2023 New Data Privacy Requirements
Hinshaw Insurance Law TV – Cybersecurity Part One: Data Breach Notification
Law Brief: The Requirements of the SHIELD Act and Other Recommendations for Virtual Business Operations
CF on Cyber: Leveraging the Incident Response Guide to Prepare for the CCPA
II-31- The Changing 9 to 5 From 1980 to Today
On November 1, 2023, the New York Department of Financial Services (NY DFS) published its highly anticipated final amendments to its influential cybersecurity requirements for financial services companies (Part 500)....more
On 7 September 2023, the Saudi Data & Artificial Intelligence Authority (SDAIA) published the (i) Implementing Regulations of the Personal Data Protection Law (PDPL) and (ii) Regulation on Personal Data Transfer outside the...more
Five Years After ‘a Singular Human Error,’ Two Breach Notices, Revenue Firm Settles With OCR - As far as settlements for alleged HIPAA violations go, a recent agreement announced by the HHS Office for Civil Rights (OCR)...more
Each Academy provides three-and-a-half days of classroom-style training covering the latest laws, regulations, and developments to help you effectively manage your organization’s compliance program. They are ideal for...more
Thus far, telehealth breaches have been exceedingly rare, but as telehealth is increasingly used, telehealth data breaches and similar incidents may become more commonplace. Here are 10 steps for responding to a telehealth...more
Virginia has a new law, the Insurance Data Security Act (New Law), going into effect on July 1, 2020, which will expand the data security and incident notification requirements on insurers licensed in the Commonwealth. The...more
In July 2019, New York Gov. Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), which amended New York’s data breach notification law to broaden notification obligations and...more
The California Consumer Privacy Act (CCPA) took effect on New Year’s Day. California is the first state in the union to create a data privacy law for its residents. Other states will follow soon. For compliance purposes,...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the European Parliament's report on whether and how the use of blockchain technology can comply with the General Data Protection Regulation, as well as...more
On May 24, 2019, Oregon Governor Kate Brown signed into law Senate Bill 684, which requires vendors, service providers and other entities that maintain or possess consumers’ personal information to notify consumers of a...more
Oregon amended its data breach notice statute (ORS §§ 646A.600 – 646A.628) on May 24, 2019. Beginning January 1, 2020, Oregon will be the first state to explicitly require vendors to notify the attorney general about data...more
Early last year, I posted about tougher, bi-partisan privacy and data security legislation in the works in North Carolina. North Carolina State Representative Jason Saine (R), Senior Appropriations Chair, teamed-up with North...more
Ohio is the second state in the country to adopt cybersecurity legislation modeled after the National Association of Insurance Commissioner’s (NAIC) Insurance Data Security Model Law. ...more
Ohio recently followed South Carolina as the second state to adopt cybersecurity legislation modeled after the NAIC’s Insurance Data Security Model Law. The Ohio law, Senate Bill 273, applies to insurers authorized to do...more
Independent schools, like other non-profits, have valuable digital assets that bring cybersecurity obligations with them. For example, schools typically extend financial aid to students and medical benefits to employees only...more
In another change to US state breach notice laws in 2019, South Carolina will have new breach notice requirements for insurance companies. The requirements follow the National Association of Insurance Commissioners’ Insurance...more
The ramp-up of cybersecurity regulation, albeit in a patchwork fashion through state-level legislation, has begun. On May 18, 2018, South Carolina enacted the Insurance Data Security Act (Act), becoming the first state to...more
Your heart raced when the caller on the phone identified himself as an FBI agent. But the conversation was matter-of-fact. About 2,500 sets of credit card information from your clients had been posted for sale on a...more
The revised regulations eliminate many of the categorical requirements in the original proposal and instead adopt a more risk-based approach. On December 28, 2016, the New York State Department of Financial Services...more