The Privacy Insider Podcast Episode 11: Signal and Noise: The New Administration, Privacy, and Our Digital Rights with Cindy Cohn of Electronic Frontier Foundation
Digital Planning Podcast - Interview With Leeza Garber
Compliance into the Weeds-Episode 39, Disclosure of Ransomware Attacks
Your Cyber Minute: Compliance with the Proposed NYDFS Cybersecurity Regulation
Safeguards against Data Security Breaches (Part One)
While corporate leaders often view cybersecurity as a technical challenge, contributing author Phil Favro illustrates the legal and organizational dimensions of cybersecurity in this recent article. Favro emphasizes that...more
On March 9, 2022, the Securities and Exchange Commission (“SEC”) announced Proposed Rules on cybersecurity risk management, strategy, governance, and incident disclosure (“Proposed Rules”) to address concerns of increasing...more
The Colonial Pipeline ransomware attack was the largest in the energy sector to date, and with cybercrimes up 100% from 2019 to 2020 this is only the beginning for 2021. Many organizations are taking on a digital...more
In McMorris v. Carlos Lopez & Associates, LLC, a data breach case, the Second Circuit held that plaintiffs may demonstrate standing based on a theory of “increased risk” of future identity theft or fraud following an...more
On July 27, 2020, the U.S. Department of Health and Human Services (HHS) announced that it reached a settlement with a Rhode Island nonprofit health system related to the theft of an unencrypted laptop containing its...more
The current COVID-19 pandemic has forced many businesses online in order to survive. In many cases, businesses had no plans to be online. Others were forced to move online more quickly than planned. In order to assist these...more
SDNY Rejects Standing under “Increased Risk” Theory Where Data Not Targeted or Stolen - The Southern District of New York rejected a settlement that would have resolved a class action based on the unauthorized (and...more
October is National Cybersecurity Awareness Month (NCAM). NCAM serves as a timely reminder to continue to assess and improve organizational cybersecurity. In honor of NCAM, here are five fundamental steps that every...more
James Grago has a nice business going. He runs a website called ClixSense.com that permits users to earn money by completing surveys and watching advertisements. Revenues grew from $6.7 million in 2015 to $9.1 million in...more
Alright. So, you’ve battened down the hatches of your company’s premises, to protect your employees and your information. Employees are required to create secret computer passwords they’re not to share with anyone, even...more
In a set of recent settlements, the Federal Trade Commission (the FTC or Commission) resolved charges against two companies, ClixSense and D-Link, for failing to provide reasonable security and to live up to their data...more
The Federal Trade Commission (FTC) recently released updated data security guidance in connection with a proposed settlement with LightYear Dealer Technologies, LLC (dba DealerBuilt), a service provider for the auto dealer...more
In early June, the Cyberspace Administration of China released for public comment new draft regulations applicable to the collection of personal information relating to children under 14 by online service providers. The...more
California’s San Diego Unified School District recently disclosed that it had sustained a data breach when multiple phishing emails from malicious hackers were used to gather login information of staff members throughout the...more
Going Deep on the California Consumer Privacy Act - The California Consumer Privacy Act (CCPA) has been called the beginning of America’s GDPR. As the most comprehensive privacy law in the United States, entities doing...more
On January 1, 2019 Vermont’s breach notice law will include obligations specific to data brokers. A “data broker” is defined as a business that “knowingly collects and sells or licenses to third parties the brokered personal...more
In the first fine issued by a German data protection authority under the European General Data Protection Regulation (“GDPR”), on 21 November 2018 the authority of the German state of Baden-Württemberg (“LfDI”) imposed a fine...more
All U.S states have laws about data security and what to do when there’s a data breach. Here is what’s in the Arizona law. Who The Law Applies To. The law applies to anyone who conducts business in Arizona and who owns or...more
• California recently passed the landmark California Consumer Privacy Act that goes into effect in 2020, which grants California residents new privacy rights. • The CCPA creates a private right of action for California...more
On Thursday, June 28, 2018, the California Consumer Privacy Act of 2018 (the Act) passed with resounding support from both Republicans and Democrats, who voted in favor of the bill 73-0-7 in the Assembly and 38-0-3 in the...more
The California Consumer Privacy Act of 2018 (“CCPA”) offers a new, very broad framework for data protection with increased obligations for businesses, and its reach is far and wide. It was passed in a whirlwind seven days. On...more
Due to some last-minute bargaining between state lawmakers and proponents of a controversial data privacy initiative, California businesses will soon need to prepare to comply with a new state measure designed to protect...more
Continuing a trend in the last few years, in 2017, eight states amended their security breach notification laws to expand definitions of “personal information”, specify the timeframe in which notification must be provided,...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more
Are you doing business in Tennessee? Do you have computerized personal information about anyone in Tennessee (including employees, clients, or customers)? Are you encrypting that data in accordance with the current version of...more