wyrick.com
Contributor

Sean W. Fernandes

Sean W. Fernandes

Bio

Sean is a member of the firm’s Privacy & Data Security practice group.  He counsels clients on legal requirements regarding privacy, data security, and data protection applicable to their businesses.  He has experience with a variety of federal, state, and foreign privacy and data security laws and regulations, including biometric privacy laws such as the Illinois Biometric Information Privacy Act (BIPA), the California Consumer Privacy Act of 2018 (CCPA) and California Privacy Rights Act (CPRA), CAN-SPAM, the Colorado Privacy Act (CPA), the EU ePrivacy Directive and General Data Protection Regulation (GDPR), the Fair Credit Reporting Act (FCRA), the Federal Educational Rights and Privacy Act (FERPA), the Gramm-Leach-Bliley Act (GLBA), HIPAA, state data breach notification laws, the Stored Communications Act, the Video Privacy Protection Act (VPPA), the Virginia Consumer Data Protection Act (CDPA), and the Wiretap Act.  Sean has significant experience guiding clients through responses to security incidents and data breaches, including responses to regulatory investigations into data breaches, drafting privacy policies and notices, creating and advising on the administration of privacy and security compliance programs, drafting and negotiating privacy and security contracts, and advising on privacy and data security issues in M&A transactions. Sean holds a CIPP/US certification from the International Association of Privacy Professionals (IAPP).

View Full Bio

Sean's Posts

Illinois Adopts Business-Favorable Amendment to Biometric Information Privacy Act

The Illinois Biometric Information Privacy Act (“BIPA”) has posed significant litigation risk to businesses collecting biometric information since its adoption in 2008. Last year, an…

Read Post

Living in a Material World: SEC Clarifies Expectations Regarding Form 8-K Disclosure of Material Cybersecurity Incidents

Last month, the Director of the Division of Corporation Finance (“Director”) of the Securities and Exchange Commission (“SEC”) issued new guidance regarding…

Read Post

No Money, Mo’ Problems: DoorDash CCPA Enforcement Action Emphasizes Personal Information “Sales” Aren’t All About the Benjamins

The California Attorney General (“AG”) recently delivered (pun very much intended) a public CCPA enforcement action against DoorDash, its second following the…

Read Post

Empire State of Security: New York DFS Finalizes Significant Amendment to Financial Services Cybersecurity Regulation

The New York State Department of Financial Services (“NYDFS”), which regulates financial services institutions including banks, insurance companies, and mortgage brokers, finalized an…

Read Post

Nothing But NetChoice: Federal Court Blocks Enforcement of California Age-Appropriate Design Code

A federal court in the Northern District of California recently granted a preliminary injunction in NetChoice v. Bonta that enjoins enforcement of…

Read Post

Let’s Get Back Together?: What to Do About the EU-U.S. Data Privacy Framework Adequacy Decision

Earlier this month the EU Commission adopted an adequacy decision for the EU-U.S. Data Privacy Framework (”DPF”), which replaces the Privacy Shield…

Read Post

Same Old, Not Quite Same Old: Montana and Tennessee Adopt Comprehensive Privacy Laws, with a Unique Twist in Tennessee

The comprehensive state privacy law trend (and the related trend of enhanced job security for privacy professionals) shows no sign of slowing. Last month the…

Read Post

Privacy in the Heartland: Iowa to Become Sixth State with a Comprehensive Privacy Law

An Iowa comprehensive privacy law bill titled An Act Relating to Consumer Data Protection, Providing Civil Penalties, and Including Effective Date Provisions…

Read Post
Tag Icon

Not What the Doctor Ordered: GoodRx to Pay $1.5 Million in FTC’s First Enforcement of the Health Breach Notification Rule

The Federal Trade Commission earlier this month undertook an enforcement action against online pharmacy and telehealth provider GoodRx, in the latest example of the agency…

Read Post

2022 Hindsight: Breach Notification Year in Review

While new comprehensive state privacy laws took most of the headlines this year, security threats and incident response remain key risk factors for privacy…

Read Post

Minor Keys: Major Takeaways from New California Online Children’s Privacy Law

The California Age-Appropriate Design Code Act (the “Act”) recently became law and includes a number of online privacy-related requirements related to individuals under…

Read Post

Special (Category) Edition: CJEU Adopts Broad Interpretation of “Special Categories” of Personal Data Under GDPR

Earlier this month the Court of Justice of the European Union (“CJEU”) issued a decision adopting a surprisingly broad interpretation of the “special categories…

Read Post

Def-Conn 5: Connecticut Becomes the Fifth State to Adopt a General Privacy Law

Connecticut recently became the fifth state with a comprehensive consumer privacy law when Governor Ned Lamont signed An Act Concerning Personal Data…

Read Post

Four and Counting: Utah on Verge of Becoming the Fourth State to Adopt a Comprehensive Consumer Privacy Law

The Utah Consumer Privacy Act (UCPA) is on the verge of becoming law after recently passing both chambers of the Utah legislature…

Read Post
Tag Icon

App-etite for Notification: FTC Says “Welcome to the Jungle” to Mobile Health App Developers in Policy Statement on Health Breach Notification Rule

Last week’s news that the Federal Trade Commission is taking steps to begin rulemaking on consumer privacy and artificial intelligence drew plenty of attention from…

Read Post

Worth the Wait? Key Takeaways from California Attorney General CCPA Enforcement Case Summaries

Before the CCPA became enforceable on July 1, 2020, much ink was spilled (or many keys were hit) about the California Office of the Attorney…

Read Post

The Short Arm of GDPR? UK Court Decision Analyzes Application of GDPR to US-based Company

Organizations in the United States often ask us how to comply with GDPR. But starting with that question skips a key inquiry: the extent to…

Read Post

The Virginia Consumer Data Protection Act: Top 7 Things to Know Right Now

The Virginia Consumer Data Protection Act (CDPA) became law earlier this week when the state’s governor signed a bill recently adopted by the state’s…

Read Post

HIPAA for the Holidays: How OCR’s December HIPAA Notice of Proposed Rulemaking Could Impact Covered Entities

In case privacy lawyers did not have enough to keep up with over the holiday season (as we’ve mentioned, there’s already plenty to keep up…

Read Post

Fifth Time’s the Charm? Overview of the Latest Proposed CCPA Regulation Modifications

Last week, the California Office of the Attorney General (“OAG”) released another set of proposed modifications to its CCPA regulations, which makes five versions of…

Read Post

EU-US Data Transfers Under Fire: The CJEU’s Schrems II Decision

Last week the Court of Justice of the European Union (“CJEU”) issued a decision in Case C-311/18 Data Protection Commissioner v Facebook Ireland Limited…

Read Post

Some Restrictions Apply: Limits and Risks of OCR’s COVID-19 Notifications of HIPAA Enforcement Discretion

To help combat the ongoing COVID-19 pandemic, the Department of Health and Human Services (DHHS) and its Office for Civil Rights (OCR) has recently issued…

Read Post

Get Lost: Geolocation Privacy Claims Against Google Dismissed

Businesses’ use of geolocation technology is under significant public scrutiny, as demonstrated by a recent New York Times series spotlighting the practice and the…

Read Post

Unplug Social Media? How CJEU’s Fashion ID Ruling Could Affect Your Website

Weeks after the FTC fined Facebook $5 billion and the company entered a $100 million settlement with the SEC, Facebook has once again made significant…

Read Post