As Vermont joins the growing number of states with comprehensive consumer data privacy laws, it stands out from the crowd with the ability of Vermonters to bring a private right of action (PRA) against large data holders. In...more
5/20/2024
/ Consumer Information ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Technology ,
Popular ,
Private Right of Action ,
Proposed Legislation ,
Regulatory Agenda ,
Vermont
If they have not already, employers should take steps now to properly protect the personal information of their employees. The Eleventh Circuit Court of Appeals’ decision in Ramirez v. Paradies Shops, LLC clarifies that...more
8/29/2023
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Privacy ,
Data Protection ,
Employee Privacy Rights ,
Employer Liability Issues ,
Information Governance ,
Personal Data ,
Popular
In our last newsletter, we discussed due diligence as it relates to selection of vendors. The second part of that exercise is to negotiate your agreement with the vendor to properly manage any risks you identified. In this...more
5/16/2023
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Indemnification ,
Limitation of Liability Clause ,
Policies and Procedures ,
Popular ,
Risk Management ,
Service Agreements ,
Vendors
As Burr & Forman's Cybersecurity and Data privacy team recognizes Data Privacy Day, we know no one wants to make the news as the latest victim of a cyber-attack, much less as the latest defendant in a lawsuit alleging your...more
COPPA, or the Children's Online Privacy Protection Rule, was designed to protect the privacy of children under 13 years of age by giving their parents certain tools to control how the child's information can and cannot be...more
11/11/2022
/ COPPA ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Information Technology ,
Internet ,
Mobile Apps ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Website Owner Liability ,
Websites
Is your business one that has not prioritized compliance with data privacy laws because you do not collect personal data about your customers? If so, you are in good company, but it is time to reframe your approach on data...more
4/12/2022
/ Consumer Privacy Rights ,
COPPA ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Information Governance ,
PCI-DSS Standard ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Standards ,
WISP
Please see full Infographic for more information....more
Has your business considered what obligations you would have to notify people in the event of a cyber-attack that compromises some or all of your IT systems? Have you cataloged all the data you collect and where it is stored...more
12/10/2021
/ Breach Notification Rule ,
Cyber Attacks ,
Data Breach ,
Data Management ,
Data Protection ,
Emergency Response ,
FDIC ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
Personally Identifiable Information ,
State Data Breach Notification Statutes
It is hard to find a news post without a story on a ransomware attack. The National Security Council has issued an open letter warning all businesses to be alert and prepared for ransomware attacks. Various industry groups...more
6/22/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cyberforensics ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Incident Response Plans ,
Information Technology ,
Policies and Procedures ,
Popular ,
Ransomware ,
Threat Management
On March 28, 2018, Alabama adopted a data privacy law, the Alabama Data Breach Notification Actof 2018 (SB318). While Alabama is one of the last states to adopt such an act, the Act is notable in its requirements, and applies...more
4/12/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
New Legislation ,
Notice Requirements ,
Personally Identifiable Information ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
Cyber threats take many forms. The wide-spread WannaCry ransomware attack in May of 2017 highlighted how computer files could be held hostage in return for payment, while the Dyn denial of service in October of 2016...more