Under the emerging regime of privacy laws in the U.S., businesses must prepare to assess the protection of certain information in view of proposed data processing activities, beginning with the new laws to be effective in...more
The New York Department of Financial Services (the “NY DFS”) has published three new FAQs that interpret certain requirements under its Cybersecurity Regulation (23 NYCRR 500, the “NY DFS Cyber Reg”) related to breaches by...more
Addressing the evolving landscape of privacy laws will be at the top of the list of New Year’s resolutions for those doing business in the U.S. Businesses will need to assess and address changes in California privacy law, and...more
On December 7, 2021, the New York Department of Financial Services (“NY DFS”) released an industry letter providing guidance on Multi-Factor Authentication (“MFA”). MFA, which requires users of information systems to...more
This summer, following two years of work toward a model state privacy law, the Uniform Law Commission (ULC) has entered the privacy debate by adopting The Uniform Personal Data Protection Act (the “Uniform Act”) by a vote of...more
In 2023, new consumer privacy laws will be effective in Colorado, Virginia, and California. Of these, the Colorado Privacy Act (SB 21-190 , the “CPA”) is the latest to be enacted. Effective July 1, 2023, the CPA shares many...more
In the wake of the disruptive ransomware attack on the Colonial Pipeline in early May 2021, the U.S. Transportation Security Administration (“TSA”) issued two security directives to the pipeline industry. The first, Security...more
If your business is subject to the CCPA and (alone or in combination) bought, received, sold, or shared for commercial purposes the personal information of 10 million or more consumers (i.e., California residents) in 2020,...more
“Reasonable Security” is a term that is becoming more important due to the continued increase in ransomware incidents over the past few years, which the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) has...more
Ransomware is dominating headlines and creating unimaginable headaches. Ransomware has been deployed against every industry sector, and against municipalities and other government agencies. The resulting disruptions and...more
The New York Department of Financial Services (NYDFS) has now released a pair of alerts on the increase in cyberattacks on public facing insurance websites that provide instant quoting services to customers. If you provide...more
As we have discussed in previous articles, through the California Consumer Privacy Act (CCPA), California has set new privacy standards, granted new consumer rights, and imposed new obligations on businesses. Although clearly...more
George Orwell raised the spectre of Big Brother peeking into all aspects of our lives. On Tuesday, January 5, 2021, President Trump upped the ante. By issuing Executive Order 13971 entitled, “Addressing the Threat Posed by...more
Having set a new standard for privacy in the United States with the California Consumer Privacy Act of 2018 (the “CCPA”), California has again raised the bar for consumer privacy with the California Privacy Rights Act (the...more
16 July 2020 will go down in data protection history. On that day, the EU Court’s decision in Schrems II dealt international data transfer a mighty blow....more
On June 1, 2020, the Office of the California Attorney General submitted the final proposed regulations package under the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL). As...more
Recently we discussed NY DFS guidance to regulated entities, warning of the heightened cyber risks resulting from COVID-19 as cyber criminals look to exploit the increase in remote work and many individuals accustom...more
Reminding NY DFS regulated entities that its Cybersecurity Regulation (23 NYCRR Part 500) requires assessment of cybersecurity risk, and the reporting of certain cybersecurity events within 72 hours, the DFS issued guidance...more
The CCPA became effective January 1, 2020. Some businesses prepared to meet the deadline, while others have become partially compliant but still have more to do. Some may not have begun. What should a business be doing at...more
As we reported here the California Attorney General released proposed regulations pursuant to the California Consumer Privacy Act (CCPA) on October 10, 2019. These proposed regulations were modified on February 7 and again on...more
We want to enable our personnel to work from home during this health crisis. What do we need to worry about from a privacy and cybersecurity perspective?
1.Equipment. Personnel working remotely will need equipment, and you...more
The long-awaited amendments to the California Consumer Privacy Act of 2018 (CCPA) have finally become law. On October 11, 2019—two days before the October 13 deadline—California Governor Gavin Newsom announced that he signed...more
On October 10, 2019, the California Office of the Attorney General (“AG”) published the long-awaited proposed text of the California Consumer Privacy Act Regulations (the “Proposed Regs”). The Proposed Regs provide guidance...more
10/17/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Proposed Regulation ,
Right to Delete
On September 13, 2019, the California State Legislature passed several amendments to the California Consumer Protection Act (“CCPA”), which was originally passed in 2018 as a flawed and widely-criticized piece of legislation....more
Beginning on January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) will impose new privacy obligations on certain businesses that collect personal information of California consumers. Employers with employees in...more