As the manufacturing industry increasingly relies on advanced technology such as the industrial internet of things, automation and big data, manufacturers are particularly susceptible to cyberattacks. Manufacturing operations...more
In March 2020, the Cybersecurity Mandate within New York’s Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) went into effect. In its entirety, the SHIELD Act expanded breach notification obligations for...more
On Dec. 20, 2023, the Federal Trade Commission (FTC) published a Notice of Proposed Rulemaking (NPRM) to the Children’s Online Privacy Protection Act (COPPA). COPPA was enacted in 1998 and went into effect in 2000. Under...more
In 2023, use of generative artificial intelligence (Gen AI) tools such as ChatGPT went viral. Generative AI platforms can be utilized to create a host of efficiencies across businesses and professions such as drafting emails,...more
On Oct. 6, 2023, a genetic testing company offering ancestry and health reports, 23andMe, announced that its consumers’ data was listed on the dark web. Interestingly, many prominent figures such as Mark Zuckerberg, Elon Musk...more
On Nov. 27, 2023, Nashville-based healthcare corporation Ardent Health Services (Ardent) announced that a ransomware attack impacted 30 of its hospitals and forced the shutdown of several emergency rooms in at least three...more
On Oct. 30, 2023, President Biden signed the Executive Order (EO) on Safe, Secure, and Trustworthy Artificial Intelligence that seeks to regulate the use of artificial intelligence (AI) by balancing national security concerns...more
On Jan. 10, 2023, the Federal Trade Commission (FTC) finalized its order against online alcohol marketplace, Drizly, and its CEO, James Cory Rellas for failing to implement security safeguards that led to a data breach in...more
On Sept. 11, 2023, Delaware became the next state to enact a comprehensive consumer data privacy law as Gov. John Carney signed the Delaware Personal Data Privacy Act (DPDPA) which will go into effect on Jan. 1, 2025. The...more
On July 10, 2023, the European Commission adopted its adequacy decision on data transfers for the EU-U.S. (European Union/United States) Data Privacy Framework (DPF). The adequacy decision concluded that the United States...more
7/25/2023
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On June 5, 2023, the Nevada Legislature passed an amended version of Senate Bill 370 (SB 370 or the Act), which imposes new requirements on the collection, use and sale of consumer health data. The bill was signed on June 22,...more
The FTC won’t let them be! No, not Eminem, online service providers. Right on the heels of fining Epic Games and Amazon, for violations of the Children’s Online Privacy Protection Act (COPPA), the FTC set its eyes on...more
On May 31, 2023, Amazon agreed to pay a $25 million civil penalty to settle Federal Trade Commission (FTC) charges that the company retained sensitive information collected from children using Alexa, in violation of the...more
On March 9, 2022, the Security and Exchange Commission (SEC) proposed new rules to improve upon and standardize cybersecurity-related disclosure obligations for public companies. The SEC is expected to finalize the rules in...more
On Dec. 19, 2022, Epic Games, the developer of popular video game Fortnite, agreed to pay more than $520 million to settle Federal Trade Commission (FTC) claims that alleged a violation of the Children’s Online Privacy...more
On Jan. 1, 2023, both the California Privacy Rights Act (CPRA) and Virginia Consumer Data Privacy Act (VCDPA) come into effect, introducing new and updated data privacy and security obligations to covered entities. As these...more
In Mora v. J&M Plating, Inc., No. 2-21-0692, 2022 IL App (2d) 210692 (Ill. App. Ct. 2d Dist. Nov. 30, 2022), the Illinois Second District Court of Appeals held that Illinois’ Biometric Information Privacy Act (BIPA or Act)...more
It is often questioned how someone’s career path, which began with asserting and defending patents in litigation, transforms to a career focused on cybersecurity and data privacy, as mine has in the last two decades of...more
New York’s Cybersecurity mandate under the New York SHIELD Act became effective on March 22, 2020. This unfortunate timing, considering its alignment with the beginning of COVID-19 shutdowns, created an almost unspoken...more
Zoetop, the parent company behind online fashion retailers SHEIN and ROMWE, has been fined $1.9 million by New York State after it failed to properly inform customers of a data breach that affected millions of users. A...more
Many traditional liability insurance policies have exclusions for cyber-related risks and stand-alone cyber insurance policies are the norm to cover cyber liabilities. Still, cyber insurance policies are not standardized to...more
Schools and universities are increasingly the targets of ransomware attacks. So, it is not surprising that the second largest school district in the U.S., the Los Angeles Unified School District (LA Unified) was hit by a...more
New York's SHIELD Act, which became effective on March 21, 2020, requires persons and organizations that own or license electronic data that includes New York resident’s private information to maintain reasonable...more
The cybersecurity and data privacy legal landscape continues its rapid evolution. Below is an outline of some of the most significant developments in the last quarter.
Federal Legislation:
In June, a bipartisan...more
How do you get ahead of a ransomware attack in the healthcare delivery environment? By acting, now. A quick way to organize? Look at the 405(d) group’s work, including its recently released ransomware infographic....more