In yet another example of the importance of a robust cybersecurity and data protection system, New York Attorney General (OAG) and the New York State Department of Financial Services (DFS) collectively fined the insurance...more
In a settlement with Marriott International and its subsidiary Starwood hotels and Resorts Worldwide, the FTC will require Marriott to implement a new comprehensive data security program. The settlement stems from a series of...more
As the manufacturing industry increasingly relies on advanced technology such as the industrial internet of things, automation and big data, manufacturers are particularly susceptible to cyberattacks. Manufacturing operations...more
In March 2020, the Cybersecurity Mandate within New York’s Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) went into effect. In its entirety, the SHIELD Act expanded breach notification obligations for...more
On Dec. 20, 2023, the Federal Trade Commission (FTC) published a Notice of Proposed Rulemaking (NPRM) to the Children’s Online Privacy Protection Act (COPPA). COPPA was enacted in 1998 and went into effect in 2000. Under...more
On Nov. 27, 2023, Nashville-based healthcare corporation Ardent Health Services (Ardent) announced that a ransomware attack impacted 30 of its hospitals and forced the shutdown of several emergency rooms in at least three...more
On Jan. 10, 2023, the Federal Trade Commission (FTC) finalized its order against online alcohol marketplace, Drizly, and its CEO, James Cory Rellas for failing to implement security safeguards that led to a data breach in...more
On Sept. 11, 2023, Delaware became the next state to enact a comprehensive consumer data privacy law as Gov. John Carney signed the Delaware Personal Data Privacy Act (DPDPA) which will go into effect on Jan. 1, 2025. The...more
On July 10, 2023, the European Commission adopted its adequacy decision on data transfers for the EU-U.S. (European Union/United States) Data Privacy Framework (DPF). The adequacy decision concluded that the United States...more
7/25/2023
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On June 5, 2023, the Nevada Legislature passed an amended version of Senate Bill 370 (SB 370 or the Act), which imposes new requirements on the collection, use and sale of consumer health data. The bill was signed on June 22,...more
On Dec. 19, 2022, Epic Games, the developer of popular video game Fortnite, agreed to pay more than $520 million to settle Federal Trade Commission (FTC) claims that alleged a violation of the Children’s Online Privacy...more
On Jan. 1, 2023, both the California Privacy Rights Act (CPRA) and Virginia Consumer Data Privacy Act (VCDPA) come into effect, introducing new and updated data privacy and security obligations to covered entities. As these...more
New York’s Cybersecurity mandate under the New York SHIELD Act became effective on March 22, 2020. This unfortunate timing, considering its alignment with the beginning of COVID-19 shutdowns, created an almost unspoken...more
Zoetop, the parent company behind online fashion retailers SHEIN and ROMWE, has been fined $1.9 million by New York State after it failed to properly inform customers of a data breach that affected millions of users. A...more
New York's SHIELD Act, which became effective on March 21, 2020, requires persons and organizations that own or license electronic data that includes New York resident’s private information to maintain reasonable...more
The cybersecurity and data privacy legal landscape continues its rapid evolution. Below is an outline of some of the most significant developments in the last quarter.
Federal Legislation:
In June, a bipartisan...more
How do you get ahead of a ransomware attack in the healthcare delivery environment? By acting, now. A quick way to organize? Look at the 405(d) group’s work, including its recently released ransomware infographic....more
On Aug. 20, 2021, the Standing Committee of China’s National’s People’s Congress, the top legislative body of the People’s Republic of China, adopted a national privacy law. The extensive law, named the Personal Information...more
The decision of the Court of Justice of the European Union (CJEU), in Schrems II, invalidating the EU-U.S. Privacy Shield has engendered significant uncertainty regarding data transfers from the EU to the United States. In...more
After years of United States organizations—large and small—investing in and relying on the EU-U.S. Privacy Shield as the foundation for permissible data transfer between the EU and the U.S., with the stroke of a pen, or...more
The ink is still wet, and the dust has hardly settled after the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. Yet starting in February, two class actions were filed by California residents...more
Taking effect March 21, 2020, the New York Stop Hacks and Improve Electronic Date Security Act (SHIELD Act), imposes several potentially onerous compliance requirements on businesses operating in (and even some outside of)...more
On the last day of its 2019 session, the California legislature passed six bills that amend and clarify key provisions of the California Consumer Privacy Act (the “CCPA”), the state’s landmark 2018 data privacy law. The CCPA,...more
12/5/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Governor Newsom ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Private Right of Action ,
Right to Delete
As you likely already know, on July 25, 2019, Governor Cuomo signed into law the New York Stop Hacks and Improve Electronic Data Security Act (“SHIELD” or “the Act”). Imbedded in the dense text of the Act are upcoming...more