When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
Some writers (not from my great state of Rhode Island) act like Rhode Island has been behind the times when it comes to data privacy and security when discussing Rhode Island’s new privacy law. I feel a need to explain that...more
As states take pioneering steps towards AI legislation, businesses face new compliance landscapes affecting their operation and strategic planning. California and Colorado are leading with distinct yet influential legislative...more
On May 1, 2024, amendments to Utah’s cybersecurity and data breach notification law took effect. The state’s cybersecurity and data breach notification law requires an organization that conducts business in the State of Utah...more
Introduction - Illinois has enacted laws addressing rights and obligations related to data privacy. Companies and organizations that handle, collect, disseminate, or otherwise deal in nonpublic information have a number of...more
The State of Utah recently amended its general data breach notification statute to update the content that must be reported to the Utah Attorney General or the Utah Cyber Center. The amendments also clarify when notifications...more
Utah, among other privacy laws it has enacted or modified recently, has also modified its breach notification law. This follows last year’s changes to the law, which among other things codified the state’s Cyber Center....more
On March 19, Utah enacted SB 98 which amended the state’s online data security and privacy requirements. SB 98 will include new protocols that individuals and governmental entities must follow under its data breach reporting...more
On December 21, 2023, the FCC announced it adopted an updated data breach notifications rule. The rule was formerly designed to protect consumers against pretexting, “a practice in which a scammer pretends to be a particular...more
On November 1, the New York Department of Financial Services (NYDFS) amended its cybersecurity regulations to set additional notification, administrative, training and technical requirements. The Amended Cybersecurity...more
On November 14, 2023, the Wisconsin State Assembly passed Assembly Bill 466, otherwise known as the Wisconsin Data Privacy Act (WDPA). The bill passed on its third reading and was immediately ordered to the Wisconsin State...more
Publications and Advisories - November 13, 2023 – Kathleen Benway, Kate Hanniford, Amy Mushahwar, Kim Peretti, and Lance Taubin published “Privacy, Cyber & Data Strategy Advisory: FTC Approved New Data Breach Notification...more
With an amendment to its Safeguards Rule, the Federal Trade Commission has joined other federal agencies regulating cybersecurity breaches. Our Privacy, Cyber & Data Strategy Team analyzes how the amendment will affect...more
The Federal Trade Commission has approved an amendment to the Safeguards Rule under the Gramm-Leach-Bliley Act that creates a new data privacy regulatory reporting requirement for non-banking financial entities. Covered...more
On October 27, the Federal Trade Commission (“FTC”) unanimously voted to amend the Safeguards Rule to require non-banking financial institutions to report data breaches and security events to the Agency. This amendment will...more
Perkins Coie's Privacy & Security practice maintains this comprehensive chart of state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in understanding each...more
A flurry of legislative activity over the past year has brought meaningful changes to a variety of privacy and security provisions in state and federal law. At the state level, as in 2022, we have seen a handful of changes to...more
Summary - On May 18, 2023, the Federal Trade Commission (“FTC”) announced a Notice of Proposed Rulemaking (the “Proposed Rule”), which both clarifies the scope of the Health Breach Notification Rule (“HBN Rule”) to include...more
On May 27, the Texas governor signed SB 768 to amend the state’s data breach notification statutes. The Act requires entities to notify the attorney general “as soon as practicable” and not later than 30 days after the date a...more
Prompted by a rapid increase in frequency, sophistication, and scale of data leaks and data breach legislation in recent years, the Federal Communications Commission (FCC) unanimously voted to kick off a proceeding aimed at...more
This year has seen some substantial new data breach settlements including a $500,000 Federal Trade Commission (FTC) fine against CafePress, a $1.25 million multi-state class action settlement and $5 million New York...more
On October 18, 2022, the European Data Protection Board (“EDPB”) published a proposed updated version of its regulatory guidance on personal data breaches under the EU GDPR (the “Proposed Updated Guidance”). The Proposed...more
Already considered among the most rigorous cybersecurity requirements for financial services companies, the existing New York Department of Financial Services (“NY DFS”) Cybersecurity Regulation (the “Regulation”) set the...more
The latest proposed Federal Privacy Law, titled the American Data Privacy and Protection Act (“ADPPA”), continues to gain momentum and in late July 2022, the House Committee on Energy and Commerce voted to advance the bill to...more
Last week, I discussed eDiscovery in the Asia Pacific (APAC) region in terms of what each country has in place from a rules and discovery standpoint. eDiscovery isn’t the only discipline where US-based bloggers like me tend...more
Since the introduction of the Data Protection Act (the “DPA”) in 2017, there has been a steady increase in the number of data protection breaches that have been reported to the Office of the Ombudsman . It is expected that...more