Keypoint: While the act does not include many provisions found in the more recent consumer data privacy laws, it would expand privacy notice obligations in one significant way although the applicability and scope of that...more
On April 4, 2024, Kentucky joined the rapidly growing number of states adopting a comprehensive data privacy law, when Governor Andy Beshear signed, the Kentucky Consumer Data Protection Act ("Kentucky CDPA"). The law will...more
Keypoint: In the aftermath of the Supreme Court’s Dobbs decision, Washington legislators introduced legislation to enhance privacy protections for consumer health data. In early March, lawmakers in Washington state’s House...more
Is your business one that has not prioritized compliance with data privacy laws because you do not collect personal data about your customers? If so, you are in good company, but it is time to reframe your approach on data...more
Today (January 28, 2022), is National Data Privacy Day. While not a day of celebration with cards or gifts, the day does provide an opportunity to check in on the developments in consumer data privacy across the United...more
Started in Europe in 2007, Data Privacy Day, or Data Protection Day as it is known internationally, is an international effort that takes place annually on January 28 to create awareness of the importance of data privacy. In...more
The Gramm-Leach-Bliley Act (GLBA) is a federal law that establishes various legal requirements for companies that qualify as “financial institutions” under the Act. The GLBA’s definition of a “financial institution” is...more
On May 13th, New York State Senator Kevin Thomas, Chair of NY’s Consumer Protection Committee, reintroduced the New York Privacy Act (“NYPA”), a comprehensive consumer privacy law similar in kind to the California Consumer...more
First we take Sacramento, then we take Berlin: How do US data protection laws affect how you do business. The webinar is aimed at in-house or outside counsel, as well as data protection and compliance officers. In this...more
We are now seeing a potential trend where states are incentivizing companies through the creation of safe harbors to improve their cybersecurity posture, instead of penalizing them after a breach of personal information. Utah...more
Keypoint: New Utah law creates incentive for businesses to develop and implement a written cybersecurity program to protect themselves against data breach lawsuits. On March 11, 2021, Utah governor Spencer Cox signed the...more
Keypoint: Although weakened from its original version, the Oklahoma bill would (if enacted) provide substantial privacy rights to Oklahoma residents and, in some respects, provide more privacy protections than found in the...more
Florida may soon join the growing number of states that have enacted comprehensive consumer privacy legislation. Backed by Governor Ron DeSantis, Florida House Bill 969 (HB 969) would create new obligations for covered...more
The FTC recently settled with Ascension Data & Analytics for failure to oversee service providers. Ascension provides services to mortgage companies within its corporate family of entities. According to the complaint,...more
In the midst of COVID-19 challenges, privacy and security matters continue to be at the forefront for federal and state legislature. In late March, the Washington D.C. (“D.C.”) legislature amended its data breach notification...more
In today’s world, cybersecurity breaches and threats are pervasive concerns for any business entity, without exception. Working from home arrangements due to COVID-19 constraints only magnify the risk and create further...more
Cybersecurity breaches and threats are pervasive concerns for any entity storing valuable data or managing large sums of money: private investment funds are no exception. Recently three private equity firms suffered breaches...more
To stay ahead of the new privacy and data security requirements, such as CCPA and recent data security state laws, insurers need to take steps now to navigate the increasingly complex regulatory landscape. This article...more
The Florida Senate and House of Representatives are considering two bills (SB 1670 and HB 963) that, if adopted, will amend Florida law to create the state’s first comprehensive privacy law (though they do not go nearly as...more
New York State has enacted S5575, the Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”). This new law amends New York General Business Code 899-aa and adds Section 899-bb to significantly expand consumer...more
New York recently enacted important changes to its data breach notification requirements (Breach Requirements) and created a statutory obligation to maintain reasonable data security (Security Requirements). Under the new...more
While businesses have been focused on meeting the looming January 1, 2020 deadline of the California Consumer Privacy Act ("CCPA"), Nevada just ratchetted up the heat by imposing an earlier October 2, 2019 deadline for...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - NIST Director Discusses Future Development of Cybersecurity Framework - On March 4, the director of the National Institute of Standards and Technology...more
As we explained in our last alert, California’s new comprehensive data privacy law is to take effect on January 1, 2020. For companies subject to this law, compliance will require a substantial investment of time, effort,...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more