If you have been relying on last year’s court order staying the ability of the California Privacy Protection Agency (CPPA) to enforce regulations promulgated under the California Privacy Rights Act (CPRA) to also stay your...more
2/16/2024
/ Audits ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Contract Terms ,
Cybersecurity ,
Enforcement ,
New Regulations ,
Notice Requirements ,
Opt-Outs ,
Risk Assessment ,
Targeted Digital Advertising
Just ahead of the expected April release of the final SEC cybersecurity regulations, the SEC has fined Blackbaud, a donor data management platform used widely by nonprofits, $3 million dollars for "misleading disclosures" in...more
On April 28, 2022, the Connecticut legislature took the final step to become very close to passing comprehensive consumer privacy legislation as the Connecticut House of Representatives voted 144-5 in favor of Senate Bill 6,...more
5/4/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CDPA ,
Connecticut ,
COPPA ,
Data Privacy ,
Data Security ,
Enforcement ,
Fair Credit Reporting Act (FCRA) ,
FERPA ,
Governor Lamont ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Private Right of Action ,
Proposed Legislation ,
State Privacy Laws
Colorado has now joined California and Virginia to become the third US state to pass a comprehensive data privacy legislation when Governor Jared Polis signed the Colorado Privacy Act (the “CPA”) into law on July 8, 2021. The...more
8/3/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CDPA ,
Colorado ,
COPPA ,
Data Deletion ,
Data Protection ,
Enforcement ,
Fair Credit Reporting Act (FCRA) ,
General Data Protection Regulation (GDPR) ,
GLBA Privacy ,
Notice Requirements ,
Opt-Outs ,
Right of Access ,
State Privacy Laws
The NYDFS has announced that it has extended the deadline for compliance with certain cybersecurity requirements due to the coronavirus emergency.
The announcement from the Superintendent of Financial Services of the State...more
4/1/2020
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Compliance ,
Confidential Information ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Disclosure Requirements ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
Insurance Industry ,
Notice Requirements ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Assessment ,
Risk Management ,
Third-Party Service Provider
Significant changes to the Massachusetts data breach notification law take effect on April 11, 2019. You can view the amendment here. If you haven’t looked at your written information security plan, or WISP, in a while, now’s...more
June 28, 2018 will be a watershed day in the history of U.S. data privacy legislation. California has become the first state to move away from the U.S. approach of legislating data privacy in slow bits. Yesterday, both houses...more
6/29/2018
/ Consumer Protection Laws ,
Data Collection ,
General Data Protection Regulation (GDPR) ,
Governor Brown ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Portability ,
Private Right of Action ,
Right to Be Forgotten ,
State and Local Government
Recently, a new bill was signed by Colorado Governor John Hickenlooper, creating far reaching new requirements for entities that collect or maintain personal identifying information of Colorado residents. These requirements,...more
6/7/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Governor Hickenlooper ,
New Legislation ,
Notice Requirements ,
Personally Identifiable Information ,
Popular ,
State and Local Government ,
State Data Breach Notification Statutes
With the recent enactment of data breach notification laws in South Dakota and Alabama, all 50 US states now have laws regulating data breach notification. We’ve updated the Mintz Matrix (maintained by the Mintz Privacy Team...more
5/1/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
Notice Requirements ,
Personally Identifiable Information ,
State and Local Government ,
State Data Breach Notification Statutes
Alabama has joined the “crazy quilt” of state data breach notification laws with the governor’s signature of the Alabama Data Breach Notification Act of 2018.
Things to take note of under the Alabama law...more
Only one U.S. state without a data breach notification law, that is.
South Dakota as become the 49th state to enact a data breach notification law, which take effect on July 1. The South Dakota law follows the pattern...more
As data breaches dominate national headlines it remains important as ever for businesses to invest in security and to be ready to respond if a breach occurs. Part of your preparedness program should be staying current on data...more
I. Introduction: Privacy Shield to Go Live August 1 (at Last) -
The replacement for Safe Harbor is finally in effect, over nine months after Safe Harbor was struck down by the Court of Justice of the EU in the Schrems...more
7/25/2016
/ Consent ,
Data Protection Authority ,
Data Security ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Notice Requirements ,
Personal Data ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
State legislatures are not waiting for Congressional action on a national data breach notification standard.
Montana — Montana has amended its 10-year old breach notification law (see Mintz Matrix) to expand the...more
There are quite a few privacy-related things taking effect July 1. Some reminders:
Florida Amendments to Data Breach Notification Law -
The Florida Information Protection Act of 2014 (“FIPA”) takes effect...more
There has been so much news swirling in the data privacy and security world in the last few days, that it has been difficult to keep up. We’ll give you a roundup here....more
4/21/2014
/ Cloud Computing ,
Data Breach ,
Debit and Credit Card Transactions ,
Facebook ,
Google ,
Heartbleed ,
Michaels ,
Microsoft ,
Network Security ,
Notice Requirements ,
Personally Identifiable Information
Today’s the day! Today marks the long-awaited compliance date for the HIPAA Omnibus Rule.
In case you have put any thoughts of compliance with the Omnibus Rule out of your mind, you can no longer escape.
Here...more
As we have reported in this blog, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently released final regulations containing modifications to the HIPAA Privacy, Security, Enforcement, and...more
2/18/2013
/ Business Associates ,
Cloud Computing ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Employee Retirement Income Security Act (ERISA) ,
Fundraisers ,
HIPAA Omnibus Rule ,
HITECH Act ,
Marketing ,
Notice Requirements ,
OCR ,
PHI ,
Privacy Rule ,
Risk Assessment ,
Subcontractors ,
Training