California’s governor recently signed SB 41 into law. The bill enacts the Genetic Information Privacy Act (GIPA). The governor rejected a similar bill last year over concerns about COVID-19 public health efforts. To address...more
10/13/2021
/ California ,
Coronavirus/COVID-19 ,
Corporate Counsel ,
Data Privacy ,
Data Security ,
Digital Health ,
Digital Privacy Act ,
Governor Newsom ,
Healthcare ,
New Legislation ,
Privacy Laws ,
State Privacy Laws
The New York Department of Financial Service recently clarified security incident notification requirements and the use of multi-factor authentication. On its FAQ page, the NYDFS added two new questions and answers for...more
The California AG recently reminded companies in the healthcare industry of potential data breach notification obligations beyond HIPAA. As ransomware attacks continue to rise, particularly in healthcare, companies should...more
The SEC recently announced a settlement with Pearson plc where the company has agreed to pay $1 million to settle charges that it misled investors about a 2018 cyber incident. According to the order, Pearson made misleading...more
In addition to recently passing a cybersecurity safe harbor law, Connecticut also updated its data breach notification law. Connecticut joins Texas in passing changes to breach notification requirements this year. There are...more
Colorado recently joined Virginia and California in passing a more comprehensive privacy law. The Colorado Privacy Act (CPA) will go into effect July 1, 2023. This is six months after Virginia’s law (CDPA) and California’s...more
7/14/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Colorado ,
Consumer Privacy Rights ,
Data Protection ,
Data Security ,
Enforcement ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
General Data Protection Regulation (GDPR) ,
Liability ,
New Legislation ,
Privacy Laws ,
State and Local Government
Starting this fall, companies transferring personal data from the European Economic Area (EEA) will likely begin to see a flurry of contract renegotiations. On June 4, 2021, the European Commission adopted long awaited new...more
6/17/2021
/ Cross-Border ,
Data Security ,
Data Transfers ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
FISA ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Recently, the National Institute of Standards and Technology (NIST) requested comments to its Resource Guide for implementing the HIPAA Security Rule. (i.e., SP 800-66). This Guide, first released in 2008, summarizes the...more
China is continuing to move forward with its first comprehensive privacy law. China recently issued a second version of the draft Personal Information Protection Law (Draft PIPL) which will be open for public comments until...more
5/14/2021
/ Breach Notification Rule ,
China ,
Cross-Border ,
Cybersecurity ,
Data Breach ,
Data Localization Law ,
Data Privacy ,
Data Security ,
Data Transfers ,
General Data Protection Regulation (GDPR) ,
Penalties ,
Personal Information ,
Popular ,
Proposed Regulation
Maine and North Dakota recently adopted the National Association of Insurance Commissioners (NAIC) data security model law. They join at least 11 others states who have already adopted the model law. The model law applies to...more
Utah recently amended its breach notice law to provide certain defenses to companies who suffer a data breach. It is now the second state, after Ohio, to include such provisions. Specifically, entities that create and...more
Artificial intelligence continues to remain a focus in 2021, as we predicted at the start of the year. From the FTC, to the EU, to others, regulators of all kinds are paying attention to companies’ use of these tools. In the...more
4/6/2021
/ Artificial Intelligence ,
Business Strategies ,
Cybersecurity ,
Data Privacy ,
Data Security ,
FDIC ,
Federal Trade Commission (FTC) ,
Government Agencies ,
Popular ,
Public Comment ,
Regulatory Requirements
Utah’s governor recently signed into law SB 227, creating the Genetic Information Privacy Act (GIPA). The law, which is anticipated to go into effect in May, is aimed at protecting genetic data collected from...more
3/30/2021
/ Consent ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Security ,
Data Use Policies ,
Enforcement Actions ,
Generic ,
Healthcare ,
Notice Requirements ,
Personal Information ,
Privacy Laws ,
Section 5 ,
State and Local Government ,
State Privacy Laws
By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would...more
Vermont recently amended its data breach notification law. The changes will go into effect July 1, 2020. As amended, the definition of “personal information” now includes the following when combined with a consumer’s first...more
At the end of March, Washington, D.C. signed the Security Breach Protection Amendment Act of 2019, which adds some significant changes to D.C.’s existing data breach law, first enacted in 2007. The law is projected to take...more
The FTC recently settled with smart lock maker Tapplock, Inc., a Canadian company, over allegations that it deceived consumers with false claims about its product’s security practices. These allegations arose based on...more
Businesses collecting personal information from New York residents will soon be expected to apply enhanced data security requirements. The New York SHIELD Act, signed into law in July 2019, expanded breach notice requirements...more
The FTC recently released its annual privacy and security report, providing a snapshot of the issues focused on in the previous year. These reports are often looked at as a signal for insights into the agency’s upcoming...more
3/5/2020
/ Annual Reports ,
Comment Period ,
COPPA ,
Data Privacy ,
Data Security ,
Enforcement Actions ,
Enforcement Statistics ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
NIST ,
Rulemaking Process
The FTC recently summarized three major changes it made to its orders in data security cases. In a blog signaling these changes, the FTC Indicated that some of the things it has been requiring of companies in 2019 are here to...more
1/15/2020
/ C-Suite Executives ,
Certificates of Compliance ,
Chief Information Security Officer (CISO) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Employee Training ,
Encryption ,
Federal Trade Commission (FTC) ,
Information Security ,
Internal Data Controls ,
Security Risk Assessments ,
Third-Party Liability
The FTC recently settled with Infotrax Systems, L.C. a technology company providing software to the direct sales industry. The settlement followed a breach suffered by the company, and involved allegations the company had...more
11/21/2019
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Settlement ,
Software Developers ,
Technology Sector
Effective October 1, 2019, organizations providing health insurance and related services must notify the Maryland Insurance Administration as part of its breach notification requirements.
In August 2019, the Maryland...more