Data Privacy & Cybersecurity PracticeOn June 28, 2018, California Governor Jerry Brown signed A.B. 375 into law, a robust bill that provides substantially broader privacy rights to California consumers regarding how certain businesses can collect, use, sell, and disclose their personal information. The new law requires such businesses to be more transparent in their data collection and sharing practices.
Read more »Data Privacy & Cybersecurity
-
California Enacts Sweeping, EU-Style Privacy Law Posted on: July 06, 2018 In: Data Privacy & Cybersecurity
-
Colorado Amends Data Breach Notification Statute Posted on: June 18, 2018 In: Data Privacy & CybersecurityOn May 29, 2018, Colorado Governor John Hickenlooper signed House Bill (“HB”) 1128 into law, amending the State’s data breach notification statute and imposing significant new requirements on entities that must notify Colorado residents of a data incident pursuant to Colo. Rev. Stat. § 6-1-716.
Read more »
-
Benefits of A Security Posture Assessment Posted on: May 07, 2018 In: Data Privacy & CybersecurityThe most difficult step to take in tackling the digital security goals of an organization is often the first one. Before responding to an audit, before scheduling a penetration test, before implementing a new privacy policy or formulating an incident response plan, the most important thing a company can do right from the start about security is to have a conversation.
Read more »
-
GDPR, Part VII: A Brief Guide to the GDPR Posted on: May 02, 2018 In: Data Privacy & CybersecurityOn May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) will take effect. The primary objectives of the GDPR are to return control of “personal data” to EU citizens and residents and to simplify the regulatory environment for international business by unifying regulations within the EU.
Read more »
-
Protecting Against Ransomware Attacks: Security and Best Practices Tips Posted on: April 11, 2018 In: Data Privacy & CybersecurityEncryption attacks, more commonly known as ransomware, are one of the major cyber threats facing businesses today. No company is immune from threat of attack—any business that is connected to the internet is at risk. Industry experts estimate that a business falls victim to a ransomware event every 40 seconds.
Read more »
-
The United States of Data Breach Notification Posted on: April 10, 2018 In: Data Privacy & CybersecurityThe absence of comprehensive federal legislation on data breach notification has led to the development of a patchwork of state laws to ensure that individuals receive timely notification of data breaches that might impact their personal data.
Read more »
-
Oregon Amends Data Breach Notification Law Posted on: April 09, 2018 In: Data Privacy & CybersecurityIn March 2018, Oregon Governor Kate Brown signed into law new measures to strengthen the state’s existing data breach notification statute, ORS § 646A.604. The legislation is set to take effect in June 2018 and, among other things, will require organizations that experience a data breach affecting Oregon residents to notify affected individuals of the data breach within 45 days of its discovery, unless asked to delay notification by law enforcement.
Read more »
-
Virginia Imposes New Breach Notification Requirements on Tax Preparers Posted on: March 16, 2018 In: Data Privacy & CybersecurityOn Friday, March 9, 2018, Virginia Governor Ralph Northam signed H.B. 183, which imposes data breach notification requirements on certain tax preparers. The bill, introduced by Delegate Hala S. Ayala, had unanimous support in both the Virginia House and Senate.
Read more »
-
The End (of Net Neutrality) May Be Just the Beginning Posted on: March 07, 2018 In: Data Privacy & CybersecurityIn 2015 the Federal Communications Commission (FCC) issued its Open Internet Order, which reclassified landline and mobile broadband internet from an information service under Title I of the Communications Act of 1934 to a telecommunication service under Title II. This reclassification, commonly referred to as “net neutrality,” made internet service providers (ISPs) subject to most of the same regulations and oversight that govern other utilities, such as electricity and telephone services.
Read more »
-
Supreme Court Won’t Reconsider Standing Principles from Spokeo Posted on: February 05, 2018 In: Data Privacy & CybersecurityOn January 22, 2018, the United States Supreme Court denied a petition for writ of certiorari that requested review of the court’s May 2016 ruling in Spokeo, Inc. v. Robins. The 2016 Spokeo ruling concerned the types of injuries that are sufficient to confer standing to sue under Article III of the U.S. Constitution.
Read more »
-
The Meltdown and Spectre Bug Posted on: January 24, 2018 In: Data Privacy & Cybersecurity2018 kicked off with security researchers finding two serious security flaws in chips used in personal computers and mobile devices. The two flaws or bugs, named “Meltdown” (computers) and “Spectre” (mobile devices), make data stored in individual devices vulnerable to attack by allowing hackers to access and steal passwords, encryption keys, or other sensitive information from the device’s memory.
Read more »
-
GDPR, Part VI: What Are the Roles of U.S. Regulators? Posted on: December 21, 2017 In: Data Privacy & CybersecurityWhen the General Data Protection Regulation (GDPR) goes into effect on May 25, 2018, the European Union (EU) will mark a sea change in how its member states will seek to protect and regulate the collection and use of EU citizens’ data. But as we have noted in our seven-part series analyzing the impact of Europe’s new data regulation and the hurdles that businesses will have to clear in order to comply with its provisions, the effects of the GDPR will not stop at the EU water’s edge.
Read more »
Blog Search
Featured Posts
- December 06, 2022 Just In Time: Last Minute Compliance Tips for the CPRA and VCDPA
Blog Tags
alabama
arkansas
biometric data
blockchain
breach notification
california
canada
ccpa
cisa
client notification
colorado
congress
connecticut
consumer data
consumer notification
consumer rights
coronavirus
covid-19
cpa
cppa
cpra
cryptocurrency
cyberattack
cyber insurance
cybersecurity
cyber threat
cyberwarfare
data breach
data privacy
data protection
data security
delaware
email
employment
equifax
eu
eu-u.s. privacy shield
european union
executive order
fbi
fcra
federal trade commission
financial fraud kill chain
fincen
fraud
ftc
gdpr
hacking
healthcare
hhsocr
hipaa
holiday season
human resources
identity theft
illinois
incident response
information security
irs
legislation
legislative alert
malware
managed service providers
maryland
massachusetts
microsoft
microsoft exchange servers
microsoft office 365
multi-factor authentication
multi-factor identification
new jersey
new mexico
new york
ninth circuit
nist security controls
north carolina
ofac
opt out
personal data
personal information
phishing
privacy law
privacy protection patchwork
protected health information
ransomware
regulations
reporting requirements
sec
social engineering
social media
statute
strengthening american cybersecurity act
supreme court
tax returns
treasury department
utah
video-teleconferencing
virginia
washington
wire transfers
workplace policy