Liisa Thomas

Liisa Thomas

Sheppard Mullin Richter & Hampton LLP

Contact

Readers' Choice Awards

Data Privacy
Data Privacy
Data Privacy
Data Privacy
View Bio
RSS

Latest Posts › Data Security

Share:

European Data Protection Board’s Priorities for 2019/2020

The European Data Protection Board (EDPB) has released its priorities for 2019/2020 in its two-year “Work Program.” The EDPB is charged with issuing guidelines and opinions about GDPR, advising the European Commission about...more

3/26/2019  /  Breach Notification Rule , Cybersecurity , Data Protection , Data Security , EU , EU-US Privacy Shield , European Data Protection Board (EDPB) , General Data Protection Regulation (GDPR)

Happy First Day of Spring! Ohio Insurance Law Effective Today

Ohio recently followed South Carolina as the second state to adopt cybersecurity legislation modeled after the NAIC’s Insurance Data Security Model Law. The Ohio law, Senate Bill 273, applies to insurers authorized to do...more

3/21/2019  /  Cyber Attacks , Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Hackers , Incident Response Plans , Information Security , Insurance Industry , Insurer Liability , New Legislation , Personally Identifiable Information , Risk Assessment , State Data Breach Notification Statutes , Third-Party Service Provider

US State Breach Law Modifications Begin in 2019 with Massachusetts

Massachusetts’ breach notice law has been amended, requiring companies who suffer a data breach to provide more information to the Attorney General about the incident. The law will go into effect in a month, on April 11,...more

3/12/2019  /  Amended Legislation , Corporate Counsel , Credit Monitoring , Cyber Attacks , Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Hackers , Personally Identifiable Information , State Attorneys General , State Data Breach Notification Statutes

Cyber Concerns Lead to EU Recall of a Connected Kids Devices

Citing cybersecurity concerns with a children’s smartwatch, the European Commission recently issued a recall of the device. The Safe-KID-One is a smartwatch that gives parents the ability to track and communicate with their...more

2/14/2019  /  Children's Toys , Connected Items , Cybersecurity , Data Privacy , Data Protection , Data Security , EU , European Commission , GPS , Hackers , Internet of Things , Popular , Smart Devices , Technology Sector , Toy Recalls

Canada’s PIPEDA Consent Guidelines Now In Effect

Canada’s new guidelines for obtaining consent under PIPEDA are now in effect. Last year federal Office of the Privacy Commissioner and the Alberta and British Columbia Offices of the Information and Privacy Commissioner...more

1/25/2019  /  Canada , Consent , Cybersecurity , Data Collection , Data Protection , Data Security , New Guidance , OPC , PIPEDA , Transparency

NY AG Settles Over Mobile App Security Issues

Five companies settled with the New York Attorney General over mobile app data security issues at the end of last year. The AG alleged that the companies, Western Union, Priceline, Equifax, Spark Networks, and Credit Sesame,...more

1/24/2019  /  Cybersecurity , Data Protection , Data Security , Federal Trade Commission (FTC) , Mobile Apps , Personal Data , Popular , Regulatory Standards

South Carolina’s Insurance Breach Notice Requirements Now In Effect

South Carolina now has specific breach and security requirements for insurance companies. The law applies to those licensed under the state’s insurance laws and went into effect January 1. Under the law, companies must tell...more

1/23/2019  /  Cybersecurity , Data Breach , Data Breach Plans , Data Privacy , Data Protection , Data Security , Insurance Industry , New Legislation , Notice Requirements , Risk Management , State Data Breach Notification Statutes

A Look Back at 2018 Privacy Shield Enforcement

Over the course of 2018, the FTC brought several actions against US companies for violations of the Privacy Shield program. The program, which as we have reported on previously gives participating US companies a mechanism to...more

1/15/2019  /  Data Privacy , Data Protection , Data Security , Departments of Commerce , Enforcement , EU , EU-US Privacy Shield , Federal Trade Commission (FTC) , International Data Transfers , Personal Data , Personally Identifiable Information , Privacy Certification , Privacy Policy

2019 is the Year of . . . CCPA?

Everyone who has been paying attention to privacy news knows that January 1, 2020 is the implementation date of the California Consumer Protection Act, and July 1, 2020 is the current deadline for enforcement to begin. July...more

1/9/2019  /  Consumer Protection Act , Data Collection , Data Privacy , Data Processors , Data Protection , Data Security , Data Use Policies

US Breach Laws Are Coming: Vermont

On January 1, 2019 Vermont’s breach notice law will include obligations specific to data brokers. A “data broker” is defined as a business that “knowingly collects and sells or licenses to third parties the brokered personal...more

12/24/2018  /  Cybersecurity , Data Breach , Data Brokers , Data Collection , Data Protection , Data Security , Disclosure Requirements , Encryption , Good Faith , New Legislation , Notice Requirements , Opt-Outs , Personal Data , Personally Identifiable Information , Registration Requirement , State Data Breach Notification Statutes

US Breach Laws Are Coming: South Carolina

In another change to US state breach notice laws in 2019, South Carolina will have new breach notice requirements for insurance companies. The requirements follow the National Association of Insurance Commissioners’ Insurance...more

12/20/2018  /  Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Incident Response Plans , Insurance Industry , National Association of Insurance Commissioners , New Legislation , Notification Requirements , Risk Assessment , State Data Breach Notification Statutes

UK Regulator Issues Guidance About Encryption Under GDPR

The UK Information Commissioner’s Office recently released helpful encryption guidance. Although released to address the GDPR security requirements, this document may be helpful more broadly because of the detail around...more

12/14/2018  /  Cybersecurity , Data Privacy , Data Protection , Data Security , Encryption , General Data Protection Regulation (GDPR) , Information Commissioner's Office (ICO) , New Guidance , Popular , UK

US Breach Laws Are Coming: Iowa

As we approach 2019, companies will want to keep in mind the changes that are coming to various US states’ breach notice laws. On January 1, 2019 Iowa’s law, which has already been amended twice since it was passed in 2008,...more

12/13/2018  /  Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Encryption , Exemptions , Health Insurance Portability and Accountability Act (HIPAA) , Notification Requirements , State Attorneys General , State Data Breach Notification Statutes

FTC Cyber Guidance for Small Business has Tips Helpful to All

The Federal Trade Commission recently issued a cyber guide that, while intended for small businesses, can be of help for all businesses. The purpose of the guide, which includes various modules, is to help smaller businesses...more

11/13/2018  /  Cyber Insurance , Cyber Threats , Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Federal Trade Commission (FTC) , New Guidance , Phishing Scams , Popular , Risk Mitigation , Small Business , Vendor Contacts

Ohio Gives Breach Safe Harbor for Companies with Written Data Security Program

Effective November 2, 2018, companies that suffer a breach may have certain defenses in Ohio if they have a written cybersecurity program in place. Under this new law, companies can use as an affirmative defense the existence...more

10/30/2018  /  Affirmative Defenses , Confidential Information , Cyber Threats , Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Gramm-Leach-Blilely Act , Health Insurance Portability and Accountability Act (HIPAA) , New Legislation , NIST , Policies and Procedures , Popular , Safe Harbors , Security Controls , State Data Breach Notification Statutes

DealerBuilt Settles with New Jersey Over Data Breach

The New Jersey attorney general recently announced its settlement with software company LightYear Dealer Technologies, LLC- doing business as DealerBuilt- over a 2016 data breach. The company provides its clients, car...more

10/30/2018  /  Car Dealerships , Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Personally Identifiable Information , Settlement , Software

SEC Issues $1 Million Identity Theft Rule Fine

The Securities and Exchange Commission recently settled with Voya Financial Advisors, Inc. for alleged violation of Regulation S-ID (otherwise known as the Identity Theft Red Flags Rule) and Regulation S-P (otherwise known as...more

10/23/2018  /  Bad Actors , Broker-Dealer , Customer Information , Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Enforcement Actions , Fines , Identity Theft , Identity Theft Prevention Program , Identity Theft Red Flags Rule , Investment Adviser , Passwords , Personally Identifiable Information , Policies and Procedures , Regulation S-ID , Regulation S-P , Safeguards Rule , Securities and Exchange Commission (SEC)
117 Results
 / 
View per page
« Previous
Page: of 5

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide