Maine’s internet privacy law has survived its first challenge from internet service providers earlier this month. As we previously discussed... this law prohibits the sale of certain information about customers’ internet use...more
As a part of its Cybersecurity for IoT Program, NIST recently released two publications with the goal of providing cybersecurity guidance and best practices specific for companies manufacturing IoT devices. These publications...more
The European Parliament recently issued a resolution directed at the European Commission on its concerns with automated decision-making processes and artificial intelligence. While the EU Parliament addresses several areas of...more
2/25/2020
/ Artificial Intelligence ,
Automation Systems ,
Data Management ,
EU ,
European Commission ,
European Parliament ,
General Data Protection Regulation (GDPR) ,
Oversight Duties ,
Personal Data ,
Risk Management ,
Transparency ,
White Papers
The FTC recently finalized settlements with five companies over allegations that they falsely claimed certification under the EU-U.S. Privacy Shield framework. In each complaint, the FTC alleged that DCR Workforce, Inc.,...more
The Network Advertising Initiative, which provides guidance to advertisers who engage in personalized advertising, updated its Code of Conduct (2020 Code) earlier this year to address, inter alia, data collected offline and...more
The European Data Protection Board recently requested comments on its data protection “by design and default” guidelines. Comments are due by mid-January of next year. The Guidelines provide clarity about how to address...more
One of the amendments we’ve been watching over the past months is one that impacts rights of employees -both the company’s and other company’s employees. Under AB25, which passed the California Senate and is now awaiting...more
Illinois has updated its breach notice law to require, effective January 1, 2020, notice to the Illinois Attorney General of a data breach involving more than 500 Illinois residents.
The law contains specific requirements...more
As we recently reported, New York’s new SHIELD Act contains data security provisions. It also contains a number of key changes to New York’s existing breach notification obligations. These changes will become effective...more
New York recently passed the SHIELD Act, which, among other things, newly establishes data security requirements for companies that collect private information about New York residents. The data security protections required...more
8/27/2019
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
New Legislation ,
Personally Identifiable Information ,
Policies and Procedures ,
Security Risk Assessments ,
SHIELD Act ,
State Data Breach Notification Statutes
Maryland has amended its breach notification law to require businesses that maintain data, not just those that own or license the data, to conduct “a reasonable and prompt investigation” into whether personal information has...more
7/3/2019
/ Amended Legislation ,
Cooperation ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Duty to Investigate ,
Personally Identifiable Information ,
State Data Breach Notification Statutes ,
Vendors
New requirements to the Texas data breach statute, including a requirement to notify the Texas attorney general of a breach, are set to go into effect January 1, 2020. The legislation, signed by Texas Governor, Greg Abbot, on...more
Maine entered the privacy fray last week when Governor Janet T. Mills signed legislation targeting internet service providers by prohibiting the sale of information about customers’ internet use. The new restriction covers,...more
6/13/2019
/ Consent ,
Consumer Privacy Rights ,
Customer Information ,
Data Collection ,
Data Privacy ,
Data Security ,
Data Use Policies ,
Governor Mills ,
Internet Service Providers (ISPs) ,
New Legislation ,
Notice Requirements ,
Privacy Legislation ,
Privacy Policy
Washington State will have new restrictions on what employers can ask applicants regarding their wage and salary history starting July 28, 2019. The new legislation will prohibit employers from seeking wage or salary history...more
“Internet of Things” devices are listening. And now the federal government is taking notice. As we reported in our Government Contracts and Investigations blog, to date, federal cybersecurity regulations for government...more
5/23/2019
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Contractors ,
Government Agencies ,
Hackers ,
Information Security ,
Internet of Things ,
NIST ,
Proposed Legislation ,
Vendors
New Jersey joins a growing list of states that include user name, email address or any other identifier in combination with any password or security question and answer would permit access to an online account as personal...more
Effective this week, law enforcement in Utah will need a search warrant to obtain for certain electronic records. The new state legislation looks to expand privacy protections for content that consumers store online....more
5/15/2019
/ Burden of Proof ,
Data Privacy ,
Data Protection ,
Electronic Records ,
Internet Service Providers (ISPs) ,
Law Enforcement ,
New Legislation ,
Search Warrant ,
Subpoenas ,
Third-Party Service Provider ,
Voluntary Disclosure
In 2019, cybersecurity has become top-of-mind for most federal government contractors and agencies that share sensitive information. In addition to updated Department of Defense guidance and procedures for evaluating...more
4/30/2019
/ Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Government Agencies ,
Information Security ,
Internet of Things ,
NIST ,
Policies and Procedures ,
Popular ,
Proposed Legislation ,
Risk Assessment ,
Sensitive Business Information ,
Vendors
Ohio recently followed South Carolina as the second state to adopt cybersecurity legislation modeled after the NAIC’s Insurance Data Security Model Law. The Ohio law, Senate Bill 273, applies to insurers authorized to do...more
3/21/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Information Security ,
Insurance Industry ,
Insurer Liability ,
New Legislation ,
Personally Identifiable Information ,
Risk Assessment ,
State Data Breach Notification Statutes ,
Third-Party Service Provider
Citing cybersecurity concerns with a children’s smartwatch, the European Commission recently issued a recall of the device. The Safe-KID-One is a smartwatch that gives parents the ability to track and communicate with their...more
2/14/2019
/ Children's Toys ,
Connected Items ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
European Commission ,
GPS ,
Hackers ,
Internet of Things ,
Popular ,
Smart Devices ,
Technology Sector ,
Toy Recalls
In the aftermath of Equifax’s data breach, a federal court recently found that allegations of poor cybersecurity coupled with misleading statements supported a proper cause of action. In its decision, the U.S. District Court...more
2/7/2019
/ Amended Complaints ,
Class Action ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
Equifax ,
False Statements ,
Investors ,
Misleading Statements ,
Popular ,
Securities Fraud