In a recent letter to the UK law society, the UK Information Commissioner’s Office and the National Cyber Security Centre have provided lawyers with advice about ransomware payments...more
Indiana has made a minor amendment to its data breach notification law. Starting July 1, companies who are obligated to notify under the law must do so (to affected individuals and the Indiana Attorney General) without...more
The New York State Attorney General’s finding that EyeMed Vision Care LLC had failed to protect customer data in violation of the NY SHIELD Act provides insights for companies on how to protect information. New York’s SHIELD...more
Just as we thought 2022 was going to be significantly different than 2021, December 2021 and January 2022 events have thrown us for another (pandemic) loop. We anticipate that some of the privacy and cybersecurity...more
1/12/2022
/ Artificial Intelligence ,
Auto-Dialed Calls ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CAN-SPAM Act ,
CARU ,
CDPA ,
Consumer Privacy Rights ,
COPPA ,
Cross-Border Transactions ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Employee Tracking ,
EU ,
FCC ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Identity Theft ,
Machine Learning ,
Mobile Privacy ,
Ransomware ,
SCOTUS ,
TCPA
As we look to 2022, a question on many companies’ minds is what actions we will see from the FTC. Two recent developments are important on that front.
First, the FTC recently signaled its intent to initiate rulemaking on...more
12/23/2021
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Algorithms ,
Breach Notification Rule ,
Cybersecurity ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Identity Theft ,
Online Safety for Children ,
Regulatory Oversight ,
Rulemaking Process ,
Safeguards Rule ,
State and Local Government
The California Privacy Protection Agency recently published public comments received in response to its preliminary rulemaking activities for the California Privacy Rights Act (CPRA). The comments were originally solicited in...more
The Chinese agency charged with implementing and enforcing the new Personal Information Protection Law has issued draft measures for cross-border data transfers. Comments are due by November 28. As we detailed previously, the...more
The FTC recently announced a final rule updating its GLBA Safeguards Rule to “strengthen the data security safeguards” of consumer financial information. The FTC reported that it was making these changes in response to...more
In the wake of increased ransomware attacks over the course of the last several months, the US Department of Treasury’s Office of Foreign Assets Control (OFAC) has updated a guidance it released last year on potential...more
10/5/2021
/ Compliance ,
Cryptocurrency ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
New Guidance ,
Office of Foreign Assets Control (OFAC) ,
Penalties ,
Popular ,
Ransomware ,
Sanctions ,
U.S. Treasury
New York City recently amended its law governing third party delivery services, with the changes going into effect December 27, 2021. The revised law specifically permits restaurants to ask for customers’ personal information...more
9/29/2021
/ Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Collection ,
New York ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Proposed Regulation ,
Restaurant Industry ,
State and Local Government
Baltimore recently prohibited several uses of “face surveillance” technology. Under the new law companies cannot use systems that identify or verify individuals based on their face. The law also prohibits saving information...more
The SEC recently announced a settlement with Pearson plc where the company has agreed to pay $1 million to settle charges that it misled investors about a 2018 cyber incident. According to the order, Pearson made misleading...more
The New York State Department of Financial Services recently announced new guidance addressing ransomware attacks, and highlighting cybersecurity measures to significantly reduce the risk of an attack. The guidance comes as...more
7/13/2021
/ Confidential Information ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
FBI ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
New Guidance ,
NYDFS ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Supply Chain
MoviePass, a movie subscription service, has agreed to a proposed settlement with the FTC over alleged deception and lack of security allegations. The now-defunct company not only allegedly marketed its service as a “one...more
The Department of Labor recently issued cybersecurity guidance to retirement plans. The department’s Employee Benefits Security Administration (EBSA) issued guidance in three areas: (1) hiring and working with vendors and...more
6/8/2021
/ Benefit Plan Sponsors ,
Cybersecurity ,
Data Management ,
Data Security ,
Department of Labor (DOL) ,
EBSA ,
Electronic Records ,
New Guidance ,
NYDFS ,
Retirement Plan ,
Supply Chain ,
Third-Party Service Provider ,
Vendors
The New York State Department of Financial Services recently issued recommendations to financial institutions in the aftermath of the SolarWinds cyberattack. In that attack, hackers inserted malware into SolarWinds software...more
5/26/2021
/ Cybersecurity ,
Cybersecurity Framework ,
Data Security ,
Financial Institutions ,
Financial Services Industry ,
New York ,
NYDFS ,
Popular ,
Software ,
SolarWinds ,
Supply Chain ,
Third-Party Service Provider
China is continuing to move forward with its first comprehensive privacy law. China recently issued a second version of the draft Personal Information Protection Law (Draft PIPL) which will be open for public comments until...more
5/14/2021
/ Breach Notification Rule ,
China ,
Cross-Border ,
Cybersecurity ,
Data Breach ,
Data Localization Law ,
Data Privacy ,
Data Security ,
Data Transfers ,
General Data Protection Regulation (GDPR) ,
Penalties ,
Personal Information ,
Popular ,
Proposed Regulation
Utah recently amended its breach notice law to provide certain defenses to companies who suffer a data breach. It is now the second state, after Ohio, to include such provisions. Specifically, entities that create and...more
Artificial intelligence continues to remain a focus in 2021, as we predicted at the start of the year. From the FTC, to the EU, to others, regulators of all kinds are paying attention to companies’ use of these tools. In the...more
4/6/2021
/ Artificial Intelligence ,
Business Strategies ,
Cybersecurity ,
Data Privacy ,
Data Security ,
FDIC ,
Federal Trade Commission (FTC) ,
Government Agencies ,
Popular ,
Public Comment ,
Regulatory Requirements
As the first quarter of 2021 comes to a close, cyberattacks are only gaining momentum. As we reported last month, these attacks have become big business for threat actors, and companies are working hard to be prepared. Taking...more
To round out this series on right-sizing a privacy program, our last stop is thinking about the impact of working with third parties. There are many legal requirements to assess and/or to address in third party contracts when...more
1/29/2021
/ Business Development ,
California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Standard Contractual Clauses ,
Strategic Planning ,
Third-Party
As mentioned in the prior post in this series, a strategically developed privacy program can help support companies in a rapidly changing legislative and enforcement environment. As part of taking a strategic approach,...more
Later this week, January 28, 2021 will mark International Privacy Day: a day corporations release educational efforts around privacy and data protection. There are many reasons to approach privacy proactively in 2021: (1)...more
As we reach the end of January 2021, it is becoming increasingly clear that this will be a busy year in the areas of privacy and data security. Following up on our posts discussing some of the important trends from last year,...more
The operator of CafePress, an online retailer that sells customizable mugs and other products, has reached an agreement with New York State Attorney General Letitia James and six other State Attorneys Generals to settle...more