Arecent report put the odds of an asteroid hitting the earth in December 2032 at 3.1%—which is 3,100 times more likely than an organization resolving an enforcement action with the U.S. Department of Health and Human...more
3/4/2025
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
OCR ,
Patient Privacy Rights ,
Ransomware ,
Risk Assessment ,
Risk Management ,
Settlement
The California Privacy Protection Agency (CPPA) is starting formal rulemaking (again) as they move beyond the pre-rulemaking drafts that were debated for a little over a year. During their November 8, 2024, board meeting, the...more
11/15/2024
/ California ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Office of Administrative Law Judges (OALJ) ,
Regulatory Agenda ,
Regulatory Requirements ,
Rulemaking Process ,
State Privacy Laws
Pennsylvania recently amended their data breach notification law in a way that turns the status quo on its head. The law, Senate Bill 824, adds an obligation to provide regulatory notice and tweaks the definition of personal...more
Pennsylvania's Amended Data Breach Law Upends Standard Framework -
Pennsylvania recently amended their data breach notification law in a way that turns the status quo on its head. The law, Senate Bill 824, adds an...more
Over the weekend, a bipartisan and bicameral group in Congress unveiled a privacy proposal—The American Privacy Rights Act of 2024 (APRA)—along with a brief summary. The APRA builds on existing privacy frameworks at the state...more
The Florida legislature passed a bill that provides immunity to companies that suffer a data breach. The immunity is conditioned on the company: (1) complying with the notice requirements of Florida’s data breach notification...more
On November 27, California’s dedicated privacy law enforcement agency, the California Privacy Protection Agency (CPPA), released a draft of new rules covering automated decisionmaking (yes, they made “decisionmaking” one...more
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently announced its first settlement agreement related to a ransomware attack. But it was not the ransomware that triggered OCR’s enforcement...more
The New York Department of Financial Services (NYDFS) released the final amendments to its cybersecurity rules for financial, banking and insurance companies. The changes add obligations for accountability, incident...more
On July 26, the Securities and Exchange Commission (SEC) issued new rules adding cybersecurity disclosures for public companies in three areas: cybersecurity incidents, governance, and risk management and strategy. The new...more
Do you use Google Analytics? Do you tell consumers that you do not sell personal information? If you answered yes to both of those questions, then this alert is for you! The California attorney general recently took the...more
Let’s face it: CCPA compliance is not easy. And a recent study provides additional evidence for the commonsense conjecture that companies trying to just “follow the law” often do more or less than is required. In this alert,...more