Last month, the Director of the Division of Corporation Finance (“Director”) of the Securities and Exchange Commission (“SEC”) issued new guidance regarding disclosures of material cybersecurity incidents via Form 8-K under...more
6/18/2024
/ Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Form 8-K ,
Information Technology ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
The New York State Department of Financial Services (“NYDFS”), which regulates financial services institutions including banks, insurance companies, and mortgage brokers, finalized an amendment to its Cybersecurity Regulation...more
12/5/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Extortion ,
Financial Institutions ,
Financial Services Industry ,
New York ,
NYDFS ,
Popular
The comprehensive state privacy law trend (and the related trend of enhanced job security for privacy professionals) shows no sign of slowing. Last month the Montana legislature passed the Montana Consumer Data Privacy Act...more
5/9/2023
/ Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Information Technology ,
Personal Data ,
Regulatory Reform ,
State Privacy Laws
An Iowa comprehensive privacy law bill titled An Act Relating to Consumer Data Protection, Providing Civil Penalties, and Including Effective Date Provisions recently passed both chambers of the Iowa legislature with no...more
The Federal Trade Commission earlier this month undertook an enforcement action against online pharmacy and telehealth provider GoodRx, in the latest example of the agency seriously pursuing its role as the nation’s de facto...more
2/15/2023
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Digital Advertising Alliance ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Care Providers ,
Healthcare ,
Patient Privacy Rights ,
Pharmaceutical Industry ,
Pharmacies ,
PHI ,
Popular ,
Prescription Drugs ,
Section 5 ,
Targeted Digital Advertising ,
Telehealth ,
Unfair or Deceptive Trade Practices
While new comprehensive state privacy laws took most of the headlines this year, security threats and incident response remain key risk factors for privacy compliance programs and the subject of important legal developments....more
Connecticut recently became the fifth state with a comprehensive consumer privacy law when Governor Ned Lamont signed An Act Concerning Personal Data Privacy and Online Monitoring, which we will refer to as the Connecticut...more
The Utah Consumer Privacy Act (UCPA) is on the verge of becoming law after recently passing both chambers of the Utah legislature with no dissenting votes. Unless Utah’s governor vetoes the bill, Utah will become the fourth...more
Last week’s news that the Federal Trade Commission is taking steps to begin rulemaking on consumer privacy and artificial intelligence drew plenty of attention from privacy professionals, and suggests 2022 could be an...more
12/21/2021
/ Breach Notification Rule ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Federal Trade Commission (FTC) ,
Hackers ,
Healthcare ,
Mobile Health Apps ,
Personal Data ,
Personally Identifiable Information ,
PHI ,
Policy Statement ,
Popular
Before the CCPA became enforceable on July 1, 2020, much ink was spilled (or many keys were hit) about the California Office of the Attorney General’s (“OAG”) ability to obtain civil penalties for CCPA violations. After that...more
10/28/2021
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Corrective Actions ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Opt-Outs ,
Personal Information ,
Regulatory Violations ,
State Attorneys General ,
Targeted Digital Advertising
Organizations in the United States often ask us how to comply with GDPR. But starting with that question skips a key inquiry: the extent to which GDPR applies to a US company in the first place....more
3/17/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU Data Protection Laws ,
Extraterritoriality Rules ,
Foreign Corporations ,
General Data Protection Regulation (GDPR) ,
Goods or Services ,
Personal Data ,
Personally Identifiable Information ,
UK
The Virginia Consumer Data Protection Act (CDPA) became law earlier this week when the state’s governor signed a bill recently adopted by the state’s legislature, making Virginia the second state in the nation with a...more
3/9/2021
/ California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Protection ,
Information Governance ,
New Legislation ,
Opt-In ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government