Data Privacy & Cybersecurity PracticeOn March 5, 2020, Vermont Governor Phil Scott signed into law Senate Bill 110, which amends sections of Chapter 62 of the Vermont Statutes Annotated - “Protection of Personal Information” - including Sections 2430, 2435, and 2454. The bill also adds Section 2443 to the chapter, which governs the privacy of student information belonging to preschool, kindergarten, elementary, and secondary school students.
Read more »Tag: personal data
-
Legislative Alert: Vermont Expands Definition of Personal Information and Enacts Protections for Student Privacy and Automatic Subscription Renewals Posted on: March 19, 2020 In: Data Privacy & Cybersecurity
-
Washington State Data Breach Notification Statute Updates Go Into Effect, Imposing New Requirements on Businesses Posted on: March 17, 2020 In: Data Privacy & CybersecurityEffective March 1, 2020, amendments to the Washington State data breach notification statute made the law significantly more onerous for companies dealing with data security incidents. The amendments, which we first covered in May 2019, expanded the definition of personal information, shortened the deadlines for notification, and imposed additional requirements for notice contents.
Read more »
-
Ransomware and the Paramount Importance of Evidence Preservation for Healthcare Entities Posted on: March 10, 2020 In: Data Privacy & CybersecurityOrganizations regulated by the Healthcare Information Privacy and Accountability Act (HIPAA) must take special care to preserve valuable forensic artifacts at the outset of a ransomware or other cybersecurity event. The HIPAA Breach Notification Rule presumes a cybersecurity incident has resulted in unauthorized access to unsecured protected health information and the burden shifts to the organization to show a low probability of the compromise of the health information it maintains.
Read more »
-
Legislative Alert: California Expands Definition of Personal Information Posted on: November 01, 2019 In: Data Privacy & CybersecurityOn October 11, 2019, California Governor Gavin Newsom signed into law Assembly Bill 1130, which amends The Information Practices Act of 1977, as well as California Civil Code §§ 1798.29, 1798.81.5 and 1798.82. The bill expands the definition of “personal information” under the California data breach notification statutes applicable to businesses and to government agencies.
Read more »
-
CCPA’s Final Requirements in Flux, with Six Months to Go to Comply - Part 3 of 3: Trends and Planning – What it All Means Posted on: June 07, 2019 In: Data Privacy & CybersecurityOn June 28, 2018, the state of California enacted and then-Governor Jerry Brown signed the California Consumer Privacy Act (CCPA) into law. The CCPA is a robust piece of legislation that substantially expanded the privacy rights of California residents regarding the collection, use, sale, and disclosure of their personal information by certain for-profit businesses that operate or do business in California. The final installment of this three-part series will cover trends and planning.
Read more »
-
CCPA’s Final Requirements in Flux, with Six Months to Go to Comply - Part 2 of 3: General Observations on Pending Amendments to the CCPA Posted on: June 05, 2019 In: Data Privacy & CybersecurityOn June 28, 2018, the state of California enacted and then-Governor Jerry Brown signed the California Consumer Privacy Act (“CCPA”) into law. The CCPA is a robust piece of legislation that substantially expanded the privacy rights of California residents regarding the collection, use, sale, and disclosure of their personal information by certain for-profit businesses that operate or do business in California. Part 2 of this three-part series will look at pending amendments to the CCPA.
Read more »
-
CCPA’s Final Requirements in Flux, with Six Months to Go to Comply - Part 1 of 3: Where Does the Law Stand Now? Posted on: June 03, 2019 In: Data Privacy & CybersecurityOn June 28, 2018, the state of California enacted and then-Governor Jerry Brown signed the California Consumer Privacy Act (CCPA) into law. The CCPA is a robust piece of legislation that substantially expanded the privacy rights of California residents regarding the collection, use, sale, and disclosure of their personal information by certain for-profit businesses that operate or do business in California. Part 1 of this three-part series will examine the current state of the law.
Read more »
-
HIPAA Breach Reporting: Focus on Remediation in Responding to an HHS/OCR Investigation Posted on: February 25, 2019 In: Data Privacy & CybersecurityLast year was another banner year for HIPAA data breaches reported to the Department of Human Services Office of Civil Rights (HHS/OCR), and the reporting period hasn’t yet closed, as organizations experiencing breaches affecting fewer than 500 individuals have until 60 days after the end of the calendar year in which the breach occurred to make the report.
Read more »
-
Massachusetts Amends Data Breach Law Notice Requirements, Mandates Credit Monitoring Services Posted on: January 24, 2019 In: Data Privacy & CybersecurityMassachusetts recently updated its breach notification statute, requiring an organization to provide additional services for individuals and greater disclosures to state regulators when a data breach occurs. The changes go into effect on April 10, 2019
Read more »
-
Modlishka – Exploiting Two-Factor Authentication Posted on: January 22, 2019 In: Data Privacy & CybersecurityTwo-factor authentication (2FA) is a commonly used means of securing access to website accounts through easily understood login procedures. Once the user provides the required information, whether a password or site generated code, a session cookie is generated and a secure session is established between the user and the site. But what if an unauthorized person eavesdrops and collects the 2FA information or session cookie?
Read more »
-
Cybersecurity Resolutions for 2019 Posted on: December 28, 2018 In: Data Privacy & CybersecurityA new year is upon us, which means people across the world will resolve to exercise more, eat healthier, eliminate financial debt and, most importantly, enhance their cybersecurity over the coming year. More than the typical New Year’s resolutions, improving your individual and corporate cybersecurity defenses can be easier to achieve and sustain. With that in mind, here are a few cybersecurity resolutions to add to your new year’s list, and a few tips for achieving them in 2019.
Read more »
-
California Enacts Sweeping, EU-Style Privacy Law Posted on: July 06, 2018 In: Data Privacy & CybersecurityOn June 28, 2018, California Governor Jerry Brown signed A.B. 375 into law, a robust bill that provides substantially broader privacy rights to California consumers regarding how certain businesses can collect, use, sell, and disclose their personal information. The new law requires such businesses to be more transparent in their data collection and sharing practices.
Read more »
Blog Search
Featured Posts
- March 20, 2020 OCR Announces HIPAA Telehealth Security Waiver in Response to COVID-19 Pandemic
- March 13, 2020 ALERT: COVID-19 / Coronavirus-Related Ransomware and Phishing Attacks
- March 12, 2020 Colorado Temporarily Requires Employers to Provide Sick Leave While Awaiting COVID-19 Testing
- February 13, 2020 Coronavirus – Employers, Be Smart! Be Prepared!
Blog Tags
alabama
arkansas
audit
biometric data
breach notification
california
ccpa
checklist
client notification
colorado
congress
consumer notification
coronavirus
covid19
credit reporting
cryptocurrency
cybersecurity
cyber threat
data breach
data map
data privacy
data privacy directive
data protection officer
data security
delaware
department of commerce
email
employment
equifax
ethereum
ethics
eu
eu-u.s. data privacy shield
eu-u.s. privacy shield
european union
fbi
fcra
federal communication
federal trade commission
financial firms
financial fraud kill chain
fincen
gdpr
hacking
healthcare
hhsocr
hipaa
holiday season
human resources
identity theft
illinois
incidence response plan
incident response planning
information security
insider attacks
internet crime
investigations
irs
legislative alert
malware
managed service providers
maryland
massachusetts
microsoft office 365
multi-factor identification
net neutrality
new jersey
new mexico
new york
ninth circuit
nist security controls
nydfs
ocabr
patching
personal data
personal information
phishing
privacy act
privacy settings
ransomware
rdp
regulations
remote desktop protocol
scams
school
security posture assessment
service provider agreement
social engineering
social media
soppa
spear-phishing
statute
supreme court
tax returns
tennessee
utah
virginia
w2
washington
workplace policy