Employers had a big win in late June 2023 when a trial court in Sacramento enjoined until March 29, 2024, enforcement of the final regulations under the California Privacy Rights Act (CPRA), the only one of 14 recently...more
On December 26, 2023, the Department of Defense (“DoD”) published the long-awaited Proposed Final Rule for the Cybersecurity Maturity Model Certification (“CMMC”) program. At a high level, the CMMC program is a mechanism by...more
Data privacy and cybersecurity risks are critical components of M&A transactions due to the potential exposure for legal liability for non-compliance, as well as the financial and reputational harm and the material impact...more
Two months ago, the White House released its National Cybersecurity Strategy. Since then, various government agencies have issued new cybersecurity guidance for certain critical infrastructure subsectors. For example, the...more
Last month, on Data Privacy Day, Colorado’s Attorney General Philip Weiser released prepared remarks entitled “The Way Forward on Data Privacy and Data Security” that shed some light on his approach to enforcing Colorado’s...more
The U.S. Department of Justice announces an initiative targeting cybersecurity-related fraud by government contractors and grant recipients. On October 6, 2021, the U.S. Department of Justice ("DOJ") announced a new Civil...more
On May 1, 2020, the U.S. Department of Health and Human Services (HHS) signaled a paradigm shift in the manner in which patient electronic health information (EHI) is accessed, used, and disclosed....more
What is CMMC? CMMC is a unified cybersecurity standard and certification program for all U.S. Department of Defense (DoD) contractors. On January 31, 2020, DoD’s Office of the Under Secretary of Defense for Acquisition &...more
Investment Advisers - ANNUAL COMPLIANCE REVIEWS - All investment advisers registered with the Securities and Exchange Commission (“SEC”) or at the state level are required to review their compliance policies and procedures...more
On October 22, the Interactive Advertising Bureau (IAB), a media and marketing industry trade group, released for public comment the California Consumer Privacy Act Compliance Framework for Publishers and Technology Companies...more
I. Summary of effective dates - – Effective January 1, 2020 – Enforcement starting July 1, 2020 – Employees not covered for first 12 months*...more
The Office of the Under Secretary of Defense for Acquisition and Sustainment has been on a fast track mission to shore up the cybersecurity measures of defense contractors and the supply chain to the Department of Defense...more
On September 13, the final day of its legislative session, the California Legislature approved five amendments to the California Consumer Privacy Act (CCPA), the state’s sweeping new privacy law that takes effect on January...more
As we sip champagne reflecting on the first anniversary of the effective date of the European General Data Protection Regulation (GDPR), we consider the obligations that employers should bear in mind....more
When the European Union’s General Data Protection Regulation (GDPR) became effective on May 25, 2018, many US-based hospitals struggled to determine whether they were subject to the GDPR and, if so, what they must do to...more
On December 29, 2017, the Standardization Administration of China, jointly with the PRC General Administration of Quality Supervision, Inspection and Quarantine, issued the Information Security Technology – Personal...more
Words matter. Nowhere is this truer than in legislation, where word choices—often the product of long debate and imperfect compromise—determine the scope and impact of a law. ...more
The European Union’s General Data Protection Regulation (commonly known as GDPR) has broad implications that reach even local public agencies in the United States. GDPR, which took effect May 25, is a sweeping global privacy...more
The New York Department of Financial Services (“NYDFS”) has adopted a regulation that requires “consumer credit reporting agencies” (“CCRAs”) to register with the NYDFS, prohibits CCRAs from engaging in certain practices, and...more
The New York Department of Financial Services issued new regulations requiring every consumer credit reporting agency that “assembles, evaluates, or maintains a consumer credit report on any consumers located in New York...more
How does a company transfer data from the European Union (EU) to the US under the General Data Protection Regulation (GDPR) which went live on May 25, 2018? I recently had the opportunity to visit Jonathan Armstrong, partner...more
Worldwide, companies are scrambling to meet the May 25th deadline to comply with the European Union’s General Data Protection Regulation (GDPR). For companies with physical operations in an EU member state, this deadline is...more
As part of the Rocky Mountain Information Security Conference hosted in Denver from May 8 to 10, 2018, Ballard Spahr Privacy and Data Security attorney David Stauss sat down with Robb Reck, Chief Information Security Officer...more
It is safe to say that there has been much fear and confusion over the European Union (EU) General Data Protection Rule, or GDPR. ...more