After years of internal discussion, the Board of the California Privacy Protection Agency (CPPA), at their March 8th meeting, voted to progress toward formalizing the proposed regulations on risk assessments and automated...more
3/26/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Bias ,
California Privacy Protection Agency (CPPA) ,
Corporate Counsel ,
Cybersecurity ,
Employment Discrimination ,
Information Sharing ,
Personal Information ,
Policy Updates ,
Privacy Laws ,
Proposed Regulation ,
Risk Assessment
If you have been relying on last year’s court order staying the ability of the California Privacy Protection Agency (CPPA) to enforce regulations promulgated under the California Privacy Rights Act (CPRA) to also stay your...more
2/16/2024
/ Audits ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Contract Terms ,
Cybersecurity ,
Enforcement ,
New Regulations ,
Notice Requirements ,
Opt-Outs ,
Risk Assessment ,
Targeted Digital Advertising
The California Privacy Protection Agency (CPPA) has released its agenda for the September 8 board meeting, which includes (among other topics) presentation of a draft Cybersecurity Audit Regulation and a draft Risk Assessment...more
8/30/2023
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Selling ,
New Regulations ,
Personal Information ,
Privacy Laws ,
Risk Assessment ,
Rulemaking Process
The NYDFS has announced that it has extended the deadline for compliance with certain cybersecurity requirements due to the coronavirus emergency.
The announcement from the Superintendent of Financial Services of the State...more
4/1/2020
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Compliance ,
Confidential Information ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Disclosure Requirements ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
Insurance Industry ,
Notice Requirements ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Assessment ,
Risk Management ,
Third-Party Service Provider
The New York Department of Financial Services (NYDFS) issued guidance to financial institutions engaged in virtual currency business activities, mandating that an emergency preparedness plan from each firm be submitted to...more
If you are one of the many businesses licensed by the New York Department of Financial Services (DFS), and cannot avail yourself of the (very) limited exemptions, you must be ready for the first compliance transition date for...more
By now, you may have heard about the global ransomware attacks affecting health care and other organizations throughout the world, in particular the United Kingdom, but also in the United States. The ransomware variant,...more
On Friday, the heads of the Federal Trade Commission overruled the decision of the Administrative Law Judge (“ALJ”) in In the Matter of LabMd., Inc. The FTC concluded that the ALJ had erred in dismissing the Commission’s case...more
8/1/2016
/ Actual Injuries ,
Administrative Law Judge (ALJ) ,
Corporate Counsel ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
LabMD ,
Risk Assessment ,
Section 5 ,
Unfair or Deceptive Trade Practices
For our HIPAA-covered entity readers, we have asked these questions before: Have you taken a business associate inventory? Have you undertaken a comprehensive risk assessment as required by HIPAA?...more
Another federal agency has weighed in with “guidance” on cybersecurity preparation and breach response. The Department of Justice (DOJ) is the latest to issue guidance on how companies should respond to data breaches. The...more
Imagine you are the IT systems administrator of a large corporation. Coffee in hand, you sit down one morning and log in. You receive a message that there has been an intrusion into the corporate database, a large amount of...more
What’s that old saying … “a day late and a dollar short?” Here is our Privacy Monday roundup … on Wednesday.
Office for Civil Rights HIPAA Crackdown?
The Office for Civil Rights (OCR) — the enforcement arm of...more
As we have reported in this blog, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently released final regulations containing modifications to the HIPAA Privacy, Security, Enforcement, and...more
2/18/2013
/ Business Associates ,
Cloud Computing ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Employee Retirement Income Security Act (ERISA) ,
Fundraisers ,
HIPAA Omnibus Rule ,
HITECH Act ,
Marketing ,
Notice Requirements ,
OCR ,
PHI ,
Privacy Rule ,
Risk Assessment ,
Subcontractors ,
Training