Following the introduction of the EU's General Data Protection Regulation (GDPR) in 2018, the lack of a comparable federal regulation in the United States has led many states to enact their own consumer data privacy...more
As Vermont joins the growing number of states with comprehensive consumer data privacy laws, it stands out from the crowd with the ability of Vermonters to bring a private right of action (PRA) against large data holders. In...more
5/20/2024
/ Consumer Information ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Technology ,
Popular ,
Private Right of Action ,
Proposed Legislation ,
Regulatory Agenda ,
Vermont
If they have not already, employers should take steps now to properly protect the personal information of their employees. The Eleventh Circuit Court of Appeals’ decision in Ramirez v. Paradies Shops, LLC clarifies that...more
8/29/2023
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Privacy ,
Data Protection ,
Employee Privacy Rights ,
Employer Liability Issues ,
Information Governance ,
Personal Data ,
Popular
In our last newsletter, we discussed due diligence as it relates to selection of vendors. The second part of that exercise is to negotiate your agreement with the vendor to properly manage any risks you identified. In this...more
5/16/2023
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Indemnification ,
Limitation of Liability Clause ,
Policies and Procedures ,
Popular ,
Risk Management ,
Service Agreements ,
Vendors
By now, you have heard many news stories about debilitating cyberattacks that started with the compromise of a vendor's systems and ultimately wreaked havoc on that vendor's customers. As a result, many businesses are seeking...more
As Burr & Forman's Cybersecurity and Data privacy team recognizes Data Privacy Day, we know no one wants to make the news as the latest victim of a cyber-attack, much less as the latest defendant in a lawsuit alleging your...more
COPPA, or the Children's Online Privacy Protection Rule, was designed to protect the privacy of children under 13 years of age by giving their parents certain tools to control how the child's information can and cannot be...more
11/11/2022
/ COPPA ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Information Technology ,
Internet ,
Mobile Apps ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Website Owner Liability ,
Websites
Is your business one that has not prioritized compliance with data privacy laws because you do not collect personal data about your customers? If so, you are in good company, but it is time to reframe your approach on data...more
4/12/2022
/ Consumer Privacy Rights ,
COPPA ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Information Governance ,
PCI-DSS Standard ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Standards ,
WISP
HELPFUL HINTS -
The Federal No Surprises Act The Federal No Surprises Act (the “Act”) became fully effective on January 1, 2022. The Act protects enrollees in group and individual market plans (including ERISA plans) and...more
1/25/2022
/ Advisory Opinions ,
Anti-Kickback Statute ,
Biden v Missouri ,
Centers for Medicare & Medicaid Services (CMS) ,
Coronavirus/COVID-19 ,
Employer Mandates ,
Healthcare ,
Healthcare Fraud ,
Healthcare Reform ,
Healthcare Workers ,
Infectious Diseases ,
Mental Health ,
National Federation of Independent Business v Department of Labor and OSHA ,
New Legislation ,
OIG ,
OSHA ,
Surprise Medical Bills ,
Vaccinations
Please see full Infographic for more information....more
Has your business considered what obligations you would have to notify people in the event of a cyber-attack that compromises some or all of your IT systems? Have you cataloged all the data you collect and where it is stored...more
12/10/2021
/ Breach Notification Rule ,
Cyber Attacks ,
Data Breach ,
Data Management ,
Data Protection ,
Emergency Response ,
FDIC ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
Personally Identifiable Information ,
State Data Breach Notification Statutes
It is hard to find a news post without a story on a ransomware attack. The National Security Council has issued an open letter warning all businesses to be alert and prepared for ransomware attacks. Various industry groups...more
6/22/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cyberforensics ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Incident Response Plans ,
Information Technology ,
Policies and Procedures ,
Popular ,
Ransomware ,
Threat Management
Ransomware attacks have increased over the last several months, but the nation state attacks identified over the last several days are causing people to take a harder look at their systems and what they can do to protect...more
12/15/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Personally Identifiable Information ,
Ransomware ,
Risk Management ,
SolarWinds ,
Vulnerability Assessments
The United States Patent and Trademark Office (“USPTO”) released new examination requirements that went into effect on February 15, 2020. One of the new requirements is to include an email address for the mark’s owner in the...more
Best Practices to Detect and Prevent File-Less and Click-Less Malware -
Hackers are clever at exploiting weaknesses in an organization’s systems. They are also efficient. After an organization installs robust cybersecurity...more
5/31/2018
/ Best Practices ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Hackers ,
Malware ,
New Legislation ,
NIST ,
Risk Mitigation ,
State Data Breach Notification Statutes
On March 28, 2018, Alabama adopted a data privacy law, the Alabama Data Breach Notification Actof 2018 (SB318). While Alabama is one of the last states to adopt such an act, the Act is notable in its requirements, and applies...more
4/12/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
New Legislation ,
Notice Requirements ,
Personally Identifiable Information ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
Cyber threats take many forms. The wide-spread WannaCry ransomware attack in May of 2017 highlighted how computer files could be held hostage in return for payment, while the Dyn denial of service in October of 2016...more
Starting on Friday, May 12th , computers in countries around the world have fallen victim to the latest ransomware attack. As of Monday morning, it is estimated that more than 150 countries have infected systems, totaling...more
5/16/2017
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Email ,
Hackers ,
Health Care Providers ,
Personally Identifiable Information ,
Phishing Scams ,
Ransomware ,
Risk Management
On October 6, 2015, the European Court of Justice (the European Union's highest court), struck down the US-EU Safe Harbor Agreement that previously provided companies to store personal data about Europeans on U.S. servers,...more
10/9/2015
/ Cybersecurity ,
Data Protection Authority ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Ireland ,
National Security ,
National Security Agency (NSA) ,
Personal Data ,
Privacy Laws ,
Right to Privacy ,
Safe Harbors ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework