Several states have clarified or tightened their data breach notification statutes since we last updated the Mintz Matrix at the beginning of the year. Please click here for the latest edition of the Mintz Matrix, which is a...more
The California Privacy Protection Agency (CPPA) has released its agenda for the September 8 board meeting, which includes (among other topics) presentation of a draft Cybersecurity Audit Regulation and a draft Risk Assessment...more
8/30/2023
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Selling ,
New Regulations ,
Personal Information ,
Privacy Laws ,
Risk Assessment ,
Rulemaking Process
In a narrow 3-2 decision on July 26, the SEC adopted its final rule concerning cybersecurity risk management, strategy, governance, and incident disclosure (the “Final Rule”). Below we highlight some of the principal changes...more
8/2/2023
/ Compliance ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 8-K ,
Incident Response Plans ,
Information Governance ,
National Security ,
Policies and Procedures ,
Public Safety ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
Texas has joined the growing list of states enacting comprehensive consumer data privacy laws. On June 18, 2023, Governor Abbott (R) signed H.B.4, otherwise known as the Texas Data Privacy and Security Act (“TDPSA”). The...more
Does your business collect or use fingerprints? Do your building access points use retina, finger, or palm scans? Does your security office use facial recognition technology to identify repeated trespassers? Do your phone...more
7/7/2023
/ Appeals ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Consent ,
Data Collection ,
Data Privacy ,
Data Security ,
Deceptive Intent ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Fingerprints ,
FTC Act ,
Personal Data ,
Personally Identifiable Information
Judge James Arguelles has sided with California businesses in holding that the California Privacy Protection Agency (CPPA) cannot start enforcement of regulations promulgated under the California Privacy Rights Act (CPRA) for...more
Florida has joined the growing list of states enacting comprehensive privacy laws. Governor Ron DeSantis (R) signed the Florida Digital Bill of Rights (“FDBR”) into law on June 6th. How does it compare?...more
6/12/2023
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Corporate Counsel ,
Data Privacy ,
FERPA ,
Financial Institutions ,
Fines ,
Florida ,
Governor DeSantis ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Penalties ,
Personal Data ,
Privacy Laws ,
Private Right of Action ,
Search Engines
Blaming a "data retention glitch," Microsoft has agreed to pay the Federal Trade Commission $20 million to settle allegations that the company's Xbox gaming system has illegally collected personal information from children...more
6/8/2023
/ COPPA ,
Corporate Counsel ,
Data Collection ,
Data Retention ,
Federal Trade Commission (FTC) ,
Microsoft ,
Minors ,
Personal Information ,
Regulatory Violations ,
Settlement ,
Xbox
Our May Madness series is getting you caught up on comprehensive privacy legislation passing state legislatures across the nation. In April, governors signed legislation in Tennessee and Indiana, and this month ahead of...more
I hear this frequently: "We've moved everything to the cloud, so our security is good." Maybe yes, maybe no. Cloud applications operate on a "shared responsibility" model, which means that the cloud provider will have a...more
The Volunteer State became the eighth state to enact a comprehensive data privacy law after Gov. Bill Lee (R) signed the Tennessee Information Protection Act (“TIPA”) into law yesterday, May 11.
Tennessee joins a growing...more
5/12/2023
/ California Consumer Privacy Act (CCPA) ,
Controlled Substances Act ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Fair Credit Reporting Act (FCRA) ,
Farm Credit Administration ,
Fines ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
Nonprofits ,
Opt-Outs ,
Penalties ,
Personal Information ,
Private Right of Action ,
State Privacy Laws ,
Tennessee
Indiana's New Law is on the Books -
Last month, three more state legislatures passed comprehensive data privacy laws. Just this week, Indiana’s governor signed one of them - the Indiana Consumer Data Privacy Act (“ICDPA’) -...more
5/4/2023
/ Cybersecurity ,
Data Privacy ,
Fair Credit Reporting Act (FCRA) ,
Fines ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Nonprofits ,
Penalties ,
Personal Data ,
Personal Information ,
Private Right of Action ,
Public Utility ,
State Privacy Laws
Just ahead of the expected April release of the final SEC cybersecurity regulations, the SEC has fined Blackbaud, a donor data management platform used widely by nonprofits, $3 million dollars for "misleading disclosures" in...more
The FBI and the Cybersecurity & Infrastructure Security Agency have been warning the healthcare sector for years about vulnerabilities and ransomware gangs targeting those vulnerabilities. With millions of records -- and...more
Issuing California Consumer Privacy Act (CCPA) warning letters is becoming an annual Data Privacy Day observance for California Attorney General Rob Banta. This year, the letters went to owners and operations of mobile...more
A ransomware gang that has been targeting hospitals and other health care providers has been at least temporarily dismantled by the FBI. Attorney General Merrick Garland and other U.S. officials announced that the FBI's...more
Public companies initiating the year-end reporting process will need to consider, and in many cases take steps to address, a number of significant developments and issues. To assist companies in this process, Mintz has...more
12/9/2022
/ Annual Meeting ,
Breach of Duty ,
Clawbacks ,
Climate Change ,
Corporate Governance ,
Cybersecurity ,
Data Protection ,
Disclosure Requirements ,
Diversity and Inclusion Standards (D&I) ,
Filing Deadlines ,
Insider Trading ,
Privacy Laws ,
Proxy Advisors ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
Shareholders ,
Stock Markets ,
Supply Chain ,
Ukraine
The Federal Trade Commission (“FTC”) announced on Monday that it is settling a case against Drizly and its CEO stemming from a 2020 data breach that impacted roughly 2.5 million consumers. The proposed order not only...more
10/31/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Hackers ,
Identity Theft ,
Personal Data ,
Popular ,
Securities and Exchange Commission (SEC) ,
Settlement
The so-called “HR exemption” taking employee and applicant personal information out of the control of the California Consumer Privacy Act (CCPA) is about to come to an end. Employers who are “businesses” for purposes of the...more
10/18/2022
/ Anti-Retaliation Provisions ,
Audits ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Data Collection ,
Data Mapping ,
Data Retention ,
Exemptions ,
Opt-Outs ,
Personal Information ,
Policies and Procedures ,
Privacy Notice Rule ,
Right to Delete ,
Right To Know ,
Sensitive Personal Information
If you’ve relied on the temporary “exemption” for employee/applicant and business-to-business (B2B) personal information under the California Consumer Privacy Act (CCPA), those exemptions will expire on January 1, 2023. The...more
California is leading the way on privacy regulation --- again. The California State Assembly has passed AB 2273, which, if approved by the California Governor, would require businesses that provide online services,...more
California Attorney General Rob Bonta has announced a major settlement under the California Consumer Privacy Act (CCPA), and it will cost Sephora, Inc. a whopping $1.2 million in penalties. According to the release from...more
In the spring of 2018 and in the wake of the Facebook-Cambridge Analytica data scandal, tech CEOs Tim Cook of Apple and Mark Zuckerberg of Meta (fka “Facebook”) initiated a contentious and public debate over the ethics of...more
The new California privacy regulatory body, the California Privacy Protection Agency (CPPA), has loudly voiced its opposition to the proposed federal American Data Privacy and Protection Act (ADPPA). The bottom line for...more
State laws that restrict or criminalize abortions will require significant amounts of health information to enforce, putting new pressure on health care providers caught in the middle of competing obligations to their...more