In the second settlement under the California Consumer Privacy Act (CCPA), California Attorney General (AG) Rob Bonta announced a settlement over allegations that DoorDash sold consumers' personal information in a manner that...more
3/4/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
CalOPPA ,
Data Privacy ,
DoorDash ,
Marketing ,
Mobile Apps ,
Personal Information ,
State and Local Government ,
State Attorneys General ,
Statutory Violations
As we discussed in part three of this series, “Navigating the Complexities of Regulatory Data Incident Investigations,” when an organization is the subject of regulatory data incident investigations, it must navigate a...more
2/19/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Incident Response Plans ,
Investigations ,
NIST ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Oversight ,
Regulatory Reform ,
Regulatory Requirements ,
Settlement
Unauthorized Access, Troutman Pepper's privacy and cybersecurity-focused podcast, spotlights the human aspect of the cybersecurity industry, introducing you to the remarkable personalities that make the industry amazing....more
Unauthorized Access, Troutman Pepper's privacy and cybersecurity-focused podcast, spotlights the human aspect of the cybersecurity industry, introducing you to the remarkable personalities that make the industry amazing. In...more
It is indeed a tangled regulatory web woven to potentially trap an organization in the wake of a data incident. Navigating this web can involve significant resources, time, and stress. As we discussed in part two of this...more
12/13/2023
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Oversight ,
State Attorneys General
It’s official! The Unauthorized Access podcast has returned, now with a slightly different spin. Our monthly podcast will spotlight the human aspect of cybersecurity, bringing you closer to the remarkable personalities...more
The Delete Act (SB 362), signed into law by California Gov. Gavin Newsom on October 10, imposes additional disclosure and registration requirements on data brokers. It requires data brokers to support deletion requests...more
10/23/2023
/ California ,
California Privacy Protection Agency (CPPA) ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
New Legislation ,
Personal Information ,
Registration Requirement ,
Regulatory Reform ,
State and Local Government ,
State Privacy Laws
On October 10, Governor Newsom signed the Delete Act ( SB 362) into law, which amends California's current data broker law to impose extensive additional disclosure and registration requirements on data brokers, and to...more
10/20/2023
/ California ,
California Privacy Protection Agency (CPPA) ,
Consumer Reporting Agencies ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Deletion ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
New Legislation ,
Notice of Proposed Rulemaking (NOPR) ,
Personal Data ,
Personal Information ,
Personally Identifiable Information ,
Popular ,
Public Comment ,
Regulatory Reform
Popular file transfer tool MOVEit’s recent data security vulnerability prompted many businesses to communicate, internally and externally, about the impact of the incident on its business.
Originally published in Law360 -...more
10/16/2023
/ Consumer Privacy Rights ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Communications ,
Incident Response Plans ,
Personal Data ,
Personally Identifiable Information ,
Popular
Government regulators are seemingly as numerous as the stars nowadays, especially in the universe of data incidents. When organizations experience a data incident, they will need to quickly assess what happened, why it...more
10/16/2023
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Personally Identifiable Information ,
PHI ,
Regulatory Agencies ,
State Attorneys General
In the burgeoning realm of data incidents, it is a truism that such incidents are not created equal. Indeed, a data incident is not necessarily a data breach.
Originally published in Reuters -August 24, 2023...more
8/25/2023
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
NIST ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Regulatory Oversight
On July 26, the Securities and Exchange Commission (SEC) adopted, by a 3-2 margin, a final rule to require more immediate disclosure of material cybersecurity incidents by public companies. In addition, the final rule...more
On May 17, District of Colombia Attorney General Brian Schwalb announced the settlement of an investigation into Easy Healthcare Corporation, requiring the company to change its privacy practices involving the ovulation...more
In recent months, there has been an explosion of artificial intelligence tools that have given even technophobes an opportunity to test AI’s power from the comfort of their favorite web browser.
Originally published in...more
Recently, the Iowa Legislature sent a bill to Iowa Governor Kim Reynolds for her signature that would make Iowa the sixth state to enact a comprehensive privacy law. The Iowa Senate unanimously passed Senate File 262 (SF 262)...more
Before we jump into February developments — trigger warning if you are a Russian hacker — for those keeping track of breach notification requirements, the National Credit Union Administration (NCUA) Board approved a final...more
3/8/2023
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
FCC ,
Hackers ,
Malware ,
National Security Agency (NSA) ,
NCUA ,
Ransomware ,
Spyware ,
Telecommunications
When a business experiences a data security incident, there is invariably one principal question that the affected business wants answered: Who do we tell?
Originally published in Law360 on December 2, 2022....more
On Oct. 17 and again on Nov. 3, the California Privacy Protection Agency, or CPPA, modified the text of the proposed regulations implementing the California Privacy Rights Act, or CPRA.
Originally published in Law360 on...more
In this episode of Unauthorized Access, Kamran and Sadia welcome Lynn Peachey, director of business development at Arete. The three talk about Lynn’s life, being a woman in cyber, and perfecting the work-life balance. Welcome...more
A thesis statement for this month's Cyber Capsule might be "You're Doing It Wrong." Whether it's easily guessable passwords, manipulated URLs, or waiting longer than prudent to report a data breach, most of our items look at...more
In recent months, there has been an explosion of artificial intelligence (AI) tools that have given even technophobes an opportunity to test AI’s power from the comfort of their favorite web browser. From DALL-E’s ability to...more
Please find our eighth edition of the Cyber Capsule. In this edition, we discuss a brazen botnet, steps to shield the online availability of federal judges' personal information, the price of cybersecurity, and a warning...more
In this episode of Unauthorized Access, Kamran and Sadia are joined by Redpoint Cybersecurity VP of Client Engagement Violet Sullivan. The three cyber experts discuss board level buy-in and how to make sure the board is...more
It is 2022, which means you’ve received your fair share of consumer breach notification letters.
Originally published in Law360 on September 30, 2022....more
Please join Consumer Financial Services Partner Chris Willis and his colleagues Privacy + Cyber Associate Sadia Mirza and Privacy + Cyber Partner Kamran Salour as they discuss phishing. Kamran and Sadia break down what...more