The Department of Health and Human Services ("HHS") has released voluntary cybersecurity performance goals for the health care and public health sectors, which outline an increasingly standardized regulatory approach and...more
2/19/2024
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Healthcare ,
Popular ,
Proposed Regulation ,
Public Health
On July 18, 2023, Oregon Governor Tina Kotek signed Senate Bill 619, referred to as the "Oregon Consumer Privacy Act" ("OCPA" or "the Act"), making Oregon the 11th state to enact a comprehensive data privacy law....more
On March 15, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the "Act"), creating new requirements for organizations operating in critical infrastructure sectors to...more
3/18/2022
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Protection ,
Data Security ,
New Legislation ,
Popular ,
Regulatory Reform ,
Reporting Requirements
The California Attorney General ("AG") has issued guidance reminding health care providers of their duty to report health care data breaches and to comply with other state and federal data privacy laws....more
9/15/2021
/ Cyber Attacks ,
Data Breach ,
Data Protection ,
Electronic Medical Records ,
Health Care Providers ,
HIPAA Breach ,
Information Technology ,
Network Security ,
New Guidance ,
Popular ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
President Biden Issues Cybersecurity Executive Order -
On May 12, 2021, President Biden issued an executive order that placed new standards on the...more
8/10/2021
/ Article III ,
Biden Administration ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Executive Orders ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
Mobile Apps ,
Personal Data ,
Popular ,
Ransomware ,
SCOTUS ,
Standing ,
TransUnion LLC v Ramirez
The Situation: As we advised in our recent Commentary, federal banking regulators have proposed rules requiring a banking organization to provide its primary federal regulator with prompt notification of any...more
United States -
Regulatory—Policy, Best Practices, and Standard -
NIST Unveils Draft Guidance to Protect Critical Infrastructure -
On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
1/8/2021
/ CNIL ,
Consumer Privacy Rights ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NIST ,
Personal Data ,
Popular ,
Risk Management
The Situation: Less than one year after the California Consumer Privacy Act ("CCPA") became effective, California voters approved the California Privacy Rights Act ("CPRA"), a consumer privacy ballot initiative that amends...more
11/6/2020
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Popular
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
NIST Releases Internal Report Regarding IoT Cybersecurity -
In September, the National Institute of Standards and Technology ("NIST") released a draft...more
12/26/2018
/ Civil Monetary Penalty ,
CNIL ,
Consumer Reporting Agencies ,
COPPA ,
Critical Infrastructure Sectors ,
Cross-Border ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
Department of Defense (DOD) ,
Disclosure Requirements ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hobbs Act ,
Internal Audit Functions ,
International Data Transfers ,
Internet of Things ,
NIST ,
Popular ,
Power Grid ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act
On the heels of the European Union's General Data Protection law, which went into effect in May 2018, California has enacted the California Consumer Privacy Act ("CCPA")—the result of an 11th-hour compromise between...more
10/24/2018
/ Argentina ,
Asia ,
Australia ,
Belgium ,
Brazil ,
California Consumer Privacy Act (CCPA) ,
Canada ,
Chile ,
China ,
Colombia ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
EU ,
Federal Trade Commission (FTC) ,
France ,
General Data Protection Regulation (GDPR) ,
Germany ,
Hong Kong ,
IRS ,
Italy ,
Japan ,
Mexico ,
Netherlands ,
NIST ,
Paraguay ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Singapore ,
Spain ,
TCPA ,
UK
The Situation: California is the first state to specifically regulate the security of connective devices, which are commonly referred to as internet of things ("IoT") devices.
The Result: The new law mandates that...more
10/10/2018
/ California Consumer Privacy Act (CCPA) ,
Connected Items ,
Data Privacy ,
Enforcement Authority ,
Governor Brown ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet ,
Internet of Things ,
Manufacturers ,
Net Neutrality ,
New Legislation ,
Popular ,
Private Right of Action ,
Smart Devices ,
Software ,
Technology Sector
JONES DAY CYBERSECURITY, PRIVACY & DATA PROTECTION ATTORNEY SPOTLIGHT: Richard Martinez -
Europe's new General Data Protection Regulation ("GDPR") is driving an evolution in corporate privacy practices globally. As...more
6/25/2018
/ Article 29 Working Party (WP29) ,
Australia ,
Canada ,
China ,
Cybersecurity ,
Data Breach ,
Data Protection Officers (DPOs) ,
Department of Defense (DOD) ,
Department of Health and Human Services (HHS) ,
Department of Homeland Security (DHS) ,
Enforcement Actions ,
ENISA ,
EU ,
EU Data Protection Laws ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hong Kong ,
Infrastructure ,
IRS ,
Japan ,
Latin America ,
Mexico ,
National Security ,
NIST ,
Personally Identifiable Information ,
Popular ,
Regulatory Oversight ,
Singapore ,
South America ,
State Data Breach Notification Statutes
On May 23, 2018, the U.S. Department of Justice ("DOJ") publicly announced its seizure of botnet infrastructure used by malware dubbed "VPNFilter." DOJ indicated that the sophisticated malware was linked to APT 28, the group...more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
United States and China Renew Promise Not to Hack -
On October 4, U.S. and Chinese officials agreed to not engage in targeted hacking. Per a...more
11/21/2017
/ Acquisitions ,
Argentina ,
Article 29 Working Party (WP29) ,
Australia ,
Belgium ,
Biometric Information Privacy Act ,
Blockchain ,
Canada ,
CCTV ,
Chile ,
China ,
CNIL ,
Connected Cars ,
COPPA ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Department of Defense (DOD) ,
Department of Health and Human Services (HHS) ,
Driverless Cars ,
EDPS ,
ENISA ,
Equifax ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
France ,
General Data Protection Regulation (GDPR) ,
Germany ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Initial Coin Offering (ICOs) ,
International Data Transfers ,
Italy ,
Mexico ,
Mobile Apps ,
National Security ,
Netherlands ,
NIST ,
Online Advertisements ,
People's Bank of China ,
Personally Identifiable Information ,
Popular ,
Public Safety ,
Retail Investors ,
Search Engines ,
Securities and Exchange Commission (SEC) ,
Social Media ,
Spain ,
Stored Communications Act ,
TCPA ,
UK ,
Websites
New York Attorney General Announces Record Number of Data Breach Notices in 2016 -
On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more
6/5/2017
/ Advertising ,
Argentina ,
Australia ,
Chile ,
CNIL ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
De-Identification ,
Department of Defense (DOD) ,
Department of Health and Human Services (HHS) ,
DNA ,
DPA ,
e-Privacy Directive ,
EDPS ,
Encryption ,
Enforcement Actions ,
ENISA ,
EU ,
FACTA ,
FCC ,
Federal Aviation Administration (FAA) ,
Federal Trade Commission (FTC) ,
France ,
Fraud ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hong Kong ,
Information Commissioner's Office (ICO) ,
Information Sharing ,
Israel ,
Italy ,
Japan ,
Medical Records ,
Metadata ,
Mexico ,
National Security ,
Netherlands ,
NIST ,
Online Safety for Children ,
Patient Privacy Rights ,
Payroll Records ,
Personal Data ,
Personal Data Privacy Comission (PDPC) ,
Personally Identifiable Information ,
Popular ,
Privacy Policy ,
Repeal ,
Robocalling ,
Securities and Exchange Commission (SEC) ,
Singapore ,
Social Media ,
Spain ,
SWIFT ,
Telecommunications ,
Transparency ,
UK ,
Unmanned Aircraft Systems ,
USTR ,
XBRL Filing Requirements
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
3/15/2017
/ Actual Injuries ,
Advertising ,
Argentina ,
Australia ,
Banks ,
Belgium ,
Big Data ,
Canada ,
China ,
Class Action ,
Colombia ,
Connected Items ,
Consumer Protection Act ,
Controlled Unclassified Information (CUI) ,
Credit Cards ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Databases ,
Department of Homeland Security (DHS) ,
Department of Transportation (DOT) ,
Email Policies ,
ENISA ,
EU ,
EU Data Protection Laws ,
Fair Credit Reporting Act (FCRA) ,
Federal Breach Notification Standard ,
Federal Trade Commission (FTC) ,
FinTech ,
France ,
Fraud ,
General Data Protection Regulation (GDPR) ,
Germany ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hong Kong ,
Information Sharing ,
International Data Transfers ,
Investigatory Powers Act 2016 ,
Italy ,
Japan ,
Mexico ,
National Security ,
Netherlands ,
NIST ,
NYDFS ,
OCIE ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
SEC Examination Priorities ,
Securities and Exchange Commission (SEC) ,
Settlement Agreements ,
Singapore ,
Spain ,
Spokeo ,
Standing ,
State Data Breach Notification Statutes ,
Swiss Privacy Shield ,
Switzerland ,
TCPA ,
Telemarketing ,
UK ,
V2V ,
Web Tracking