While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
New state laws that took effect January 1, 2019, likely will have a broader impact on how U.S. companies collect, process, and secure consumers’ personal information, in addition to how and when they report data breaches....more
1/11/2019
/ Consumer Privacy Rights ,
Consumer Protection Act ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Digital Service Providers ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
State and Local Government ,
State Data Breach Notification Statutes ,
Third-Party
On September 26, 2018, a record settlement was reached between Uber and the attorneys general of all 50 states and the District of Columbia over the company’s 2016 data breach. While this case presents an extreme example of...more
...On June 28, 2018, California passed AB 375, the California Consumer Privacy Act of 2018 (CCPA), which will become effective January 1, 2020. Introduced just a week earlier in an effort to defeat a much stricter...more
7/3/2018
/ Consumer Protection Laws ,
Cybersecurity ,
Data Collection ,
General Data Protection Regulation (GDPR) ,
Governor Brown ,
New Legislation ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Portability ,
Right to Be Forgotten ,
State and Local Government
Security incidents, loss of customer data, exposure of confidential corporate assets, demands of ransom, and similar stories are becoming daily headlines with the impacts being felt across a wide variety of industries. We...more
10/24/2017
/ Confidentiality Policies ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Data Transfers ,
Hackers ,
Personally Identifiable Information ,
Privacy Policy ,
Ransomware ,
Risk Assessment ,
Third-Party Service Provider
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
The security breach announced by Equifax Inc. on September 7, 2017, grabbed headlines around the world as Equifax revealed that personal data of roughly 143 million consumers in the United States and certain UK and Canadian...more
9/14/2017
/ Breach Notification Rule ,
Canada ,
Corporate Counsel ,
Credit Reporting Agencies ,
Cyber Attacks ,
Data Breach ,
Equifax ,
EU ,
Fines ,
General Data Protection Regulation (GDPR) ,
Identity Theft ,
Incident Response Plans ,
Notice Requirements ,
Personally Identifiable Information ,
State Data Breach Notification Statutes ,
UK
In an order dated June 2, 2017, the Canadian government indefinitely suspended a key provision in Canada’s anti-spam legislation (CASL), which was set to take effect on July 1, 2017. While CASL initially came into force in...more
Businesses have been scrambling since Friday evening when news spread that a ransomware attack named WannaCry is compromising organizations at an alarming rate. In less than 48 hours, it has compromised more than 130,000...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
Enacted in 2008, Illinois’ Biometric Information Privacy Act (740 ILCS 14/1 or BIPA), generally requires companies to obtain a person’s consent before collecting, capturing, or purchasing a person’s “biometric identifier” or...more
As a life sciences or medical device company, it is mission critical to protect lab books, drug and clinical test data, product formulas and production processes that underlie your patents, trade secrets and know-how from...more
4/4/2017
/ Biotechnology ,
Confidential Information ,
Corporate Officers ,
Cybersecurity ,
Data Breach Plans ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Incident Response Plans ,
Intellectual Property Protection ,
Life Sciences ,
Medical Devices ,
Non-Disclosure Agreement ,
Pharmaceutical Industry ,
Policies and Procedures ,
Popular ,
Trade Secrets
The Illinois legislature is currently considering three different bills designed to enhance consumer privacy protections. The Right to Know Act would give consumers the right to know what information has been collected about...more
Following on the heels of an active 2015, where eight states enacted changes to their data breach notification laws, another five states amended their statutes in 2016, adding complexity to the current “patchwork” system of...more
U.S. President Donald Trump signed an Executive Order on January 25, 2017, “Enhancing Public Safety in the Interior of the United States” that requires agencies “to the extent consistent with applicable law ... exclude...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
The New York State Department of Financial Services (DFS) made headlines back in late September with a “first-in-the-nation” piece of legislation aimed at mandating specific cybersecurity protocols for banks, insurance...more
12/3/2016
/ Banks ,
Board of Directors ,
Brokers ,
Chief Information Security Officer (CISO) ,
Covered Entities ,
Credit Unions ,
Cybersecurity ,
Data Protection ,
Department of Financial Services ,
Financial Institutions ,
Incident Response Plans ,
Insurance Industry ,
Mortgage Lenders
On July 8, 2016, the Article 31 Committee, comprised of representatives of the European Union (EU) member states, voted to approve a revised Privacy Shield framework that is intended to replace the Safe Harbor framework...more
7/14/2016
/ Binding Corporate Rules ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ombudsman ,
Personal Data ,
Registration Requirement ,
Self-Certification ,
Standard Contractual Clauses ,
Surveillance ,
Third-Party ,
U.S. Commerce Department ,
UK ,
UK Brexit ,
US-EU Safe Harbor Framework
In the two decades since its original passage, complying with the federal Health Insurance Portability and Accountability Act (HIPAA) hasn’t gotten any easier. Enacted with the primary goal of protecting the confidentiality,...more
From fair housing laws to licensing requirements, the real estate industry is accustomed to navigating various legal constraints and requirements. However, as a result of current ambiguity in the law, class action lawsuits...more
As recent noteworthy attacks have shown, no health care organization or provider is safe from ransomware threats, and the results of an attack can be devastating. Ransomware is a virus which limits or eliminates access to...more
5/26/2016
/ Cyber Attacks ,
Data Protection ,
Data Security ,
Email ,
Employee Training ,
Hackers ,
Health Care Providers ,
Hospitals ,
Phishing Scams ,
Popular ,
Ransomware ,
Social Media ,
Websites
The European Union Article 29 Working Party (Article 29) issued an opinion on the proposed EU-U.S. Privacy Shield framework agreement (Privacy Shield) last month, stating that although the Privacy Shield was a “great step...more
5/3/2016
/ Article 29 Working Party (WP29) ,
Automotive Industry ,
Binding Corporate Rules ,
Data Collection ,
Data Processors ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Privacy Policy ,
Standard Contractual Clauses
The European Union Article 29 Working Party (Article 29) issued an opinion on the proposed EU-U.S. Privacy Shield framework agreement (Privacy Shield) last week, stating that although the Privacy Shield was a “great step...more
4/18/2016
/ Article 29 Working Party (WP29) ,
Binding Corporate Rules ,
Consent ,
Cyber Incident Reporting ,
Data Breach Plans ,
Data Retention ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ombudsman ,
Personal Data ,
Privacy Policy ,
Sarbanes-Oxley ,
Standard Contractual Clauses ,
Surveillance ,
US-EU Safe Harbor Framework
With the Article 29 Working Party’s position on the adequacy of the EU-U.S. Privacy Shield framework agreement (Privacy Shield) decision expected this week, U.S. businesses should be evaluating privacy options and preparing...more
4/12/2016
/ Article 29 Working Party (WP29) ,
Binding Corporate Rules ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses ,
U.S. Commerce Department
On February 29, 2016, the European Commission released the full text of the new EU-U.S. Privacy Shield framework that will govern the transfer of personal data between the European Union and the United States. The EU and U.S....more
3/3/2016
/ Article 29 Working Party (WP29) ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework