The California Privacy Protection Agency (CPPA) issued its first enforcement advisory concerning the California Consumer Privacy Act (CCPA). In Enforcement Advisory No. 2024-01, the CPPA tackles a foundational principle –...more
As organizations continue to take steps to prevent cyberattacks, a near-universal recommendation is that they should implement multi-factor authentication (MFA), and for good reason. Organizations subject to the updated FTC...more
On Wednesday, March 13, 2024, Members of European Parliament endorsed the Artificial Intelligence Act (“AI Act”), with 523 votes in favor, 46 against, and 49 abstentions. This is the world’s first comprehensive AI law and...more
The explosion of generative AI has spawned a wide range of personal and professional tools and applications. One noteworthy (no pun intended) example of those tools and applications is notetakers that can capture, transcribe,...more
On March 6, 2024, New Hampshire’s Governor signed Senate Bill 255, which establishes a consumer data privacy law for the state. The Granite State joins the myriad of state consumer data privacy laws. It is the second state in...more
3/7/2024
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Corporate Counsel ,
Data Controller ,
Data Privacy ,
Governor Sununu ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
Personal Data ,
State Privacy Laws
On February 28, 2024, President Biden issued an Executive Order (EO) seeking to protect the sensitive personal data of Americans from potential exploitation by particular countries. The EO acknowledges that access to...more
3/6/2024
/ Artificial Intelligence ,
Cyber Crimes ,
Cybersecurity ,
Data Transfers ,
Department of Health and Human Services (HHS) ,
Department of Veterans Affairs ,
Executive Orders ,
Exploitation ,
National Security ,
Secretary of Defense ,
Sensitive Personal Information
On February 13, 2024, Nebraska’s Governor signed Legislative Bill 308, which enacts additional consumer protections for consumers in the state. It is similar to another genetic information law passed by Montana last year. ...more
In 2023, a California superior court halted enforcement of any final California Privacy Protection Agency regulation implemented until a period of 12 months from the date that individual regulations became final. Based on the...more
For healthcare providers and health systems covered by the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), a breach of unsecured protected health information (PHI)...more
1/29/2024
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Mining ,
Data Protection ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
PHI ,
Subcontractors ,
Vendors
To celebrate Data Privacy Day (January 28), we present our top ten data privacy and cybersecurity predictions for 2024.
1. AI regulations to protect data privacy.
Automated decision-making tools, smart cameras, wearables,...more
1/29/2024
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
Biometric Information Privacy Act ,
Class Action ,
COPPA ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Online Safety for Children ,
Popular ,
Risk Assessment ,
Risk Management ,
State Privacy Laws ,
Web Tracking
On January 16, 2024, New Jersey’s Governor signed Senate Bill (SB) 332, which establishes a consumer data privacy law for the state. New Jersey becomes the 13th state to pass a consumer data consumer privacy law. The law...more
Phishing has long been a favorite tactic for threat actors (hackers) to commence a cyberattack. The rapid expansion of more adaptable and available artificial intelligence (AI) technologies, such as natural language...more
1/5/2024
/ Artificial Intelligence ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Email ,
Employee Training ,
FBI ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Multi-Factor Authentication ,
OCR ,
Phishing Scams ,
Popular ,
Risk Management
As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our Top 10 most popular topics from 2023....more
12/21/2023
/ Artificial Intelligence ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers ,
Securities and Exchange Commission (SEC) ,
Sensitive Personal Information ,
SHIELD Act ,
UK ,
Workplace Privacy
According to a New York Times story this weekend, the Security Exchange Commission’s lawsuit against SolarWinds is driving discussions in boardrooms and corporate security departments of large organizations about the handling...more
11/20/2023
/ Board of Directors ,
Boilerplate Language ,
Chief Information Security Officer (CISO) ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Hackers ,
Incident Response Plans ,
Popular ,
Ransomware ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
SolarWinds
On October 30, 2023, President Biden issued an Executive Order regarding the Development and Use of Artificial Intelligence across the federal government. The Executive Order (EO) is intended to establish new standards for AI...more
The Federal Trade Commission (FTC) has approved an amendment to its Safeguards Rule that will require non-banking financial institutions to report certain data breaches (or “notification events”) to the FTC (not affected...more
11/6/2023
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Personal Information ,
Private Commercial or Financial Information ,
Reporting Requirements ,
Safeguards Rule
Small businesses may be discouraged from investing in preventive cybersecurity measures due to the expense involved and the mistaken belief that only larger companies are the target of cybercrimes. But that is not the case....more
Many HIPAA covered entities and business associates struggle with developing and implementing a sanctions policy. What should it say, is zero-tolerance required, do we have to impose discipline in every case, etc. These are...more
10/25/2023
/ Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Popular ,
Privacy Rule ,
Sanctions ,
Security Rule ,
Training ,
Web Tracking ,
Zero Tolerance Policies
On September 11, 2023, Delaware’s Governor signed House Bill 154 which enacts the state’s comprehensive consumer data privacy statute. Delaware joins California, Colorado, Connecticut, Indiana, Iowa, Montana, Oregon,...more
On October 8, 2023, Governor Newsom signed Assembly Bill (AB) 947. Effective January 1, 2024, the bill will revise the California Consumer Privacy Act (CCPA) definition of “sensitive personal information” to include personal...more
Most human resources professionals are concerned about the privacy and security of the vast amounts of personal information they manage. This article discusses steps to consider taking against the challenges.
Deluge of...more
10/3/2023
/ Americans with Disabilities Act (ADA) ,
Breach Notification Rule ,
California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Deletion ,
Employee Privacy Rights ,
Employee Training ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Human Resources Professionals ,
Information Technology ,
Personal Information ,
Popular ,
Risk Assessment ,
Risk Management ,
Wage and Hour
When hit with a cybersecurity attack, organizations are often not inclined to bring in federal law enforcement. Recent comments by FBI Director Christopher Wray at Mandiant’s annual mWISE 2023 conference seek to encourage the...more
When the California Privacy Rights Act (CPRA) was enacted, it created the California Privacy Protection Agency (CPPA) and delegated to the CPPA significant regulatory authority. One of the areas of that authority is...more
The annual Cost of a Data Breach Report (Report) published by IBM is reliably full of helpful cybersecurity data. This year is no different. After reviewing the Report, we pulled out some interesting data points. Of course,...more
9/5/2023
/ Artificial Intelligence ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Employee Training ,
Hackers ,
Health Care Providers ,
Healthcare ,
Incident Response Plans ,
Popular ,
Ransomware ,
Risk Management
The recent U.S. Supreme Court decision striking down affirmative action in undergraduate admissions, Students for Fair Admissions, Inc. v. President and Fellows of Harvard College, No. 20-1199 has significant implications...more
8/31/2023
/ Affirmative Action ,
Algorithms ,
Artificial Intelligence ,
Civil Rights Act ,
College Admissions ,
Diversity ,
Diversity and Inclusion Standards (D&I) ,
Equal Employment Opportunity Commission (EEOC) ,
Hiring & Firing ,
Race Discrimination ,
SCOTUS ,
Students for Fair Admissions v Harvard College ,
Students for Fair Admissions v University of North Carolina ,
Title VII