Digital Planning Podcast - Interview With Leeza Garber
Compliance into the Weeds-Episode 39, Disclosure of Ransomware Attacks
Your Cyber Minute: Compliance with the Proposed NYDFS Cybersecurity Regulation
Safeguards against Data Security Breaches (Part One)
The FTC has reached a settlement with Residual Pumpkin Entity, LLC and PlanetArt, LLC—the former and current owners of online merchandise platform CafePress (collectively, “CafePress”)—to resolve allegations that CafePress...more
On January 1, 2019 Vermont’s breach notice law will include obligations specific to data brokers. A “data broker” is defined as a business that “knowingly collects and sells or licenses to third parties the brokered personal...more
Twelve state attorneys general have brought suit against two medical Information Technology companies. The AGs allege that the companies, Medical Informatics Engineering Inc. and its subsidiary, NoMoreClipboard LLC, had poor...more
As we approach 2019, companies will want to keep in mind the changes that are coming to various US states’ breach notice laws. On January 1, 2019 Iowa’s law, which has already been amended twice since it was passed in 2008,...more
On September 1, 2018, five new requirements included in the New York State Department of Financial Services’ (DFS) Cybersecurity Regulation go into effect – (1) audit trails, (2) application security, (3) data disposal...more
All U.S states have laws about data security and what to do when there’s a data breach. Here is what’s in the Arizona law. Who The Law Applies To. The law applies to anyone who conducts business in Arizona and who owns or...more
On Thursday, June 28, 2018, the California Consumer Privacy Act of 2018 (the Act) passed with resounding support from both Republicans and Democrats, who voted in favor of the bill 73-0-7 in the Assembly and 38-0-3 in the...more
The California Consumer Privacy Act of 2018 (“CCPA”) offers a new, very broad framework for data protection with increased obligations for businesses, and its reach is far and wide. It was passed in a whirlwind seven days. On...more
Continuing a trend in the last few years, in 2017, eight states amended their security breach notification laws to expand definitions of “personal information”, specify the timeframe in which notification must be provided,...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the European Commission's annual review of the Privacy Shield, a potential threat to the European Union's "standard contractual clauses," a push by...more
Effective June 16, 2017, New Mexico will join 47 other states (as well as the District of Columbia, Guam, Puerto Rico, and the Virgin Islands) by imposing breach notification requirements on entities experiencing information...more
During the recent 110th Regular Session of the Tennessee General Assembly, Governor Bill Haslam signed into law an amendment to the Tennessee Identity Theft Deterrence Act of 1999....more
Are you doing business in Tennessee? Do you have computerized personal information about anyone in Tennessee (including employees, clients, or customers)? Are you encrypting that data in accordance with the current version of...more
During 2016, amendments to breach notification laws in five states went into effect (California, Nebraska, Oregon, Rhode Island and Tennessee). And by the end of last year, well over twenty states had introduced or were...more
States aren’t static when it comes to data privacy and security laws. This is Part One of a two-part series about several new state privacy and data security laws that took effect within the last year. In this article,...more
Under this most recent change to California’s breach notification laws (California Civil Code sections 1798.29 and 1798.82), which takes effect January 1, 2017, businesses and agencies subject to the laws can no longer assume...more
On September 13, 2016, California Governor Jerry Brown signed into law AB 2828, an amendment to the law that requires businesses to disclose data breaches to California residents whose personal information has been...more
The New York Department of Financial Services has proposed new cybersecurity regulations “designed to promote the protection of customer information as well as the information technology systems of regulated entities...more
As has become typical in the data security space, there was quite a bit of activity in state legislatures over the previous year concerning data breach notification statutes. Lawmakers are keenly aware of the high profile...more
The State of Tennessee recently amended its data breach notification statute, Tenn. Code Ann. § 47-18-2107, which is set to go into effect on July 1, 2016. Numerous commentators have proclaimed that the amendment marks a...more
Sophisticated phishing scams and muscular hacking efforts continue to compromise personal and sensitive information held by insurers, hospital systems, and businesses large and small. In response, many states have...more
On March 24, 2016, Governor Haslam signed S.B. 2005 which amends Tennessee's data breach notice statute. The amended statute will go into effect on July 1, 2016. The new Tennessee breach notice requirements are triggered by...more
On April 13, 2016, Nebraska’s breach notification statute was amended when Governor Pete Ricketts signed LB835 into law. The Amendment included a variety of changes, including a regulator notification requirement and...more
In this edition of our Privacy & Cybersecurity Update, we examine changes to EU privacy and data protection laws, new state laws addressing data breach notifications, Congress' review of cyber insurance, and recent court...more
Since the beginning of 2015, numerous states have amended their data breach notification statutes to include expanded definitions of personal information, clarifications on encryption standards, and new notice content and...more