In 2024, Israel became the latest jurisdiction to enact comprehensive privacy legislation, largely inspired by the EU’s General Data Protection Regulation (“GDPR”). On August 5, 2024, Israel’s parliament, the Knesset, voted...more
1/8/2025
/ Compliance ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Officers (DPOs) ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Israel ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements
The Texas Legislature, which meets every other year, pushed a change to its data breach notification law at the end of the session in late May, and yesterday Governor Greg Abbott signed the bill into law...more
6/15/2021
/ Corporate Counsel ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Governor Abbott ,
Notification Requirements ,
State Attorneys General ,
State Data Breach Notification Statutes
In mid-March, Utah Governor Spencer Cox signed into law the Cybersecurity Affirmative Defense Act (HB80) (“the Act”), an amendment to Utah’s data breach notification law, creating several affirmative defenses for persons...more
4/7/2021
/ Affirmative Defenses ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
New Legislation ,
NIST ,
Personally Identifiable Information ,
Popular ,
State and Local Government ,
State Data Breach Notification Statutes
On December 8th, the Association of Corporate Counsel (ACC), which represents over 45,000 in-house counsel across 85 countries, announced the launch of its Data Steward Program (DSP) to help organizations and their law firms...more
Privacy and security continue to be at the forefront for legislatures across the nation, despite (or perhaps because of) the COVID-19 pandemic. In late May, with back-to-back amendments, Washington D.C. and Vermont...more
Last week, in its Cybersecurity Summer Newsletter, the Office of Civil Rights (OCR) published best practices for creating an IT asset inventory list to assist healthcare providers and business associates in understanding...more
9/4/2020
/ Compliance ,
Covered Entities ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Employee Training ,
Hardware ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Incident Response Plans ,
OCR ,
Software
Recently, the U.S. Federal Trade Commission issued an important opinion, concluding that Cambridge Analytica, LLC, the data analytics and consulting company, engaged in “deceptive practices to harvest personal information” of...more
In response to trends, heightened public awareness, and a string of large-scale data breaches, states continue to enhance their data breach notification laws. In 2017 Maryland amended its Personal Information Protection Act...more
Lots of action for the California Consumer Privacy Act (CCPA) in the last few days! After much anticipation, on October 10th, 2019, California Attorney General Xavier Becerra (“the AG”) announced the Proposed Regulations for...more
10/14/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Right to Delete
October is National Cybersecurity Awareness Month (NCSAM)! NCSAM is an annual event designed by the U.S. Department of Homeland Security (DHS) and co-led by the Cybersecurity and Infrastructure Security Agency (CISA) and...more
The California Consumer Privacy Act is almost here! The groundbreaking law takes effect January 1, 2020. Covered businesses and their service providers have already started preparing, as the CCPA continues to evolve since it...more
9/17/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Governor Newsom ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Private Right of Action ,
Right to Delete
On August 12, Mahesh Nattanmai, New York’s Chief Health Information Officer, issued a notice letter (“the notice”) on behalf of the New York State Department of Health (“Department”) requiring healthcare providers to use a...more
The California Consumer Privacy Act (CCPA), considered the most expansive U.S. privacy laws to date, is set to take effect January 1, 2020. In short, the CCPA places limitations on the collection and sale of a consumer’s...more
8/14/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Popular ,
Privacy Laws ,
Private Right of Action
A recent study surveying small and mid sized businesses (SMBs) found that 67% had experienced a cyber attack in 2018, and yet that same study found that cybersecurity is still “not on the to do list” for SMBs – 60% of the...more
New York has enacted the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) to amend the state’s data breach notification law to impose more expansive data security and data breach notification requirements on...more
On Thursday, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), sponsored by Senator Kevin Thomas and Assemblymember Michael DenDekker. The SHIELD Act, which...more
The California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020, is considered the most robust state privacy law in the United States. The CCPA seems to have spurred a flood of similar legislative proposals...more
The California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020, is considered the most robust state privacy law in the United States. The CCPA seems to have spurred a flood of similar legislative proposals...more
A district court in Tennessee recently concluded in Wachter Inc. v. Cabling Innovations LLC that two former employees who allegedly shared confidential company information found on the company’s computer system with a...more
On May 10, Governor Phil Murphy signed into law P.L.2019, c.95. an amendment enhancing New Jersey’s data breach notification law by expanding the definition of personal information, and updating notification requirements. As...more
The much-anticipated amendment to North Carolina’s data breach notification law that we reported on earlier this year (see here) has finally been introduced to the state’s General Assembly. The bill entitled, an Act...more
A few weeks back a company’s watch list containing nearly 2.5 million individuals and entities considered “high-risk” for its clients was mistakenly leaked to the public. A “high-risk” entity in this circumstance was one...more
The California Consumer Privacy Act (CCPA), passed in 2018 and taking effect January 1, 2020, is considered the most expansive state privacy law in the United States, and sparked a flurry of state privacy law legislative...more
In light of several large-scale breaches of late, the New Jersey General Assembly is taking steps to enhance the state’s data breach notification requirements. In late February, Assembly Bill 3245 (AB 3245), introduced by...more
In honor of Data Privacy Day (Data Protection Day in Europe), the European Commission (“the Commission”) released a statement on the status of the EU’s General Data Protection Regulation (“GDPR”) which took effect on May 25,...more