Data Privacy & Cybersecurity PracticeIn recent months, a total of 101 complaints have been filed against data exporters in Europe for allegedly transferring data to the United States in violation of the European Union’s General Data Protection Regulation (GDPR) by way of the use of Google Analytics. The first decision by the Austrian Data Protection Authority (DPA) on January 13, 2022 held that an Austrian company was in violation of GDPR for impermissibly transferring personal data to the US via Google Analytics.
Read more »Data Privacy & Cybersecurity
-
Austrian DPA Says Google Analytics Use Violates GDPR Posted on: February 08, 2022 In: Data Privacy & Cybersecurity
-
Recent Amendment to New York State Technology Law Demonstrates Rapid Evolution of Privacy Laws Posted on: December 29, 2021 In: Data Privacy & CybersecurityOn December 22, 2021, New York Governor Kathy Hochul signed into law New York Senate Bill 7019, amending New York State Technology Law § 209 in an effort to remedy the miscommunications between various state agencies regarding notices of data breaches. The law now requires the Office of Information Technology Services to take certain steps when it discovers a data breach or network security breach. We discuss the background and details of the new law in this post.
Read more »
-
Banking Organizations & Bank Service Providers Subject to New Computer-Security Incident Notification Rule Posted on: November 24, 2021 In: Data Privacy & CybersecurityOn November, 18, 2021, the Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, and the Office of the Comptroller of the Currency issued a joint final rule to establish computer-security incident notification requirements for banking organizations and their bank service providers. The final rule's new definition narrows the focus to those incidents most likely to materially and adversely affect BOs, while still retaining general consistency with the NIST definition.
Read more »
-
Fraud Liability for Government Contractors with Lax Cybersecurity Posted on: October 22, 2021 In: Data Privacy & CybersecurityThe Department of Justice announced on October 6, 2021 the creation of a new Civil Cyber-Fraud Initiative to pursue penalties against government contractors who do not properly comply with the cybersecurity standards required by their contracts. This new risk, under the False Claims Act, means that CISOs should consult with their lawyers before starting cybersecurity compliance audits.
Read more »
-
FTC Warns Health Apps, Connected Device Companies to Comply with Health Breach Notification Rule Posted on: September 22, 2021 In: Data Privacy & CybersecurityOn September 15, 2021, the Federal Trade Commission (FTC) released a policy statement to offer guidance on the scope of its Health Breach Notification Rule (the Rule) in relation to health applications and connected devices. The Rule, issued in 2009, helps ensure entities not covered under the Health Insurance Portability and Accountability Act (HIPAA) are held accountable when consumers’ sensitive health information that has been entrusted to them is compromised.
Read more »
-
OFAC September 2021 Advisory: Illusory Solutions to Soften the Enforcement Threat? Posted on: September 22, 2021 In: Data Privacy & CybersecurityOn September 21, 2021, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) released an updated advisory on potential sanctions risks for facilitating ransomware payments. The sanctions have been authorized by the International Emergency Economic Powers Act and the Trading with the Enemy Act with the purpose of disrupting funding for malicious cyber activities and limiting activities that may be adverse to U.S. national security and foreign policy objectives.
Read more »
-
China’s Personal Information Protection Law Brings Heightened Data Privacy Regulation to the People’s Republic Posted on: August 27, 2021 In: Data Privacy & CybersecurityOn August 20, 2021, at the closing meeting of China’s National People’s Conference Standing Committee in Beijing, lawmakers approved the Personal Information Protection Law (PIPL). The PIPL legislates for the protection of personal information and will take effect on November 1, 2021. For businesses transacting with China, the PIPL promises a shift in the way cross-border business is done. This post covers key provisions of the new law to help businesses prepare for the enactment of this legislation.
Read more »
-
Legislative Alert: Enhanced Privacy Protections Signed Into Law in Connecticut Posted on: July 21, 2021 In: Data Privacy & CybersecurityConnecticut is part of the steady stream of states enacting more complicated and demanding data privacy and cybersecurity laws in 2021. The state joins Colorado and California in adding both a new privacy law and a new cybersecurity law. In this post, we review the key elements of Connecticut's Act Concerning Data Privacy Breaches and its Act Incentivizing the Adoption of Cybersecurity Standards for Businesses.
Read more »
-
Legislative Alert: Colorado Privacy Act Passes State Senate, Signed Into Law By Governor Posted on: June 10, 2021 In: Data Privacy & CybersecurityOn June 8, 2021, the Colorado Senate passed the Colorado Privacy Act (CPA). It was then signed into law by Colorado Governor Jared Polis on July 7, 2021, and will go into effect on July 1, 2023. The CPA follows in the tradition of the California Consumer Privacy Act (CCPA) and Virginia’s Consumer Data Protection Act (CDPA) by creating consumer rights and imposing requirements on businesses to guarantee greater protections over consumers’ personal data.
Read more »
-
Backup, Separate, & Secure: White House Cyber Recommendations Reach the Private Sector Posted on: June 07, 2021 In: Data Privacy & CybersecurityOn Wednesday, June 2, Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger released an open letter encouraging businesses within the private sector to adopt immediate protections against ransomware and other cybersecurity threats. The recommendations in the letter are helpful and highlight high-level lessons learned from the increasing frequency and severity of ransomware attacks.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part VII: Penalties and Enforcement Mechanisms Posted on: June 02, 2021 In: Data Privacy & CybersecurityAs discussed throughout this series, the passage of the California Privacy Rights Act (CPRA) will change the privacy landscape in California and impact the compliance efforts of businesses serving California consumers. In addition to expansion of the rights promised to consumers under the California Consumer Privacy Act (CCPA), this seventh installment in our series discusses the new penalties and enforcement mechanisms for subject businesses created by passage of the CPRA on November 3, 2020.
Read more »
-
What’s in President Biden’s Executive Order on Improving the Nation’s Cybersecurity? Posted on: May 27, 2021 In: Data Privacy & CybersecurityOn May 12, 2021, President Biden issued an Executive Order on Improving the Nation’s Cybersecurity, emphasizing the current cyberattack landscape targeting the public and private sectors and the need to heighten efforts and increase resources to defend against this threat environment. The Order comes following recent high-profile cyber incidents, and echoes the NIST's Framework’s Five Functions. Parts of the Order will also directly affect federal contracts and its supply chain.
Read more »
Blog Search
Featured Posts
- December 06, 2022 Just In Time: Last Minute Compliance Tips for the CPRA and VCDPA
Blog Tags
audit
bank secrecy act
biometric data
blockchain
breach notification
california
canada
ccpa
cisa
client notification
colorado
congress
connecticut
consumer data
consumer notification
consumer rights
coronavirus
covid-19
cpa
cppa
cpra
cryptocurrency
cyberattack
cyber insurance
cybersecurity
cyber threat
cyberwarfare
data breach
data privacy
data protection
data security
delaware
email
employment
equifax
eu
eu-u.s. privacy shield
european union
executive order
fbi
fcra
federal trade commission
financial fraud kill chain
fincen
fraud
ftc
gdpr
hacking
healthcare
hhsocr
hipaa
holiday season
human resources
identity theft
illinois
incident response
information security
irs
legislation
legislative alert
malware
maryland
massachusetts
microsoft
microsoft exchange servers
multi-factor authentication
multi-factor identification
new jersey
new mexico
new york
ninth circuit
nist
nist security controls
ofac
office for civil rights
opt out
personal data
personal information
phishing
privacy law
privacy protection patchwork
protected health information
ransomware
regulations
russia ukraine conflict
sec
social engineering
social media
statute
supreme court
tax returns
utah
vcdpa
video-teleconferencing
virginia
w2
washington
websites
workplace policy
zoom