In Part 4 of our series on the Maryland Online Data Privacy Act (MODPA), we turn to third-party vendors. MODPA sets strict requirements for data processing agreements and oversight of vendors who handle personal data on...more
In the final part of our series on the Maryland Online Data Privacy Act (MODPA), we look ahead to enforcement and beyond. With MODPA taking effect on Oct. 1, 2025, and enforcement beginning April 1, 2026, businesses must not...more
9/18/2025
/ Advertising ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Marketing ,
Maryland ,
New Regulations ,
Regulatory Requirements ,
Risk Management ,
State Privacy Laws ,
Third-Party Risk
As part of our continuing series on the Maryland Online Data Privacy Act (MODPA), this installment focuses on risk assessments. MODPA requires businesses to perform data protection assessments when certain processing...more
The Maryland Online Data Privacy Act (MODPA) will take effect on October 1, 2025. In this second part of our series, McNees explores which businesses the law applies to and the key mandates they will face....more
The Maryland Online Data Privacy Act (MODPA) will take effect on October 1, 2025. Businesses marketing goods or services to consumers in Maryland will need to implement legal and technical measures to comply with the new law....more
When it comes to data privacy and cybersecurity regulation in the United States, California continues to lead the way. The state’s latest updates to the California Consumer Privacy Act (CCPA) show that its rules do more than...more
A recent decision from the Third Circuit suggests that the leak of information onto the Dark Web provides standing to class action plaintiffs in data breach litigation. In Clemens v. ExecuPharm, Inc., 48 F.4th 146 (3d Cir....more
On August 24, 2022, the California Attorney General announced its first enforcement action – including a fine for $1.2 million – under the California Consumer Protection Act (“CCPA”). The Attorney General brought its...more
On June 3, 2021, the U.S. Supreme Court issued an important opinion in Van Buren v. United States, which provided important clarification of the scope of the Computer Fraud and Abuse Act (CFAA). The CFAA bars unauthorized...more
While the California Consumer Privacy Act (effective January 1, 2020) has been getting the lion’s share of attention, Nevada’s Senate Bill No. 220 (“SB 220”) already went into effect on October 1, 2019. SB 220 gives Nevada...more
On May 7, 2019, the City of Baltimore discovered that its integral systems were the subject of a ransomware attack, breaching the City’s phone systems, emails, documents and critical operational databases, affecting roughly...more
Copyrighting Your Body: A Defense Against Revenge Pornography -
When personal, intimate photographs or videos become exposed to the public via websites or other media, victims suffer immense loss and seemingly have little...more
On November 2, 2018, Ohio’s new “cybersecurity safe harbor” law took effect, and the law gives Ohio businesses a strong new reason to proactively address data security. Data breaches are an ever-growing threat to businesses...more
If your business has customers in California, you will need to comply with the Consumer Privacy Act.
On Thursday, June 28, 2018, California enacted its state Consumer Privacy Act, the first state law that will bring...more
Over the last few weeks, we all have been inundated with emails from merchants and websites alerting us to privacy policy changes or asking for consent to use our personal information. Those merchants and websites are trying...more
On March 22, 2018, a cyberattack hit the City of Atlanta. A ransomware program infected the City’s computer systems. That malware encrypted the city’s files, and officials believe it may also have provided unauthorized...more
The General Data Protection Regulation (GDPR) takes effect in the European Union (EU) on May 25, 2018. Although U.S. businesses may think that EU regulations do not apply to them, GDPR extends to any entity that collects,...more
Do you have a written data security program in place to meet federal requirements?
In the last year, the Department of Education (DOE) released guidance in the form of a “Dear Colleague” letter emphasizing the importance...more
In February 2016, a computer hacker sent an e-mail infected with a “ransomware virus” to an employee of the town of Medfield, Massachusetts. When the e-mail was opened, the virus spread throughout the town’s computer network,...more
Federal courts have varied widely in their interpretation of standing for plaintiffs in consumer protection class actions since last year’s U.S. Supreme Court decision in Spokeo v. Robins , __ U.S. __, 136 S.Ct. 1540 (May 16,...more
Data Privacy Day was January 28th – the annual event, coordinated by the National Cyber Security Alliance, celebrates the signing in 1981 of the first international treaty addressing privacy and data protection.
On...more
This annual campaign is an effort by the U.S. Department of Homeland Security to raise awareness about data security threats.
The Privacy & Data Security Group at McNees urges you on this occasion to consider whether...more
The New York State Department of Financial Services (NYSDFS) recently proposed new cybersecurity regulations for banks, insurance companies, and other financial institutions—the first regulations of their kind in the United...more
You and your business may use the cloud vendor Dropbox (www.dropbox.com) to store or transfer files, work-related documents, or personal information (or may have used it to transfer such data in the past).
...more
If your company transfers the personal information of European Union citizens to the United States, you likely have kept a close eye on the evolution of EU privacy law since a European court invalidated the former EU-U.S....more