Employee security awareness training is a best practice and a “reasonable safeguard” for protecting the privacy and security of an organization’s sensitive data. The list of data privacy and cybersecurity laws mandating...more
2/19/2025
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Employee Training ,
EU ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Privacy Laws ,
Wage and Hour ,
WISP
Cross Border Transfers of Data.
UK Data Transfers. The UK government has published a U.S. “adequacy decision” which permits U.S. organizations that have certified to the EU-US Data Privacy Framework (DPF) and UK Extension...more
11/6/2023
/ California Consumer Privacy Act (CCPA) ,
Canada ,
Cross-Border ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Protection ,
EU ,
Federal Trade Commission (FTC) ,
Form 10-K ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
Personal Information Protection Law (PIPL) ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws ,
UK
As Cybersecurity Awareness Month wraps up, it’s worth mentioning that employee security awareness training is an ongoing process. Employee error remains a significant contributing factor in data breaches. According to the...more
There are numerous cybersecurity regulations and requirements for businesses to worry about but they may not be considering their cybersecurity regulations under privacy statutes. California was at the forefront of privacy...more
This year, Indiana joined several other states to pass a comprehensive consumer privacy law, that becomes operative on January 1, 2026. Like other consumer privacy laws, Indiana’s law requires businesses to establish...more
June 9th marked the deadline for financial institutions, including certain non-banking institutions that collect or maintain sensitive customer information (e.g., car dealerships), to implement a comprehensive information...more
6/15/2023
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Breach Notification Rule ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Protection ,
Employee Training ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
International Data Transfers ,
Personal Information ,
Solicitation
While the California Privacy Protection Agency (CPPA) only recently approved revised amended regulations pertaining to the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), it is already on...more
To celebrate Data Privacy Day, we present our top ten data privacy and cybersecurity predictions for 2023.
1. Healthcare and Medical Data Security and Tracking-
The healthcare industry has been facing increased scrutiny...more
1/27/2023
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Employee Monitoring ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Popular ,
State Privacy Laws
Healthcare companies continue to face increased risks of ransomware attacks on their operations. According to the recently released BD Cybersecurity Annual Report for 2021, such attacks are also increasingly sophisticated....more
2/16/2022
/ Breach Notification Rule ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
FBI ,
Healthcare Facilities ,
Incident Response Plans ,
Popular ,
Ransomware ,
Risk Assessment ,
Risk Management ,
U.S. Treasury
The SolarWinds hack highlights the critical need for organizations of all sizes to include cyber supply chain risk management as part of their information security program. It is also a reminder that privacy and security...more
5/7/2021
/ CDPA ,
Contact Tracing ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Breach ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
Risk Management ,
SolarWinds ,
Third-Party ,
Vendors
For the past several years, thousands of businesses have been hit with phishing scams during tax season. Through these social engineering scams, hackers obtain employee Forms W-2 for filing fraudulent tax returns seeking...more
In honor of Data Privacy Day, we provide the following “Top 10 for 2021.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2021...more
1/28/2021
/ Americans with Disabilities Act (ADA) ,
Artificial Intelligence ,
ATDS ,
Biometric Information ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet of Things ,
OCR ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
TCPA
Over the past few months, businesses across the country have been focused on the California Consumer Privacy Act (CCPA) which dramatically expands privacy rights for California residents and provides a strong incentive for...more
Several weeks ago, we published a CCPA FAQS on Cookies, which provides a high-level look at how the impending CCPA may apply to website cookies. The CCPA’s definition of personal information is expansive, and in preparation...more
The California Consumer Privacy Act takes effect January 1, 2020. Businesses within the scope of the CCPA are taking steps to prepare, including drafting notices to inform California consumers of their right to opt out of the...more
The California Consumer Privacy Act is almost here! The groundbreaking law takes effect January 1, 2020. Covered businesses and their service providers have already started preparing, as the CCPA continues to evolve since it...more
9/17/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Governor Newsom ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Private Right of Action ,
Right to Delete
The California Consumer Privacy Act (CCPA), considered the most expansive U.S. privacy laws to date, is set to take effect January 1, 2020. In short, the CCPA places limitations on the collection and sale of a consumer’s...more
8/14/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Popular ,
Privacy Laws ,
Private Right of Action
New York has enacted the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) to amend the state’s data breach notification law to impose more expansive data security and data breach notification requirements on...more
On Thursday, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), sponsored by Senator Kevin Thomas and Assemblymember Michael DenDekker. The SHIELD Act, which...more
The GDPR is wrapping up its first year and moving full steam ahead. This principles-based regulation has had a global impact on organizations as well as individuals. While there continue to be many questions about its...more
As wearable and analytics technology continues to explode, professional sports leagues, such as the NFL, have aggressively pushed into this field. (See Bloomberg). NFL teams insert tiny chips into players shoulder pads to...more
New Jersey has joined a growing list of states considering legislation on data privacy to promote transparency, accountability, and individual choice. One bill would create new obligations for commercial entities whose online...more
In honor of Data Privacy Day (Data Protection Day in Europe), the European Commission (“the Commission”) released a statement on the status of the EU’s General Data Protection Regulation (“GDPR”) which took effect on May 25,...more
Data privacy and security regulation is growing rapidly around the world, including in the United States. In addition to strengthening the requirements to secure personal data, individuals are being given an increasing array...more
1/29/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Notice Requirements ,
Opt-Outs ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Right to Delete
On September 23, 2018, Governor Jerry Brown signed into law SB-1121 amending certain provisions of the California Consumer Privacy Act of 2018 (CCPA) which was enacted in June of this year. As we reported previously, CCPA...more