The new Colorado Privacy Act (CPA) will take effect on July 1, 2023, requiring companies that operate within the state to comply with heightened privacy requirements. Colorado joins several other states with comprehensive...more
The California Consumer Privacy Act (CCPA) took effect on January 1, 2020, providing rights and protections to California consumers regarding their personal information and how it may be processed by certain businesses....more
The surge in new health apps and connected devices, which only increased during the pandemic, continues to raise many legal and ethical questions. As a result, lawmakers have been scrambling to define the obligations...more
10/13/2021
/ Breach Notification Rule ,
Connected Items ,
Data Breach ,
Data Collection ,
Data Protection ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Federal Trade Commission (FTC) ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Devices ,
Mobile Apps ,
Patient Privacy Rights ,
Personally Identifiable Information ,
Policy Statement ,
Popular ,
Regulatory Requirements
Since the implementation of the EU’s General Data Protection Regulation (GDPR), the European Commission’s (EC) approved Standard Contractual Clauses (SCC) have been vital to the transfer of personal data to third countries...more
If the past two years of ramping up compliance for the California Consumer Privacy Act (CCPA) wasn't fun enough, businesses have new compliance challenges ahead in the next couple of years. This past November, California...more
1/22/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Popular
In a decision issued on July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-U.S. Privacy Shield Framework, one of the primary tools used by companies in the European Union (EU) to transfer...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
In mid-March, California Attorney General Xavier Becerra released the third set of California Consumer Privacy Act (CCPA) draft regulations. Around the same time, a number of business and trade organizations pleaded with the...more
4/6/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Management ,
Data Privacy ,
Data Protection ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
Businesses subject to the California Consumer Privacy Act (CCPA) have found themselves in an odd position with respect to their compliance efforts. The CCPA was effective on January 1, 2020 but enforcement will not begin...more
2/13/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Risk Management ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
On January 16, 2020, the National Institute of Standards and Technology (NIST) issued its NIST Privacy Framework Version 1.0 (Privacy Framework). The Privacy Framework follows the same type of structure as the NIST Framework...more
1/24/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Cybersecurity Framework ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Privacy ,
Data Protection ,
Data Security ,
Framework Agreement ,
General Data Protection Regulation (GDPR) ,
NIST ,
Personal Data ,
Popular ,
Privacy Act of 1974 ,
Risk Management
Banks and other financial institutions rely on a relatively small number of core service providers to process customer personal and financial information. The National Association of Federally-Insured Credit Unions (NAFCU)...more
8/31/2018
/ Banking Sector ,
Data Breach ,
Data Protection ,
Digital Service Providers ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Interagency Guidance ,
Internet ,
Notification Requirements ,
Personal Data ,
State Data Breach Notification Statutes ,
Third-Party Service Provider ,
Vulnerability Assessments ,
Websites
On June 28, 2018, California enacted the California Consumer Privacy Act of 2018 (CCPA), which provides what is arguably the most restrictive privacy law in the U.S. and would likely have some effect on most businesses across...more
7/3/2018
/ Biometric Information ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
State and Local Government
Companies that routinely collect or process data of European Union residents have likely spent the past couple of years preparing for May 25, 2018. ...more
As children's activities on the Internet have expanded, many states and the federal government have enacted legislation to regulate such activities and other "smart" children’s products—products that collect, transmit or...more