary of State (SOS). The regulations were immediately effective. Notably, the final text of the regulations submitted to the SOS was modified from the one filed with the OAL. The OAG published an Addendum to the Final Statement of Reasons setting forth the changes. Many of the changes are stylistic and grammatical. However, some of the changes are substantive and will impact compliance efforts. The most notable changes are discussed below.


Read More

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

SUBSCRIBE TODAY!