On June 25, 2024, Rhode Island became the 20th state to enact a comprehensive consumer data protection law, the Rhode Island Data Transparency and Privacy Protection Act (“RIDTPPA”). The state joins Kentucky, Maryland,...more
8/13/2024
/ Consent ,
Consumer Privacy Rights ,
Data Controller ,
Enforcement ,
Geolocation ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Rhode Island ,
State Attorneys General ,
State Privacy Laws
“Cybersecurity” has emerged as one of top risks facing organizations. Considering the steady stream of massive data breaches affecting millions (sometimes billions), the debilitating effects of ransomware on an organization’s...more
4/11/2024
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
FERPA ,
General Data Protection Regulation (GDPR) ,
Genetic Testing ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
Ransomware ,
Tracking Systems
The Federal Trade Commission updated its “Standards for Safeguarding Customer Information” (“Safeguards Rule”) and extended the compliance deadline to June 9, 2023. Some entities still may be wondering – “Do these regulations...more
It usually happens after a reported data breach. The organization experiencing the breach sends notifications to affected individuals, as well as federal and or state agencies where appropriate and perhaps other parties. Not...more
While the federal government attempts to move forward with a more uniform national law, Connecticut joined California, Colorado, Utah, and Virginia in passing a comprehensive consumer privacy law....more
The California Consumer Privacy Act (CCPA), considered one of the most expansive U.S. privacy laws to date, went into effect on January 1, 2020. The CCPA placed significant limitations on the collection and sale of a...more
1/20/2022
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CMIA ,
Consumer Privacy Rights ,
Contractors ,
Cookies ,
Coronavirus/COVID-19 ,
Corporate Counsel ,
Covered Business ,
Data Breach ,
Data Deletion ,
Data Privacy ,
Data Protection ,
Do Not Sell ,
For-Profit Corporations ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Opt-Outs ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Record Retention ,
Sensitive Personal Information ,
Third-Party
State legislatures across the nation are prioritizing privacy and security matters, and Connecticut is no exception. This week, Connecticut Attorney General William Tong announced the passage of An Act Concerning Data Privacy...more
On May 13th, New York State Senator Kevin Thomas, Chair of NY’s Consumer Protection Committee, reintroduced the New York Privacy Act (“NYPA”), a comprehensive consumer privacy law similar in kind to the California Consumer...more
5/26/2021
/ Anti-Discrimination Policies ,
California Consumer Privacy Act (CCPA) ,
CDPA ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Controller ,
DPPA ,
Duty of Care ,
FERPA ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
New York ,
Opt-In ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Proposed Legislation ,
Right to Delete ,
Written Notice
In a recent post, we highlighted the need for a privacy and cybersecurity training program, one not solely focused on spotting phishing attempts (although that is quite important as well). A primary reason, quite simply, is...more
4/28/2021
/ Coronavirus/COVID-19 ,
Cybersecurity ,
Data Security ,
Employee Training ,
GitHub ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
Popular ,
Remote Working ,
Security Breach ,
State Health Departments
In mid-March, Utah Governor Spencer Cox signed into law the Cybersecurity Affirmative Defense Act (HB80) (“the Act”), an amendment to Utah’s data breach notification law, creating several affirmative defenses for persons...more
4/7/2021
/ Affirmative Defenses ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
New Legislation ,
NIST ,
Personally Identifiable Information ,
Popular ,
State and Local Government ,
State Data Breach Notification Statutes
Florida may soon join the growing number of states that have enacted comprehensive consumer privacy legislation. Backed by Governor Ron DeSantis, Florida House Bill 969 (HB 969) would create new obligations for covered...more
3/3/2021
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Credit Reporting Agencies ,
Data Breach ,
Fair Credit Reporting Act (FCRA) ,
FIPA ,
Florida ,
GLBA Privacy ,
Governor DeSantis ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Non-Discrimination Rules ,
Opt-Outs ,
Personally Identifiable Information ,
Proposed Legislation
The California Privacy Rights Act (CPRA), passed in November, 2020, added to the California Consumer Privacy Act (CCPA) an express obligation for covered businesses to adopt reasonable security safeguards to protect personal...more
When California voters approved Proposition 24, the California Privacy Rights Act (CPRA), on November 3, 2020, the result was to substantially amend the California Consumer Privacy Act (CCPA) which became effective only 10...more
In recent years, there has been an uptick of W-2 phishing scams, and their consequences for an employer extend well beyond leaked data, including potential employee class action litigation. Just last week, a federal court in...more
Privacy and security continue to be at the forefront for legislatures across the nation, despite (or perhaps because of) the COVID-19 pandemic. In late May, with back-to-back amendments, Washington D.C. and Vermont...more
Whether it is facial recognition technology being used in connection with COVID-19 screening tools and in law enforcement, continued use of fingerprint-based time management systems, or the use of various biometric...more
As the COVID-19 pandemic presses on, privacy and security matters continue to be at the forefront for federal and state legislature. We recently reported that Washington D.C. updated its data breach notification law. Now, the...more
In the midst of COVID-19 challenges, privacy and security matters continue to be at the forefront for federal and state legislature. In late March, the Washington D.C. (“D.C.”) legislature amended its data breach notification...more
When privacy geeks talk “privacy,” it is not uncommon for them to use certain terms interchangeably –personal data, personal information, personally identifiable information, private information, individually identifiable...more
In response to trends, heightened public awareness, and a string of large-scale data breaches, states continue to enhance their data breach notification laws. In 2017 Maryland amended its Personal Information Protection Act...more
Our quarterly report discusses new developments in class action litigation and offers strategic guidance and tactical tips on how to defend such claims. This issue covers the following topics:
•California Consumer Privacy...more
In response to trends, heightened public awareness, and a string of large-scale data breaches, states continue to enhance their data breach notification laws. Illinois Governor J.B. Pritzker recently signed into law an...more
The Georgia Supreme Court may weigh in on the hot issue plaguing data breach class action litigation across the nation, must a data breach victim suffer actual financial loss to recover damages, or is the threat of future...more
A new school year is upon us and some students are already back at school. Upon their return, many students may experience new technologies and equipment rolled out by their schools districts, such as online education...more
New York has enacted the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) to amend the state’s data breach notification law to impose more expansive data security and data breach notification requirements on...more