Amy Pimentel on Cybersecurity

CPPA moves closer to finalizing amended CCPA regulations

As the California Privacy Protection Agency (CPPA) prepares for its July 24, 2025, meeting, it released a revised set of California Consumer Privacy Act (CCPA) regulations that contain modest changes to the ones it released...more

7/25/2025 / Amended Regulation , California , California Consumer Privacy Act (CCPA) , Cybersecurity , Data Privacy , New Regulations , Reporting Requirements , Risk Assessment

Privacy Framework 1.1 Gets a Tune-Up in NIST’s Latest Draft Update

On April 14, 2025, the National Institute of Standards and Technology (NIST) released a draft update to the NIST Privacy Framework 1.1. The updates are meant to enhance organizations’ data governance and risk management and...more

4/24/2025 / Artificial Intelligence , Corporate Governance , Cybersecurity , Data Privacy , Data Protection , NIST , Privacy Laws , Risk Management , State Privacy Laws

Draft CCPA Regulations Stalled as Agency Struggles With Applicability of ADMT Rules

On July 15, 2024, the California Privacy Protection Agency (CPPA) released proposed updates to the California Consumer Privacy Act (CCPA) regulations, including updates to the draft risk assessments, automated decisionmaking...more

7/23/2024 / Automated Decision Systems (ADS) , California Consumer Privacy Act (CCPA) , Corporate Counsel , Cybersecurity , Insurance Industry , Proposed Rules , Regulatory Agenda , Risk Assessment , Rulemaking Process , Technology Sector

For the General Counsel’s Desk: Managing Enforcement Risks Involving Cookies, Pixels, and Other Tracking Technologies

Data governance is a mission-critical issue for every company and institution in the United States. GCs face a host of pressing cybersecurity concerns. Triaging them requires time, attention, and a well-rounded strategy...more

[Webinar] Trends in Customer Data Acquisition and Use for Alcohol Companies - June 8th, 12:00 pm - 1:00 pm EDT

The legal privacy landscape is quickly shifting as new consumer privacy laws spring up each year. Alcohol companies looking to maximize their customer data must understand how to comply with applicable privacy rules and...more

6/2/2023 / Breweries , Consumer Privacy Rights , Continuing Legal Education , Customer Information , Cybersecurity , Data Collection , Data Privacy , Data Use Policies , Distilleries , Marketing , Privacy Laws , Risk Mitigation , Supply Chain , Webinars , Wineries

Creating a Cyber Volunteer Force: Strategy and Options

Critical infrastructure and essential services in the United States—especially small or rural service providers—are highly vulnerable to disruptions from cyber attacks. Given the ever-growing need for cybersecurity services...more

3/30/2023 / Critical Infrastructure Sectors , Cyber Attacks , Cybersecurity , Incident Response Plans , Nonprofits , Risk Assessment , Volunteers

[Webinar] Mitigating Risk Exposure Under Evolving Global Cookies Regulations - May 19th, 12:00 pm - 1:00 pm EDT

The regulation of cookies and similar tracking technologies is rapidly evolving, not only in the European Union and United Kingdom but also in the United States and globally. If you have visited a website recently, you might...more

5/10/2021 / Cookies , Cybersecurity , Data Collection , Data Privacy , Data Protection , Data Protection Authority , e-Privacy Directive , Enforcement Actions , EU , General Data Protection Regulation (GDPR) , Member State , Popular , Privacy Laws , Risk Mitigation , UK , Webinars , Websites

[Event] CCPA Compliance: An Interactive Workshop - Multiple Dates/Locations, February 11th - 24th

Effective as of January 1, 2020, the California Consumer Privacy Act (CCPA) gives broad rights to people on their personal data in the custody of companies. This focus on data rights significantly raises the compliance burden...more

[Event] CCPA Compliance: An Interactive Workshop - Multiple Dates/Locations, Jan. 22nd - 30th

Effective as of January 1, 2020, the California Consumer Privacy Act (CCPA) gives broad rights to people on their personal data in the custody of companies. This focus on data rights significantly raises the compliance burden...more

A Sale, or Not a Sale? The Digital Advertising Debate

The California Consumer Privacy Act (CCPA) requires businesses who engage in “sales” of “personal information,” to offer consumers the right to opt out of such sales via a “Do Not Sell My Personal Information” link or button...more

1/9/2020 / Advertising , California Consumer Privacy Act (CCPA) , Consumer Privacy Rights , Cybersecurity , Data Collection , Data Privacy , Data Transfers , Data Use Policies , Data-Sharing , Opt-Outs , Personal Data , Personally Identifiable Information , Privacy Policy , Third-Party Liability , Vendors

Little by Little, Attorney General Becerra Sheds Light on the CCPA in 2020

Businesses are keeping an eye on Sacramento as the California Attorney General has ramped up his public statements about the future and enforcement of the California Consumer Privacy Act (CCPA). We walk through some of the...more

1/9/2020 / California Consumer Privacy Act (CCPA) , Comment Period , Consumer Privacy Rights , Cybersecurity , Data Security , Enforcement Actions , Notice of Proposed Rulemaking (NOPR) , Proposed Regulation , Public Comment , Public Hearing , Rulemaking Process , State Attorneys General

[Event] Privacy & Cybersecurity Risk Management Series: Insights on Cybersecurity and Data Privacy - June 18th, New York, NY

Information is one of your company’s most valuable assets. It is critical to remain vigilant to protect against the latest cybersecurity threats and to comply with expansive privacy obligations. Join us in New York City for...more

5/20/2019 / Attorney-Client Privilege , California Consumer Privacy Act (CCPA) , Continuing Legal Education , Cybersecurity , Data Privacy , Events , Health Care Providers , Information Management , Information Technology , Popular , Private Equity , Privileged Communication , Risk Management , Security and Privacy Controls

GDPR 6 Months After Implementation: Where are We Now?

The General Data Protection Regulation (GDPR) was the biggest story of 2018 in the field of global privacy and data protection. The GDPR became enforceable in European Union Member States on May 25, 2018, significantly...more

11/6/2018 / Cybersecurity , Data Privacy , Data Protection , EU , General Data Protection Regulation (GDPR) , International Data Transfers , Popular

Does GDPR Regulate My Research Studies in the United States?

The General Data Protection Regulation (GDPR) establishes protections for the privacy and security of personal data (Personal Data) about individuals in the European Union (EU) single market countries, and potentially affects...more

2/6/2018 / Cybersecurity , EU , EU Data Protection Laws , Extraterritoriality Rules , General Data Protection Regulation (GDPR) , Personal Data , Popular

A Short Primer on Autonomous and Connected Vehicle Regulation

This article briefly introduces the emerging regulatory framework for autonomous and connected vehicles in the US and in certain key jurisdictions around the world, with particular emphasis on regulations pertaining to...more

1/23/2018 / Australia , China , Cybersecurity , DRIVE Act , Driverless Cars , EU , France , Germany , Japan , Motor Vehicles , NHTSA , UK

The First 24 Hours: How to Prepare and Respond to a Major Cybersecurity Attack

In today’s digital age, data privacy and security incident response plans are critical. Companies need to have a well-designed cybersecurity plan to protect their systems from attacks and respond to a crisis when they are...more

5/15/2017 / Cyber Attacks , Cybersecurity , Data Privacy , Incident Response Plans , Ransomware

ECJ Confirms Dynamic IP Address May Constitute Personal Data But Can Be Logged to Combat Cyberattacks

On 19 October 2016, the European Court of Justice (ECJ) held (Case C-582/14 – Breyer v Federal Republic of Germany) that dynamic IP addresses may constitute personal data. The ECJ also held that a website operator may collect...more

11/1/2016 / Cyber Attacks , Cybersecurity , EU , EU Data Protection Laws , European Court of Justice (ECJ) , General Data Protection Regulation (GDPR) , IP Addresses , Personal Data

DOJ Guidance for Victims of Cybercrime: The Dos and Do Nots of Cyber Preparedness

On April 29, 2015, the Cybersecurity Unit in the Computer Crime and Intellectual Property Section (CCIPS) of the U.S. Department of Justice released a best practices document (Document) for victims of cyber incidents. The...more

5/6/2015 / Best Practices , Cyber Crimes , Cybersecurity , Department of Justice (DOJ)

Where Are We Now? The NIST Cybersecurity Framework One Year Later

The National Institute of Standards and Technology (NIST) released its Cybersecurity Framework (Framework) almost 15 months ago and charged critical infrastructure companies within the United States to improve their...more

5/5/2015 / Cybersecurity , Department of Energy (DOE) , FCC , NAIC , NIST , Private Sector , State and Local Government , U.S. Treasury

Cybersecurity Update: U.S. Sanctions on the Horizon for Malicious Cyber-Attackers

Executive Order 13694 is the Obama Administration’s latest tool to combat cybersecurity threats. On April 1, 2015, President Obama declared a national emergency to address the “increasing prevalence and severity of malicious...more

4/22/2015 / Barack Obama , Cybersecurity , Enforcement Authority , Executive Orders , National Security

Employers with Group Health Plans: Have You Notified State Regulators of the Breach?

Data security breaches affecting large segments of the U.S. population continue to dominate the news. Over the past few years, there has been considerable confusion among employers with group health plans regarding the...more

2/20/2015 / Breach Notification Rule , Covered Entities , Cybersecurity , Data Breach , Data Breach Plans , Data Protection , Employee Retirement Income Security Act (ERISA) , Employer Group Health Plans , Health Insurance Portability and Accountability Act (HIPAA) , Third-Party Service Provider

The White House Calls for Action Where Congress Has Failed to Deliver - An In-Depth Analysis of President Obama’s January 2015...

In This Issue: - The President’s Plan for Securing Cyberspace - The President’s Plan for Safeguarding American Consumers and Families - Conclusion - Excerpt from The President’s Plan for Securing...more

2/13/2015 / Breach Notification Rule , Cybersecurity , Data Breach , Data Protection , Obama Administration , Personal Data Notification and Protection Act

An Update on the Cybersecurity Framework and Action Items for NIST

The National Institute of Standards and Technology (NIST) recently released an update on its Framework for Improving Critical Infrastructure Cybersecurity (The Framework). The Framework was first issued in February 2014 as a...more

12/17/2014 / Cybersecurity , Cybersecurity Framework , Data Protection , NIST

Privacy and Data Protection: 2014 Year in Review

In 2014, regulators around the globe issued guidelines, legislation and penalties in an effort to enhance security and control within the ever-shifting field of privacy and data protection. The Federal Trade Commission...more

12/11/2014 / Africa , Anti-Spam Legislation , Canada , China , Cybersecurity , Data Protection , EU , EU Data Protection Laws , Federal Trade Commission (FTC) , Latin America , Legislative Agendas

Amy Pimentel

McDermott Will & Schulte

Popular Topics by This Author

Latest Posts › Cybersecurity