Preparing for the Virginia Consumer Data Protection Act

Beginning June 1, 2023, the Virginia Consumer Data Protection Act (CDPA) will come into effect for Virginia businesses and consumers.

What is the CDPA?

At its core, the CDPA is a data privacy law intended to provide guardrails on how businesses use and store the data of Virginia consumers. Virginia was the second state to pass a state data privacy law after California’s California Consumer Privacy Act (CCPA).

The CDPA will apply to covered businesses that conduct business in Virginia or affect Virginia commerce through targeting products and/or services to Virginia residents.  For the CDPA to apply to a company, it must either:

  • Control or process the personal data of at least 100,000 consumers during a calendar year; or
  • Process the personal data of at least 25,000 consumers and derive more than 50 percent of their gross revenue from selling personal data.

Personal data in this context includes “any information that is linked or reasonably linkable to an identified or identifiable natural person.”

What are the CDPA requirements?

The CDPA draws on concepts from the California Privacy Rights Act, CCPA, and the General Data Protection Regulation (GDPR) by establishing consumer rights relating to Privacy.

The main areas of the CDPA that businesses should prepare for are as follows:

Continue reading

Conn Maciel Carey’s 2022 Labor and Employment Webinar Series

2022 LE Webinar Series

Announcing Conn Maciel Carey’s 2022 Labor and Employment Webinar Series

The legal landscape facing employers seems as difficult to navigate as it has ever been.  Keeping track of the ever-changing patchwork of federal, state and local laws governing the workplace may often seem like a full-time job whether you are a human resources professional, in-house attorney or  business owner.  Change appears to be the one constant.  As we enter Year 2 of President Biden’s Administration, employers will continue to closely track the changes taking place at the NLRB, the DOL and the EEOC.  At the same time, a number of states will continue introducing new laws and regulations governing workplaces across the country, making it more important than ever for employers to pay attention to the bills pending in the legislatures of the states where they operate.

​Conn Maciel Carey’s complimentary 2022 Labor and Employment Webinar Series, which includes monthly programs (sometimes more often, if events warrant) put on by attorneys in the firm’s national Labor and Employment Practice, will focus on a host of the most challenging and timely issues facing employers, examining past trends and looking ahead at the issues most likely to arise.

To register for an individual webinar in the series, click on the link in the program description below. To register for the entire 2022 series, click here to send us an email request, and we will register you.  If you missed any of our programs from the past seven years of our annual Labor and Employment Webinar Series, here is a link to an archive of recordings of those webinars. 

2022 Labor and Employment Webinar Series – Program Schedule

Continue reading

Announcing Conn Maciel Carey’s 2021 Labor and Employment Webinar Series

2021 Labor and Employment Webinar Series

The legal landscape facing employers seems as difficult to navigate as it has ever been.  Keeping track of the ever-changing patchwork of federal, state and local laws governing the workplace may often seem like a full-time job whether you are a human resources professional, in-house attorney or  business owner.  Change appears to be the one constant.  As President Trump’s Administration comes to an end, employers will continue to closely track the changes taking place at the NLRB, the DOL and the EEOC.  At the same time, a number of states will continue introducing new laws and regulations governing workplaces across the country, making it more important than ever for employers to pay attention to the bills pending in the legislatures of the states where they operate.  This complimentary webinar series will focus on a host of the most challenging and timely issues facing employers, examining past trends and looking ahead at the issues most likely to arise.

Conn Maciel Carey’s complimentary 2021 Labor and Employment Webinar Series, which includes (at least) monthly programs put on by attorneys in the firm’s national Labor and Employment Practice, is designed to give employers insight into legal labor and employment developments.

​To register for an individual webinar in the series, click on the link in the program description below. To register for the entire 2021 series, click here to send us an email request, and we will register you. If you missed any of our past programs from our annual Labor and Employment Webinar Series, click here to subscribe to our YouTube channel to access those webinars.


2021 Labor & Employment Webinar Series – Program Schedule

California Employment Law Update for 2021

Wednesday, January 20th

Marijuana, Drug Testing and Background Checks

Tuesday, July 13th

COVID-19 Vaccine: What Employers Need to Know

Thursday, February 11th

Employee Misconduct Defense & Employment Law

Wednesday, August 11th

Employment Law Update in D.C, MD, VA and Illinois

Wednesday, March 24th

Employee Handbooks, Training and Internal Audits

Tuesday, September 21st

Withdrawal Liability Pensions

Wednesday, April 14th

NLRB Update

Tuesday, October 19th

ADA Website Compliance Issues –  Best Strategies for Employers

Tuesday, May 18th

Avoiding Common Pitfalls: Non-Compete, Trade Secrets and More!

Wednesday, November 10th

What to Expect from DOL Under the Biden Admin.

Wednesday, June 16th

Recap of Year One of the Biden Administration

Tuesday, December 14th

   

See below for the full schedule with program descriptions, dates, times and links to register for each webinar event.

Continue reading

Digital Threats Continue to Confront the Hospitality Industry

shutterstock_217014265Cybersecurity and digital threats were a hot topic at ALIS Law, a conference for hotel owners and operators, in Los Angeles last month.  I had a pleasure of moderating a session on “threats in a digital world” with senior executives from national hotel management and ownership groups.  In our session, we discussed what were some of the pressing and most concerning digital threats that kept the hospitality industry up at night.  Here are some highlights and take-aways from the session:

  • Cybersecurity and hacks from foreign and domestic threats remain a top concern. Many hotels have been engaging in surveillance as one method of cyber protection.  It was noted how much the investment in technology to prevent, address, and respond to cybersecurity issues has increased for both owners and operators.  While owners may bear the cost on their profit & loss statement, and management companies are putting in policies, owners are adding property specific monitoring.  It was discussed that one global hotel company, Hyatt Hotels, recently announced a bug bounty program whereby they will be paying ethical hackers to monitor their systems, including mobile applications, for potential risks and where credible risks or threats are found – the hackers will be compensated – which is a novel approach in the hospitality industry.
  • While cybersecurity threats have been a focus, one repeated concern is the threat of harm to a hotel’s reputation due to guests and third parties spreading false information on social media sites, such as LinkedIn, Yelp, and Trip Advisor. To address these concerns, hotel operators talk with their teams daily about the consequences of false information or a bad review and take steps to remove false reviews if possible.  Others noted that removing a false review from a site like Trip Advisor can be challenging unless the company is able to prove that the review was posted for criminal reasons or demonstratively false.
  • One consequence of a cybersecurity hack beyond the disclosure of guest information is if a hacker was able to secure personal identifiable information of a hotel company’s investors and borrowers. If investors are concerned that a hotel company is not protecting their highly confidential and personal financial information, that would have a significant impact on the reputational harm to the company.
  • Some of the best practices that owner and operators have put into place is an incident response plan to respond to a threat. In doing so, a key question is who you need at the table to decide how to move forward (IT / GC / PR / Owner) and what elements do you need to put into place.  In addition, implementing policies and procedures on the front end is critical.  For example, from an accounting perspective, having controls in place that can protect where the money is going and where it is coming from and ensuring that there are multiple approvals before money is sent out electronically.  Finally, training staff on the policies and procedures so that the right people are getting the right information.  Managers need to judge and reward staff for compliance with the policies because while a company continue to monitor and audit, training is only effective if compliance is monitored.  For example, one company reported conducting more secret shoppers to determine whether someone can drop a flash drive into a front desk computer to tap into the network.

Unfortunately, cybersecurity risks and threats are not going away anytime soon, but with planning and focus on this important issue, hotel owners and operators can get ahead of some of the threats and take control and strong action if a risk materializes.