As discussed throughout this series, the passage of the California Privacy Rights Act (CPRA) will change the privacy landscape in California and impact the compliance efforts of businesses serving California consumers. In addition to expansion of the rights promised to consumers under the California Consumer Privacy Act (CCPA), this seventh installment in our series discusses the new penalties and enforcement mechanisms for subject businesses created by passage of the CPRA on November 3, 2020.
Read more »Tag: data privacy
-
CCPA 2.0 and the Changing Privacy Landscape, Part VII: Penalties and Enforcement Mechanisms Posted on: June 02, 2021 In: Data Privacy & Cybersecurity
-
CCPA 2.0 and the Changing Privacy Landscape, Part VI: CPRA’s Impact On Service Providers, Contractors, and Third Parties Posted on: April 05, 2021 In: Data Privacy & Cybersecurity
As detailed in our ongoing series, the passage of the California Privacy Rights Act (CPRA) promises to drastically change the privacy landscape in the Golden State, and affect the privacy compliance efforts of many businesses that service customers in California.
Read more »
-
ALERT: Microsoft Exchange Vulnerabilities Used to Deploy Ransomware Posted on: March 15, 2021 In: Data Privacy & Cybersecurity
On March 11, 2021, Microsoft acknowledged that the recently disclosed Microsoft Exchange vulnerabilities were being used to facilitate ransomware attacks. The four vulnerabilities – known as vulnerabilities CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 – have been exploited by attackers to compromise systems beyond the Exchange server.
Read more »
-
Breach Notification Requirements Proposed for Banks Posted on: March 09, 2021 In: Data Privacy & Cybersecurity
On January 12, 2021, the Office of Comptroller of the Currency, the Federal Reserve Board, the Federal Deposit Insurance Company, and the Office of Thrift Supervision published a proposed rule that would substantially enhance banking organizations’ notification obligations in response to data security incidents. It would require a banking organization to provide its primary federal regulator with prompt notification of any “computer-security incident” that rises to the level of a “notification incident.”
Read more »
-
ALERT: Zero-Day Vulnerabilities Being Exploited to Attack On-Premises Microsoft Exchange Servers Posted on: March 04, 2021 In: Data Privacy & Cybersecurity
On March 2, 2021, Microsoft released a new patch to address four zero-day exploits being used to attack on-premises Microsoft Exchange Servers. The United States Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) has urged vulnerable businesses to read Microsoft’s update and apply patches to their systems as necessary.
Read more »
-
Virginia’s Consumer Data Protection Act: Not Quite The CCPA Posted on: March 02, 2021 In: Data Privacy & Cybersecurity
Though it seems Virginia is following California’s lead by becoming the second state with its own comprehensive data privacy legislation, Virginia’s Consumer Data Protection Act (CDPA) diverges from the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) in that it is far more business-friendly and does not have the “teeth” that the CCPA does.
Read more »
-
Canada Introduces Legislation to Revamp Federal Privacy Landscape Posted on: February 16, 2021 In: Data Privacy & Cybersecurity
The Canadian House of Commons introduced draft legislation that, if enacted, would align federal Canadian privacy law with the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). The draft legislation, titled the Consumer Privacy Protection Act (CPPA), proposes significant advancements to the current legal regime governing personal data.
Read more »
-
Top Five Cybersecurity Suggestions for 2021 Posted on: February 12, 2021 In: Data Privacy & Cybersecurity
As hard as it is to believe, we are already more than a month into 2021 – and our Data Privacy & Cybersecurity Team is well on its way to managing over 2,000 data security incidents this year. It serves as an important reminder that a few cybersecurity suggestions can have a big impact as we embrace the months to come. The following are our top five suggestions to enhance the security of your network, detect intruders more quickly, and reduce the scope and expense of data security events this year.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part V: New & Expanded Consumer Rights Posted on: February 08, 2021 In: Data Privacy & Cybersecurity
The newly-passed California Privacy Rights Act (CPRA) includes additional and expanded consumer rights not currently existing under the California Consumer Privacy Act (CCPA). This fifth installment in our series about the changes to the CCPA brought by the CPRA focuses on consumers’ new rights of correction and access to certain personal information and revisions to certain existing consumer rights in the CCPA, including rights to know (and access), deletion, non-discrimination, and rights for minors.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part IV: Data Minimization & Retention Posted on: January 26, 2021 In: Data Privacy & Cybersecurity
The fourth installment in our ongoing series about changes to the California Consumer Privacy Act (CCPA) focuses on the new data minimization and data retention requirements for subject businesses created by the passage of the California Privacy Rights Act (CPRA) on November 3, 2020. These provisions also obligate subject entities to implement business-wide internal policy changes to accommodate the possible need to change their data collection and retention policies before the CPRA is fully operative.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part II: CPRA’s Covered “Businesses” & Exemptions Posted on: December 29, 2020 In: Data Privacy & Cybersecurity
California voters’ approval of the California Privacy Rights Act (CPRA), a privacy ballot initiative that amends and expands the California Consumer Privacy Act (CCPA), is a significant development in the U.S. privacy world. In this second installment of our Digital Insights series on the major changes effected by the CPRA, we discuss what qualifies as a regulated "business" under the Act, and what data exemptions exist.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape: CPRA’s Definition and Treatment of “Sensitive Personal Information” Posted on: December 23, 2020 In: Data Privacy & Cybersecurity
On November 3, 2020, Californians approved Proposition 24, a ballot measure creating the California Privacy Rights Act (CPRA), which amends and expands the provisions and requirements of the California Consumer Privacy Act (CCPA). In this Digital Insights series on the CPRA, we will highlight and detail some of the most substantive and important modifications the new law will impose on the CCPA, and what those changes mean to businesses subject to California’s ever-evolving privacy regime.
Read more »