Data Privacy & Cybersecurity PracticeAs discussed throughout this series, the passage of the California Privacy Rights Act (CPRA) will change the privacy landscape in California and impact the compliance efforts of businesses serving California consumers. In addition to expansion of the rights promised to consumers under the California Consumer Privacy Act (CCPA), this seventh installment in our series discusses the new penalties and enforcement mechanisms for subject businesses created by passage of the CPRA on November 3, 2020.
Read more »Tag: data privacy
-
CCPA 2.0 and the Changing Privacy Landscape, Part VII: Penalties and Enforcement Mechanisms Posted on: June 02, 2021 In: Data Privacy & Cybersecurity
-
CCPA 2.0 and the Changing Privacy Landscape, Part VI: CPRA’s Impact On Service Providers, Contractors, and Third Parties Posted on: April 05, 2021 In: Data Privacy & CybersecurityAs detailed in our ongoing series, the passage of the California Privacy Rights Act (CPRA) promises to drastically change the privacy landscape in the Golden State, and affect the privacy compliance efforts of many businesses that service customers in California.
Read more »
-
ALERT: Microsoft Exchange Vulnerabilities Used to Deploy Ransomware Posted on: March 15, 2021 In: Data Privacy & CybersecurityOn March 11, 2021, Microsoft acknowledged that the recently disclosed Microsoft Exchange vulnerabilities were being used to facilitate ransomware attacks. The four vulnerabilities – known as vulnerabilities CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 – have been exploited by attackers to compromise systems beyond the Exchange server.
Read more »
-
Breach Notification Requirements Proposed for Banks Posted on: March 09, 2021 In: Data Privacy & CybersecurityOn January 12, 2021, the Office of Comptroller of the Currency, the Federal Reserve Board, the Federal Deposit Insurance Company, and the Office of Thrift Supervision published a proposed rule that would substantially enhance banking organizations’ notification obligations in response to data security incidents. It would require a banking organization to provide its primary federal regulator with prompt notification of any “computer-security incident” that rises to the level of a “notification incident.”
Read more »
-
ALERT: Zero-Day Vulnerabilities Being Exploited to Attack On-Premises Microsoft Exchange Servers Posted on: March 04, 2021 In: Data Privacy & CybersecurityOn March 2, 2021, Microsoft released a new patch to address four zero-day exploits being used to attack on-premises Microsoft Exchange Servers. The United States Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) has urged vulnerable businesses to read Microsoft’s update and apply patches to their systems as necessary.
Read more »
-
Virginia’s Consumer Data Protection Act: Not Quite The CCPA Posted on: March 02, 2021 In: Data Privacy & CybersecurityThough it seems Virginia is following California’s lead by becoming the second state with its own comprehensive data privacy legislation, Virginia’s Consumer Data Protection Act (CDPA) diverges from the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) in that it is far more business-friendly and does not have the “teeth” that the CCPA does.
Read more »
-
Canada Introduces Legislation to Revamp Federal Privacy Landscape Posted on: February 16, 2021 In: Data Privacy & CybersecurityThe Canadian House of Commons introduced draft legislation that, if enacted, would align federal Canadian privacy law with the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). The draft legislation, titled the Consumer Privacy Protection Act (CPPA), proposes significant advancements to the current legal regime governing personal data.
Read more »
-
Top Five Cybersecurity Suggestions for 2021 Posted on: February 12, 2021 In: Data Privacy & CybersecurityAs hard as it is to believe, we are already more than a month into 2021 – and our Data Privacy & Cybersecurity Team is well on its way to managing over 2,000 data security incidents this year. It serves as an important reminder that a few cybersecurity suggestions can have a big impact as we embrace the months to come. The following are our top five suggestions to enhance the security of your network, detect intruders more quickly, and reduce the scope and expense of data security events this year.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part V: New & Expanded Consumer Rights Posted on: February 08, 2021 In: Data Privacy & CybersecurityThe newly-passed California Privacy Rights Act (CPRA) includes additional and expanded consumer rights not currently existing under the California Consumer Privacy Act (CCPA). This fifth installment in our series about the changes to the CCPA brought by the CPRA focuses on consumers’ new rights of correction and access to certain personal information and revisions to certain existing consumer rights in the CCPA, including rights to know (and access), deletion, non-discrimination, and rights for minors.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part IV: Data Minimization & Retention Posted on: January 26, 2021 In: Data Privacy & CybersecurityThe fourth installment in our ongoing series about changes to the California Consumer Privacy Act (CCPA) focuses on the new data minimization and data retention requirements for subject businesses created by the passage of the California Privacy Rights Act (CPRA) on November 3, 2020. These provisions also obligate subject entities to implement business-wide internal policy changes to accommodate the possible need to change their data collection and retention policies before the CPRA is fully operative.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part II: CPRA’s Covered “Businesses” & Exemptions Posted on: December 29, 2020 In: Data Privacy & CybersecurityCalifornia voters’ approval of the California Privacy Rights Act (CPRA), a privacy ballot initiative that amends and expands the California Consumer Privacy Act (CCPA), is a significant development in the U.S. privacy world. In this second installment of our Digital Insights series on the major changes effected by the CPRA, we discuss what qualifies as a regulated "business" under the Act, and what data exemptions exist.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape: CPRA’s Definition and Treatment of “Sensitive Personal Information” Posted on: December 23, 2020 In: Data Privacy & CybersecurityOn November 3, 2020, Californians approved Proposition 24, a ballot measure creating the California Privacy Rights Act (CPRA), which amends and expands the provisions and requirements of the California Consumer Privacy Act (CCPA). In this Digital Insights series on the CPRA, we will highlight and detail some of the most substantive and important modifications the new law will impose on the CCPA, and what those changes mean to businesses subject to California’s ever-evolving privacy regime.
Read more »
Blog Search
Featured Posts
- June 11, 2021 Using Artificial Intelligence to Track Growing Remote Workforce and Related Litigation Implications
- June 07, 2021 Backup, Separate, & Secure: White House Cyber Recommendations Reach the Private Sector
- June 02, 2021 How to Protect Your Investment in Employees in a Tight Labor Market
- March 29, 2021 Complaint Itself Cannot Meet Knowledge Requirement For Indirect & Willfulness Claims, Says Delaware District Court
Blog Tags
alabama
arkansas
audit
bank secrecy act
biometric data
breach notification
california
canada
ccpa
client notification
colorado
congress
connecticut
consumer notification
consumer rights
coronavirus
covid-19
cpra
cryptocurrency
cyber insurance
cybersecurity
cyber threat
data breach
data privacy
data protection officer
data security
delaware
department of commerce
email
employment
equifax
eu
eu-u.s. privacy shield
european union
executive order
fbi
fcra
federal trade commission
fincen
fraud
ftc
gdpr
hacking
healthcare
hhsocr
hipaa
holiday season
human resources
identity theft
illinois
incident response
information security
irs
legislation
legislative alert
malware
managed service providers
maryland
massachusetts
microsoft
microsoft exchange servers
microsoft office 365
multi-factor authentication
multi-factor identification
net neutrality
new jersey
new mexico
new york
ninth circuit
nist
nist security controls
nydfs
ofac
opt out
patient information
personal data
personal information
phishing
privacy settings
protected health information
ransomware
rdp
regulations
service provider agreement
social engineering
social media
social security
soppa
statute
supreme court
tax returns
tennessee
utah
video-teleconferencing
virginia
w2
washington
websites
workplace policy
zoom