Health care remains one of the most targeted and vulnerable sectors when it comes to cyberattacks. In fact, a recent breach at a major health care analytics firm exposed the data of 5.4 million U.S. patients, making it one of...more
7/28/2025
/ Best Practices ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Incident Response Plans ,
Internet of Things ,
Phishing Scams ,
Popular ,
Risk Management
New York ‘s Child Data Protection Act, available here, took effect on June 20. This is a landmark piece of legislation designed to enhance the online privacy and safety of minors. As concerns over children’s digital...more
7/14/2025
/ Algorithms ,
CDPA ,
Compliance ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Data Sellers ,
Minors ,
New York ,
Online Safety for Children ,
Personal Data ,
Privacy Laws ,
State Privacy Laws
As cyberattacks and cybercriminals are becoming increasingly sophisticated, safeguarding employee benefit plans, including health and welfare plans, is crucial. The Employee Benefits Security Administration of the U.S....more
Chile has amended its data privacy law granting significant rights to data subjects, and imposing stricter obligations on data controllers and processors. Published in the Official Gazette (Diario Oficial) on December 13,...more
3/17/2025
/ Chile ,
Compliance ,
Data Breach ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements
On December 24, New York Gov. Kathy Hochul (D) signed into law an amendment to section 899-aa of the N.Y. General Business Law, also known as The Shield Act, modifying the law’s data breach notification requirements....more
A Written Information Security Plan, or “WISP,” is essential for any organization that handles sensitive personal information. Here’s a quick breakdown of who needs a WISP and why, as well as a checklist to develop one:...more
1/6/2025
/ Compliance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Documentation ,
Incident Response Plans ,
Personally Identifiable Information ,
Risk Assessment ,
Risk Management ,
WISP
The Commonwealth of Pennsylvania has amended its Breach of Personal Information Notification Act. The amendments, available here 2024 Act 33 - PA General Assembly (state.pa.us), took effect last week, on September 26. The key...more
On April 24, the Federal Trade Commission announced that it had finalized changes to its Health Breach Notification Rule - to address emerging technologies. Specifically, the Rule was broadened to (1) apply to entities not...more
Effective May 24, 2024, the Office of the Privacy Commissioner of Canada (OPC) has introduced a new online PIPEDA breach reporting form for federal institutions and businesses subject to the Personal Information Protection...more
On May 22, 2022, Minnesota Gov. Tim Walz (D) signed the Student Data Privacy Act (the “Act”), H.F. No. 2353, into law which amends Minnesota’s Government Data Practices Act. The Act went into effect beginning with the...more
On March 2, the Biden Administration released a “National Cybersecurity Strategy,” which it says takes a comprehensive approach to securing cyberspace for all and ensuring the United States is in the best position to take...more
Recent amendments to Pennsylvania’s data breach law -- the Breach of Personal Information Notification Act – will take effect May 3. The amendments were enacted in November.
Originally enacted in 2006, the Act provides for...more