Last week, Erik Gerding, Director of the SEC’s Division of Corporation Finance (the Division), issued a statement providing clarification regarding the disclosure of cybersecurity incidents by reporting companies. This...more
6/4/2024
/ Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Foreign Private Issuers ,
Form 8-K ,
Investors ,
New Rules ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Voluntary Disclosure
The push by U.S. states to pass data privacy laws continues with Maryland being the 18th state to join their ranks. However, Maryland has taken a more stringent and comprehensive approach than many of its peers: Governor Wes...more
5/17/2024
/ Commodity Exchange Act (CEA) ,
Consumer Privacy Rights ,
COPPA ,
Data Protection ,
Fines ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Maryland ,
Opt-Outs ,
Penalties ,
Personal Data ,
Personal Information ,
Popular ,
Securities Exchange Act
As U.S. states continue to pass data privacy legislation, Maryland has gone above and beyond in signing both the Maryland Online Data Privacy Act of 2024 (MODPA) and the Maryland Age Appropriate Design Code (HB 603/SB...more
5/17/2024
/ COPPA ,
Covered Entities ,
Data Management ,
Data Protection ,
Fines ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Maryland ,
Minor Children ,
Penalties ,
Personal Data ,
Popular ,
Privacy Laws ,
Safety Standards
Will the U.S. finally join most developed nations and pass a comprehensive federal privacy law? Some believe this may be the year that the U.S. does just that....more
2023 was a record-breaking year, with legislators in Delaware, Indiana, Iowa, Montana, Oregon, Tennessee and Texas passing comprehensive data privacy laws, joining California, Colorado, Connecticut, Utah and Virginia. Already...more
4/16/2024
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Exemptions ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Jersey ,
New Legislation ,
Opt-Outs ,
Personal Data ,
Personal Information ,
Private Right of Action ,
Reporting Requirements ,
State Privacy Laws
New Hampshire’s New Law is on the Books -
2023 was a record-breaking year, with legislators in Delaware, Indiana, Iowa, Montana, Oregon, Tennessee and Texas passing comprehensive data privacy laws, joining California,...more
4/15/2024
/ Consumer Rights Directive ,
Controlled Substances Act ,
Data Collection ,
Fines ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Penalties ,
Personal Data ,
Private Right of Action ,
State Privacy Laws
After years of internal discussion, the Board of the California Privacy Protection Agency (CPPA), at their March 8th meeting, voted to progress toward formalizing the proposed regulations on risk assessments and automated...more
3/26/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Bias ,
California Privacy Protection Agency (CPPA) ,
Corporate Counsel ,
Cybersecurity ,
Employment Discrimination ,
Information Sharing ,
Personal Information ,
Policy Updates ,
Privacy Laws ,
Proposed Regulation ,
Risk Assessment
If you have been relying on last year’s court order staying the ability of the California Privacy Protection Agency (CPPA) to enforce regulations promulgated under the California Privacy Rights Act (CPRA) to also stay your...more
2/16/2024
/ Audits ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Contract Terms ,
Cybersecurity ,
Enforcement ,
New Regulations ,
Notice Requirements ,
Opt-Outs ,
Risk Assessment ,
Targeted Digital Advertising
A number of significant regulatory, legal, market, and ESG-related developments and issues will affect how public companies approach the upcoming year-end reporting process. As in past years, Mintz has prepared an in-depth...more
12/18/2023
/ 10b5-1 Plans ,
Artificial Intelligence ,
Chief Information Security Officer (CISO) ,
Clawbacks ,
Climate Change ,
Corporate Governance ,
Cybersecurity ,
Enforcement Actions ,
Environmental Social & Governance (ESG) ,
Form 10-K ,
Form 8-K ,
Nasdaq ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Shareholder Meetings ,
Trading Plans ,
Year-End Planning
The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (the “CCPA”), is regarded as one of the strongest and most comprehensive privacy laws in the United States and in recent...more
10/16/2023
/ Abortion ,
California ,
California Consumer Privacy Act (CCPA) ,
Citizenship ,
Corporate Counsel ,
Data Brokers ,
Do Not Call List ,
Federal Trade Commission (FTC) ,
Immigration ,
Reproductive Healthcare Issues ,
Sensitive Personal Information
If you are in the consumer health space, you have (or at least we hope you have...) figured out by now that there are health-related privacy and security laws and regulations that apply to your business. The Federal Trade...more
Several states have clarified or tightened their data breach notification statutes since we last updated the Mintz Matrix at the beginning of the year. Please click here for the latest edition of the Mintz Matrix, which is a...more
The California Privacy Protection Agency (CPPA) has released its agenda for the September 8 board meeting, which includes (among other topics) presentation of a draft Cybersecurity Audit Regulation and a draft Risk Assessment...more
8/30/2023
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Selling ,
New Regulations ,
Personal Information ,
Privacy Laws ,
Risk Assessment ,
Rulemaking Process
In a narrow 3-2 decision on July 26, the SEC adopted its final rule concerning cybersecurity risk management, strategy, governance, and incident disclosure (the “Final Rule”). Below we highlight some of the principal changes...more
8/2/2023
/ Compliance ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 8-K ,
Incident Response Plans ,
Information Governance ,
National Security ,
Policies and Procedures ,
Public Safety ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
Texas has joined the growing list of states enacting comprehensive consumer data privacy laws. On June 18, 2023, Governor Abbott (R) signed H.B.4, otherwise known as the Texas Data Privacy and Security Act (“TDPSA”). The...more
Does your business collect or use fingerprints? Do your building access points use retina, finger, or palm scans? Does your security office use facial recognition technology to identify repeated trespassers? Do your phone...more
7/7/2023
/ Appeals ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Consent ,
Data Collection ,
Data Privacy ,
Data Security ,
Deceptive Intent ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Fingerprints ,
FTC Act ,
Personal Data ,
Personally Identifiable Information
Judge James Arguelles has sided with California businesses in holding that the California Privacy Protection Agency (CPPA) cannot start enforcement of regulations promulgated under the California Privacy Rights Act (CPRA) for...more
Florida has joined the growing list of states enacting comprehensive privacy laws. Governor Ron DeSantis (R) signed the Florida Digital Bill of Rights (“FDBR”) into law on June 6th. How does it compare?...more
6/12/2023
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Corporate Counsel ,
Data Privacy ,
FERPA ,
Financial Institutions ,
Fines ,
Florida ,
Governor DeSantis ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Penalties ,
Personal Data ,
Privacy Laws ,
Private Right of Action ,
Search Engines
Blaming a "data retention glitch," Microsoft has agreed to pay the Federal Trade Commission $20 million to settle allegations that the company's Xbox gaming system has illegally collected personal information from children...more
6/8/2023
/ COPPA ,
Corporate Counsel ,
Data Collection ,
Data Retention ,
Federal Trade Commission (FTC) ,
Microsoft ,
Minors ,
Personal Information ,
Regulatory Violations ,
Settlement ,
Xbox
Our May Madness series is getting you caught up on comprehensive privacy legislation passing state legislatures across the nation. In April, governors signed legislation in Tennessee and Indiana, and this month ahead of...more
I hear this frequently: "We've moved everything to the cloud, so our security is good." Maybe yes, maybe no. Cloud applications operate on a "shared responsibility" model, which means that the cloud provider will have a...more
The Volunteer State became the eighth state to enact a comprehensive data privacy law after Gov. Bill Lee (R) signed the Tennessee Information Protection Act (“TIPA”) into law yesterday, May 11.
Tennessee joins a growing...more
5/12/2023
/ California Consumer Privacy Act (CCPA) ,
Controlled Substances Act ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Fair Credit Reporting Act (FCRA) ,
Farm Credit Administration ,
Fines ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
Nonprofits ,
Opt-Outs ,
Penalties ,
Personal Information ,
Private Right of Action ,
State Privacy Laws ,
Tennessee
Indiana's New Law is on the Books -
Last month, three more state legislatures passed comprehensive data privacy laws. Just this week, Indiana’s governor signed one of them - the Indiana Consumer Data Privacy Act (“ICDPA’) -...more
5/4/2023
/ Cybersecurity ,
Data Privacy ,
Fair Credit Reporting Act (FCRA) ,
Fines ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Nonprofits ,
Penalties ,
Personal Data ,
Personal Information ,
Private Right of Action ,
Public Utility ,
State Privacy Laws
Just ahead of the expected April release of the final SEC cybersecurity regulations, the SEC has fined Blackbaud, a donor data management platform used widely by nonprofits, $3 million dollars for "misleading disclosures" in...more
The FBI and the Cybersecurity & Infrastructure Security Agency have been warning the healthcare sector for years about vulnerabilities and ransomware gangs targeting those vulnerabilities. With millions of records -- and...more