Colorado was the third state in the U.S. to pass comprehensive privacy legislation, following in the footsteps of California and Virginia (the Colorado Privacy Act (the “CPA”). Now Colorado is increasing protections again,...more
On May 29, 2022, Maryland amended the Maryland Personal Information Protection Act (PIPA). Effective October 1, 2022, the amendment (https://mgaleg.maryland.gov/2022RS/chapters_noln/Ch_502_hb0962E.pdf ) revises provisions...more
The Employee Benefits Security Administration of the United States Department of Labor (“EBSA”) recently published guidance regarding cybersecurity best practices for recordkeepers and service providers responsible for plan...more
4/15/2021
/ 401k ,
Audits ,
Benefit Plan Sponsors ,
Cybersecurity ,
Data Security ,
Department of Labor (DOL) ,
EBSA ,
Employee Retirement Income Security Act (ERISA) ,
New Guidance ,
Pensions ,
Popular ,
Retirement Plan ,
Risk Assessment
The California Consumer Privacy Act (CCPA) imposes significant protections for California residents covered by the law, and significant burdens for companies required to comply with it. One area of concern is whether the CCPA...more
10/4/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Disclosure Requirements ,
Employer Liability Issues ,
Employment Records ,
Exceptions ,
Job Applicants ,
Opt-Outs ,
Personal Data
With major consumer data breaches making headlines on a semi-regular basis, legislators around the country are starting to hold businesses more accountable for cybersecurity compliance. Industry-specific laws such as HIPAA...more
2/7/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Data Security ,
FTC Act ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
Popular ,
Proposed Legislation ,
State and Local Government ,
State Data Breach Notification Statutes ,
Unfair or Deceptive Trade Practices
Recently the state of New Mexico enacted the Data Breach Notification Act, making it the 48th state in the United States to enact a statute requiring notice to individuals impacted by a data breach. In doing so, New Mexico...more
The Federal Trade Commission, continuing its quest to be the enforcer of consumer privacy rights, has come down hard this month on ASUSTeK and LabMD for their failure to have adequate data security standards. Because the FTC...more
The Federal Trade Commission’s PrivacyCon event brings together the FTC, researchers and academics to discuss the latest research and trends related to consumer privacy and data security. Much of the discussion today...more