On July 1, 2024, Florida, Oregon, and Texas will join California, Colorado, Connecticut, Utah, and Virginia by adding privacy laws governing the collection, use, and transfer of consumer personal data. Montana will follow...more
There are three states with biometric privacy laws. Texas, which passed its law in 2009, and Washington, which passed its law in 2017, followed Illinois’ passage of its 2008 law, the Biometric Information Privacy Act (BIPA)...more
Just as U.S. companies were settling into the idea of the EU’s General Protection Act (GDPR), California just passed the California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 et seq. (CCPA), which will require...more
7/13/2018
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Opt-Outs ,
Personally Identifiable Information ,
Private Right of Action ,
State and Local Government
As cybersecurity incidents affecting Target, Home Depot, Anthem, Sony, Ashley Madison, and many other companies have demonstrated, cybersecurity poses a significant legal risk to companies. ...more
4/6/2018
/ Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
Digital Assets ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Sale of Assets
The European Union (EU) General Data Protection Regulation (GDPR) comes into effect on May 25, 2018, so in less than 60 days. While many companies have been working to ensure compliance with respect to their customer and...more
4/6/2018
/ Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Employer Liability Issues ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Multinationals ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Risk Management
If you are a US-based or multinational company, you may have noticed that in the past few months you have started to see a significant increase in the number of vendor (or other) agreements that you have been asked to modify...more
4/2/2018
/ Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
Most people have heard of the Internet of Things, or IoT. With the holidays fast approaching, and with the onslaught of new smart and Internet-connected smart toys, for parents and toy manufacturers, at least for the next few...more
12/6/2017
/ Children's Toys ,
Connected Items ,
COPPA ,
Data Collection ,
Federal Trade Commission (FTC) ,
FERPA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet of Things ,
Mobile Device Management ,
Personally Identifiable Information ,
Popular ,
Smart Devices ,
Technology Sector ,
Wearable Technology
By now, you’ve probably heard that over 143 million records containing highly sensitive personal information have been compromised in the Equifax data breach. With numbers exceeding 40% of the population of the United States...more
When the topic of data privacy and cyber security comes up, most people automatically think of data breaches, especially given the high-profile nature of so many of them. Breaches and hacks are certainly an issue about which...more
9/11/2017
/ Banking Sector ,
Check Cashing ,
Couriers ,
Cybersecurity ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Mortgage Brokers ,
Non-Bank Lenders ,
Payday Loans ,
Personally Identifiable Information ,
Popular ,
Privacy Rule ,
Regulatory Oversight ,
Tax Preparers ,
WISP
Sometimes, it’s easy to know you’re being phished. There’s little chance that a bank administrator in a country you’ve never heard of really needs your help to get the unclaimed money of a deceased, rich foreigner out of the...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced a $2.5 million Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement with CardioNet, which is a company that...more
Are you doing business in Tennessee? Do you have computerized personal information about anyone in Tennessee (including employees, clients, or customers)? Are you encrypting that data in accordance with the current version of...more
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced another Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement. This one is with Metro Community Provider...more
4/17/2017
/ Data Breach ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Privacy Rule ,
OCR ,
Personally Identifiable Information ,
PHI ,
Risk Management ,
Settlement
As the healthcare industry has expanded to providing home healthcare services, more service providers are allowing their employees to work remotely, i.e., telecommuting. The flexibility for healthcare workers to work from...more
4/12/2017
/ Data Breach ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Privacy Rule ,
OCR ,
Personally Identifiable Information ,
PHI ,
Risk Management ,
Telecommuting