On January 20, 2025, President Donald Trump signed an executive order rescinding the 2023 directive issued by former President Joe Biden on artificial intelligence (AI). Biden’s order outlined extensive measures aimed at...more
1/22/2025
/ Artificial Intelligence ,
Compliance ,
Corporate Governance ,
Data Privacy ,
Data Protection ,
Ethics ,
Executive Orders ,
Policies and Procedures ,
Regulatory Agenda ,
Regulatory Reform ,
Risk Management ,
Technology
This is the second article in our two-part series on Cybersecurity in the Age of Industry 4.0, focusing on the legal implications and potential liabilities manufacturers face from cyberattacks, as well as practical...more
9/20/2024
/ California Privacy Rights Act (CPRA) ,
Class Action ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Duty of Care ,
Employee Training ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Intellectual Property Protection ,
Manufacturers ,
Noncompliance ,
Theft ,
Trade Secrets
The European Commission adopted new versions of the Standard Contractual Clauses (SCCs) on June 4, 2021. The new SCCs finally replace the original SCCs adopted under the 1998 European Data Protection Directive (DPD) and did...more
7/6/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK Data Protection Act
While the world anxiously awaited the results of the November 2020 U.S. federal elections, California silently passed California Proposition 24, the California Privacy Rights Act (CPRA). Labeled on the ballot simply as...more
11/13/2020
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Data Mapping ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Policies and Procedures ,
Safe Harbors ,
Sensitive Personal Information
On August 14, 2018, the Brazilian government approved the Brazilian General Data Protection Law, known as the Lei Geral de Proteção de Dados Pessoais (“LGPD”). Enforcement was set to begin on August 15, 2020 but then, due to...more
9/11/2020
/ Binding Corporate Rules ,
Brazil ,
Certifications ,
Coronavirus/COVID-19 ,
Data Protection ,
Data Protection Officers (DPOs) ,
Economic Sanctions ,
EU ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Noncompliance ,
Penalties ,
Personal Data
On July 16, 2020, the Court of Justice of the European Union (CJEU) issued its anxiously-awaited judgment in the Schrems II case. The CJEU’s decision upheld the Standard Contractual Clauses (SCCs) but, somewhat surprisingly,...more
7/21/2020
/ Court of Justice of the European Union (CJEU) ,
Data Collection ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
Executive Orders ,
Federal Trade Commission (FTC) ,
FISA ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
As industry continues to adapt to the evolving realities of shelter-in-place orders, companies face challenges in supporting an unprecedented remote workforce while balancing compliance with a variety of regulatory agencies....more
4/9/2020
/ Business Interruption ,
California Consumer Privacy Act (CCPA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Regulatory Standards ,
Remote Working ,
Small Business ,
State of Emergency
As the coronavirus (also known as COVID-19) continues to impact all organizations globally and create uncertainty, cyber criminals are looking to exploit these vulnerabilities and fears and pose heightened cybersecurity...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
New state laws that took effect January 1, 2019, likely will have a broader impact on how U.S. companies collect, process, and secure consumers’ personal information, in addition to how and when they report data breaches....more
1/11/2019
/ Consumer Privacy Rights ,
Consumer Protection Act ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Digital Service Providers ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
State and Local Government ,
State Data Breach Notification Statutes ,
Third-Party
Security incidents, loss of customer data, exposure of confidential corporate assets, demands of ransom, and similar stories are becoming daily headlines with the impacts being felt across a wide variety of industries. We...more
10/24/2017
/ Confidentiality Policies ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Data Transfers ,
Hackers ,
Personally Identifiable Information ,
Privacy Policy ,
Ransomware ,
Risk Assessment ,
Third-Party Service Provider
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
The New York State Department of Financial Services (DFS) made headlines back in late September with a “first-in-the-nation” piece of legislation aimed at mandating specific cybersecurity protocols for banks, insurance...more
12/3/2016
/ Banks ,
Board of Directors ,
Brokers ,
Chief Information Security Officer (CISO) ,
Covered Entities ,
Credit Unions ,
Cybersecurity ,
Data Protection ,
Department of Financial Services ,
Financial Institutions ,
Incident Response Plans ,
Insurance Industry ,
Mortgage Lenders
In the two decades since its original passage, complying with the federal Health Insurance Portability and Accountability Act (HIPAA) hasn’t gotten any easier. Enacted with the primary goal of protecting the confidentiality,...more
As recent noteworthy attacks have shown, no health care organization or provider is safe from ransomware threats, and the results of an attack can be devastating. Ransomware is a virus which limits or eliminates access to...more
5/26/2016
/ Cyber Attacks ,
Data Protection ,
Data Security ,
Email ,
Employee Training ,
Hackers ,
Health Care Providers ,
Hospitals ,
Phishing Scams ,
Popular ,
Ransomware ,
Social Media ,
Websites