In an effort to close the gap in retirement savings across the state, Governor Phil Murphy signed the New Jersey Secure Choice Savings Program Act (Act) in March of 2019. The Act created the Secure Choice Savings Program...more
No industry is immune to privacy and cybersecurity risks, and the construction industry is no exception. Those in the construction industry can protect against a potential cyberattack by understanding the risks and...more
3/31/2022
/ Construction Industry ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Employee Training ,
Hackers ,
Incident Response Plans ,
Popular ,
Third-Party
It can be cathartic responding to a negative online review. It can also backfire, as can failing to cooperate with an OCR investigation as required under HIPAA.
The Office for Civil Rights (OCR) recently announced four...more
Just as businesses are preparing to ensure compliance with similar laws in California, Colorado, and Virginia, they soon will need to consider a fourth jurisdiction, Utah. On March 24, 2022, Governor Spencer Cox signed a...more
The FTC recently settled its enforcement action involving data privacy and security allegations against an online seller of customized merchandise. In addition to agreeing to pay $500,000, the online merchant consented to...more
It started sometime last year and, in hindsight, was inevitable. Clients with 401(k) plans and a crypto-savvy employee population began asking whether they could offer cryptocurrency as a plan investment option. In the...more
Included within the Consolidated Appropriations Act, 2022, signed by President Joe Biden on March 15, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (Act) creates new data breach reporting requirements....more
3/18/2022
/ Consolidated Appropriations Act (CAA) ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Popular ,
Ransomware ,
Reporting Requirements ,
SolarWinds
According to Giving USA, charitable contributions in 2020 exceeded $470 billion, 70 percent of which came from individuals. Individuals deciding to donate to a particular organization may be considering factors beyond the...more
According to a recent survey, about 45% of companies do not have a Chief Information Security Officer (CISO). As West Monroe’s “The Importance of a CISO” observes, it would be terrific for all organizations to have a CISO,...more
Some members of the California legislature want their state to remain the leader for data privacy and cybersecurity regulation in the U.S. This includes protections for biometric information, similar to those under the...more
When Massachusetts issued its data security regulations in 2009 (Regulations), it led the way for states on data security. The Regulations became effective 12 years ago, almost to the day, March 1, 2010. The Bay State is now...more
On February 9, the Securities and Exchange Commission (“SEC”) voted to propose rule 206(4)-9 under the Advisers Act and 38a-2 under the Investment Company Act (collectively, “Proposed Rule”). In general, the Proposed Rule...more
2/11/2022
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Financial Services Industry ,
Investment Adviser ,
Investment Management ,
Investors ,
Policies and Procedures ,
Popular ,
Proposed Rules ,
Recordkeeping Requirements ,
Retirement Plan ,
Risk Assessment ,
Securities and Exchange Commission (SEC)
Facial recognition, voiceprint, and other biometric-related technology are booming, and they continue to infiltrate different facets of everyday life. The technology brings countless potential benefits, as well as significant...more
In the last decade, organizations of varied industries and sizes have heightened their focus on diversity, equity, and inclusion (DEI) initiatives and, since 2020, DEI has become a top priority. COVID-19 pandemic realities,...more
1/28/2022
/ Anti-Discrimination Policies ,
Assessment ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Coronavirus/COVID-19 ,
Data Collection ,
Data Privacy ,
Diversity ,
Diversity and Inclusion Standards (D&I) ,
EEO-1 ,
Equal Employment Opportunity Commission (EEOC) ,
Equity ,
EU ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Popular ,
Record Retention ,
Schrems I & Schrems II
In honor of Data Privacy Day, we provide the following “Top 10 for 2022.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2022...more
1/28/2022
/ Americans with Disabilities Act (ADA) ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Privacy ,
EU ,
General Data Protection Regulation (GDPR) ,
National Security ,
Popular ,
Ransomware ,
Standard Contractual Clauses ,
State Privacy Laws ,
TCPA
Few want to get past the COVID-19 pandemic more than leaders of federal and state unemployment benefit departments. For the last 2 years they have been successfully targeted for fraud and data breaches, racking up billions in...more
The California Consumer Privacy Act (CCPA), considered one of the most expansive U.S. privacy laws to date, went into effect on January 1, 2020. The CCPA placed significant limitations on the collection and sale of a...more
1/20/2022
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CMIA ,
Consumer Privacy Rights ,
Contractors ,
Cookies ,
Coronavirus/COVID-19 ,
Corporate Counsel ,
Covered Business ,
Data Breach ,
Data Deletion ,
Data Privacy ,
Data Protection ,
Do Not Sell ,
For-Profit Corporations ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Opt-Outs ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Record Retention ,
Sensitive Personal Information ,
Third-Party
Efforts to secure systems and data from a cyberattack often focus on measures such as multifactor authentication (MFA), endpoint monitoring solutions, antivirus protections, and role-based access management controls, and for...more
1/13/2022
/ Biometric Information Privacy Act ,
Breach Notification Rule ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Retention ,
Data Security ,
Data Storage ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Multi-Factor Authentication ,
Third-Party
The use of smart dashcams and vehicle cameras, including those leveraging AI technology, may trigger the next wave of BIPA litigation, according to two cases filed in Illinois this week.
Enacted in 2008, the Illinois...more
After reading New York Attorney General Letitia James’ Business Guide for Credential Stuffing Attacks (“Guide”), I promptly reminded my family (and myself!) to change passwords. The practice of using the same password for...more
With ransomware and other cyber threats top of mind for most in the c-suite these days, a question frequently raised is whether a particular organization is a target for hackers. Of course, nowadays, any organization is at...more
Over the past several years, if your organization experienced a cyberattack, such as ransomware or a diversion of funds due to a business email compromise (BEC), and you had cyber insurance, you likely were very thankful....more
1/3/2022
/ Business Interruption ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Defense Costs ,
Incident Response Plans ,
Multi-Factor Authentication ,
Popular ,
Ransomware ,
SHIELD Act ,
Training
According to reports, Kronos, the cloud-based, HR management service provider, suffered a data incident involving ransomware affecting its information systems. Kronos communicated that it discovered the incident late on...more
Earlier this month, New York Governor Kathy Hochul signed into a law a bill that will require New York private sector employers to provide written notice to employees before engaging in electronic monitoring of their...more
11/19/2021
/ Electronic Communications ,
Email ,
Employee Monitoring ,
Employee Privacy Rights ,
Employee Rights ,
Employer Liability Issues ,
Mobile Devices ,
New York ,
Notice Requirements ,
Private Right of Action ,
Written Notice
Last week, the Occupational Safety and Health Administration (OSHA) issued an Emergency Temporary Standard (ETS) implementing President Joe Biden’s COVID-19 vaccine mandate covering employers with at least 100 employees. The...more
11/8/2021
/ Coronavirus/COVID-19 ,
Document Retention Policies ,
Documentation ,
Employer Mandates ,
Employment Records ,
Immunization Records ,
Medical Records ,
OSHA ,
Recordkeeping Requirements ,
Third-Party ,
Vaccinations ,
Virus Testing