Data Privacy & Cybersecurity PracticeNon-compliance with the forthcoming General Data Protection Regulation (GDPR) can mean significant fines and administrative penalties for non-compliant data controllers and processors. The GDPR will go into effect on May 25, 2018, when the former Data Protection Directive 95/46/EC is repealed. While the former directive was binding on all EU member states, it left to the national authorities of each state the choice of “forms or methods” to achieve compliance with its intended results.
Read more »Data Privacy & Cybersecurity
-
GDPR, Part V: Understanding the Fines and Penalties Provisions Posted on: November 28, 2017 In: Data Privacy & Cybersecurity
-
GDPR, Part IV: The Data Subject Consent Provisions Posted on: November 21, 2017 In: Data Privacy & CybersecurityWith the forthcoming General Data Protection Regulation (GDPR) set to change the cybersecurity landscape of data collection and storage in the European Union (EU), one of the most important areas that organizations processing or storing EU citizens' data will need to ensure they are complying with is the GDPR's consent guidelines.
Read more »
-
Proposed Cybersecurity Legislation Casts A Wide Net For U.S. Ports Posted on: November 20, 2017 In: Data Privacy & CybersecurityOn November 7, 2017, Sens. Kamala Harris, D-Calif., and Dan Sullivan, R-Ark., introduced a bipartisan bill designed to strengthen cybersecurity measures in U.S. ports. The bill, S. 2083, is entitled “Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act of 2017.” The bill comes in the wake of a ransomware attack in California that disabled the largest terminal in the Port of Los Angeles.
Read more »
-
GDPR, Part III: The Data Protection Officer Requirement Posted on: November 13, 2017 In: Data Privacy & CybersecurityThis seven-part series analyzes the ways in which the forthcoming General Data Protection Regulation (GDPR), effective May 25, 2018, will impact the regulatory landscape for entities doing business with or transacting in the data of European Union citizens. The first part of this series provided an overview of the history of pre-GDPR European data protection law. The second installment focused on the GDPR’s breach notification requirements.
Read more »
-
GDPR, Part II: Personal Data Breach Notification Requirements Posted on: November 01, 2017 In: Data Privacy & CybersecurityThis seven-part series analyzes the ways in which the General Data Protection Regulation (GDPR), which goes into effect May 25, 2018, will impact the regulatory landscape for entities doing business with, or transacting in the data of European Union citizens. The first part of the series provides an overview of the history of pre-GDPR European data protection law. Future installments will each address a discrete aspect of the GDPR itself.
Read more »
-
GDPR, Part I: History of European Data Protection Law Posted on: October 26, 2017 In: Data Privacy & CybersecurityIn today’s global marketplace, organizations must comply with an increasingly complicated set of international laws and regulations. This article is the first in a seven-part series which seeks to explain, in plain English, the critical compliance requirements of the European Union’s forthcoming General Data Protection Regulation (GDPR).
Read more »
-
State of the (State) Data Breach Laws: 2017 Legislative Update, Part III Posted on: October 24, 2017 In: Data Privacy & CybersecurityWith 2017 nearing its end, the legislative activity in most state capitals has wound down and the majority of legislatures have ended their 2017 sessions. In Part I and Part II of our series, we looked at how a number of states amended or enacted data breach notification-related legislation (Arkansas, Delaware, Maryland, New Mexico, and Tennessee).
Read more »
-
State of the (State) Data Breach Laws: 2017 Legislative Update, Part II Posted on: October 12, 2017 In: Data Privacy & CybersecurityAs we noted in Part I of our series, state legislatures across the country continued to refine and reshape their respective data breach notification requirements during the 2017 legislative session. While a handful of states were successful in passing new data breach notification legislation, some of those states significantly revised just when, how, and under what circumstances an entity has to notify affected consumers of a data breach.
Read more »
-
State of the (State) Data Breach Laws: 2017 Legislative Update, Part I Posted on: September 26, 2017 In: Data Privacy & CybersecurityWith the summer winding down and children already heading back to school, most state legislators have already said “sine die” to the 2017 legislative session. And like in legislative sessions over the past few years, data security and data breach notification continued to occupy the legislative calendars of state houses across the country in 2017. During the past session, a myriad of bills affecting breach notification requirements were proposed in numerous state legislatures.
Read more »
-
Executive Management Guide to Cybersecurity: A Conversation with Your IT Team Posted on: August 29, 2017 In: Data Privacy & CybersecurityGiven the tremendous economic and reputational costs of recent cyber attacks, executives are increasingly attempting to better understand the risk to their information systems. They’ve heard about the impact of data breaches on their peer corporations, and they’ve read about the huge fines levied by federal regulatory agencies. They’ve developed an increased sense of urgency to become better educated.
Read more »
-
What You Don’t Know Can Hurt You Posted on: August 24, 2017 In: Data Privacy & CybersecurityThe need to protect patient information from unauthorized disclosure is nothing new for healthcare providers. However, healthcare providers cannot adequately protect the security and integrity of their patients’ information if they do not first know what threats they face. A string of recent enforcement actions and corresponding high-dollar settlements with the U.S. Department of Health and Human Services Office for Civil Rights (OCR) demonstrates that the agency takes threat identification seriously.
Read more »
-
Ransomware and Encryption Attacks Posted on: August 15, 2017 In: Data Privacy & CybersecurityAs organizations move towards the efficiencies of a “paperless office,” the very same internet-facing technologies that help create a more efficient and productive workplace can also greatly increase the risk of suffering a significant ransomware or encryption attack.
Read more »
Blog Search
Featured Posts
- December 06, 2022 Just In Time: Last Minute Compliance Tips for the CPRA and VCDPA
Blog Tags
alabama
arkansas
biometric data
blockchain
breach notification
california
canada
ccpa
cisa
client notification
colorado
congress
connecticut
consumer data
consumer notification
consumer rights
coronavirus
covid-19
cpa
cppa
cpra
cryptocurrency
cyberattack
cyber insurance
cybersecurity
cyber threat
cyberwarfare
data breach
data privacy
data security
delaware
email
employment
equifax
eu
eu-u.s. privacy shield
european union
executive order
fbi
fcra
financial fraud kill chain
fincen
fraud
ftc
gdpr
hacking
healthcare
hhsocr
hipaa
holiday season
human resources
identity theft
illinois
incident response
information security
irs
legislation
legislative alert
malware
managed service providers
maryland
massachusetts
microsoft
microsoft exchange servers
microsoft office 365
multi-factor identification
new jersey
new mexico
new york
ninth circuit
nist security controls
north carolina
ofac
opt out
personal data
personal information
phishing
privacy law
privacy protection patchwork
protected health information
ransomware
regulations
reporting requirements
russia ukraine conflict
sec
social engineering
social media
statute
strengthening american cybersecurity act
supreme court
tax returns
treasury department
utah
video-teleconferencing
virginia
washington
websites
wire transfers
workplace policy
zoom