On July 7, Colorado joined California and Virginia as the third state to pass comprehensive consumer privacy legislation. All three states have new privacy laws with effective dates in 2023 (though California’s Privacy Rights...more
The New York State Department of Financial Services (DFS) is continuing its focus on financial institutions’ cybersecurity, issuing new guidance, probing cybersecurity as part of routine examinations, and signaling increased...more
On June 2, 2021, President Biden issued a memorandum providing "recommended best practices" for protecting against ransomware. The memorandum urged corporate executives and business leaders to...more
It’s a hot spring for state privacy legislation. Privacy bills are pending in roughly 20 states, and while Gramm-Leach-Bliley Act (GLBA) exemptions may act as a cool breeze in some, issues remain...more
Florida recently joined a small but growing number of states considering sweeping reforms to their data privacy and protection laws. House bill 969, titled “Consumer Data Privacy,” in many ways mirrors the California Consumer...more
The California Consumer Privacy Act (CCPA) took effect on January 1, 2020, and brought with it a panoply of new legal obligations for many companies doing business with California residents. ...more
6/19/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Office of Administrative Law ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government
There has been no lack of new guidance regarding health care cybersecurity in recent weeks. But the American Medical Association’s (AMA) newly released “Privacy Principles” is unique in its aim at entities involved in health...more
After a brief hiatus due to COVID-19, the NAIC’s Privacy Working Group returned to work on May 5 discussing comments received on the working group’s markup of the NAIC Insurance Information and Privacy Protection Model Act...more
As we’ve previously reported, COVID-19 has caused a surge in telehealth and has temporarily reduced the HIPAA Security Rule requirements placed on telehealth service providers. ...more
Last week, the American Medical Association (AMA) and the American Hospital Association (AHA), recognizing the increased cybersecurity threats facing health care providers, issued joint guidance for physicians working from...more
4/23/2020
/ Coronavirus/COVID-19 ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Health Care Providers ,
Information Governance ,
PHI ,
Phishing Scams ,
Popular ,
Risk Management ,
Vulnerability Assessments
The level of attention that the SEC’s Office of Compliance Inspections and Examinations has been giving to cybersecurity issues can hardly be overstated. ...more
Recognizing that the NAIC’s model consumer data privacy laws have not been revised since 2017, the NAIC Privacy Protections Working Group (Privacy WG) is dusting off the NAIC Insurance Information and Privacy Protection Model...more
COVID-19 spurred an overnight surge in demand for work-from-home vendors. These include companies offering audio and videoconferencing services, cloud services, e-commerce platforms, and virtual desktop infrastructure, to...more
4/5/2020
/ California Consumer Privacy Act (CCPA) ,
Contract Peformance ,
Corporate Counsel ,
Cybersecurity ,
Data Management ,
Data Security ,
Force Majeure Clause ,
General Data Protection Regulation (GDPR) ,
Privacy Policy ,
Telecommuting ,
Vendor Contacts
For many people and organizations, COVID-19 caused a rapid transition to remote learning and working; for hackers and other bad actors, it has created new opportunities. Whether by virtue of a remote and distracted workforce,...more
It starts inconspicuously enough with an email. You’re busy, so without thinking, you quickly open it and view the attachment. You may have just compromised the security of your entire company and the privacy of every...more
2/5/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Employee Training ,
Hackers ,
Personally Identifiable Information ,
Ransomware ,
Risk Management
Florida lawmakers have proposed data privacy legislation that, if adopted, would impose significant new obligations on companies offering a website or online service to Florida residents, including allowing consumers to “opt...more
1/15/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Governance ,
Legislative Agendas ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Privacy Policy ,
Proposed Legislation ,
Proposed Regulation ,
Regulatory Agenda ,
Risk Management ,
Rulemaking Process ,
State and Local Government ,
Websites