Late today the White House issued its Executive Order significantly enhancing the protection of Americans' bulk sensitive personal data from access by countries deemed as threats. It establishes a comprehensive framework to...more
One internet search of the CCPA or the CPA reveals a plethora of articles outlining standard data protection requirements under those laws, from privacy notice requirements to new mandatory contractual provisions. But the...more
While there is no comprehensive, federal United States law governing privacy, there are several major state laws that are currently in place. To help our clients assess their compliance posture, we have published a quick,...more
3/16/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Personal Information ,
State Privacy Laws
In January of 2022, we recommended adding “updating privacy contracts” to your list of New Year’s resolutions. With 2023 around the corner and a number of new privacy laws and regulations going into effect, we have another...more
12/16/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Popular ,
State Privacy Laws
In our second installment of what privacy professionals should know before they start the summer, we provide you with highlights from the draft regulations from the California Privacy Protection Agency (“CPPA”) and...more
It’s been a blazing hot summer and privacy professionals have been sweating to keep up with all of the updates from the last few months. We all knew this was going to be a busy year with updating European data transfer...more
Connecticut’s new privacy law, an Act Concerning Personal Data Privacy and Online Monitoring, also known as the Connecticut Data Privacy Act (“CTDPA”), generally continues the pattern of non-California states enacting...more
Although the California Consumer Privacy Act (“CCPA”) has been in effect since January 1, 2020 and subject to enforcement since July 1, 2020, it seemed until recently that compliance had been somewhat spotty. Well, it’s time...more
Most privacy eyes are currently focused on the new EU Model Clauses and forthcoming U.S. state laws that take effect in 2023. As the summer heats up, however, compliance professionals should look to the western U.S. states of...more
Virginia knocked off California’s crown as the only U.S. state to have a comprehensive, general consumer privacy law when Governor Ralph Northam signed the Virginia Consumer Data Protection Act (“CDPA”) into law on March 2,...more
On November 3, 2020, California voters passed Proposition 24, the California Privacy Rights Act (“CPRA”).
The provision’s timeline is important to consider. The law would become effective on January 1, 2023 with enforcement...more
11/18/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Popular ,
Privacy Laws ,
Private Right of Action
A recent federal district court decision underscores the importance of structuring breach investigations with the attorney work-product doctrine in mind. In In re Capital One Consumer Data Sec. Breach Litig., 2020 WL 3470261...more
It’s us again, back with more operationally-focused pointers on the California Consumer Privacy Act (“CCPA”) now that the music has stopped once more and everybody is looking for a place to sit. On Friday February 7th, the...more
Amanda Witt represented the U.S. on an extraordinary panel in Dublin yesterday in which the participants – leaders in data protection from both sides of the Atlantic – learned from one another and from their national...more
When the smoke cleared from California’s privacy legislative battles that ended on September 13th, many were surprised to see another large alien life form snorting alongside the CCPA. AB 1202 requires the registration of...more
9/17/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Privacy ,
Data Security ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Registration Requirement
The privacy world has been abuzz about a great post on Brookings’ TechTank blog by Cameron Kerry and John Morris, Why data ownership is the wrong approach to protecting privacy. Poor Richard was impressed with its...more
Don’t worry about the new Nevada privacy law, SB 220 signed by the Governor last month, unless you’re selling personal information to a data broker, said no law firm whatsoever in its legal alert. At best they bury the lead,...more
New study finds dramatic increases in threats and awareness of threats to knowledge assets — the confidential information that is most strategic to a company’s business — and remarkable strides by high-performing...more
The United States District Court for the District of Columbia recently endorsed private citizens bringing data breach claims directly against a government contractor where the contractor failed adequately to safeguard the...more
On Thursday, August 4, 2016, the U.S. Department of Health & Human Services, Office of Civil Rights (OCR) announced the largest settlement ever with a single entity for multiple potential Health Insurance Portability and...more
8/8/2016
/ Breach Notification Rule ,
Business Associates ,
Covered Entities ,
Data Breach ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Risk Management ,
Risk Mitigation ,
Settlement
1. Beyond Breaches -
With ransomware, cybersecurity in healthcare has gone far beyond HIPAA compliance, breaches of PHI or identity theft. For the unprepared healthcare provider not able to prevent ransomware or...more