Data Privacy & Cybersecurity PracticeOn December 22, 2021, New York Governor Kathy Hochul signed into law New York Senate Bill 7019, amending New York State Technology Law § 209 in an effort to remedy the miscommunications between various state agencies regarding notices of data breaches. The law now requires the Office of Information Technology Services to take certain steps when it discovers a data breach or network security breach. We discuss the background and details of the new law in this post.
Read more »Tag: personal information
-
Recent Amendment to New York State Technology Law Demonstrates Rapid Evolution of Privacy Laws Posted on: December 29, 2021 In: Data Privacy & Cybersecurity
-
China’s Personal Information Protection Law Brings Heightened Data Privacy Regulation to the People’s Republic Posted on: August 27, 2021 In: Data Privacy & CybersecurityOn August 20, 2021, at the closing meeting of China’s National People’s Conference Standing Committee in Beijing, lawmakers approved the Personal Information Protection Law (PIPL). The PIPL legislates for the protection of personal information and will take effect on November 1, 2021. For businesses transacting with China, the PIPL promises a shift in the way cross-border business is done. This post covers key provisions of the new law to help businesses prepare for the enactment of this legislation.
Read more »
-
Legislative Alert: Enhanced Privacy Protections Signed Into Law in Connecticut Posted on: July 21, 2021 In: Data Privacy & CybersecurityConnecticut is part of the steady stream of states enacting more complicated and demanding data privacy and cybersecurity laws in 2021. The state joins Colorado and California in adding both a new privacy law and a new cybersecurity law. In this post, we review the key elements of Connecticut's Act Concerning Data Privacy Breaches and its Act Incentivizing the Adoption of Cybersecurity Standards for Businesses.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part VII: Penalties and Enforcement Mechanisms Posted on: June 02, 2021 In: Data Privacy & CybersecurityAs discussed throughout this series, the passage of the California Privacy Rights Act (CPRA) will change the privacy landscape in California and impact the compliance efforts of businesses serving California consumers. In addition to expansion of the rights promised to consumers under the California Consumer Privacy Act (CCPA), this seventh installment in our series discusses the new penalties and enforcement mechanisms for subject businesses created by passage of the CPRA on November 3, 2020.
Read more »
-
Canada Introduces Legislation to Revamp Federal Privacy Landscape Posted on: February 16, 2021 In: Data Privacy & CybersecurityThe Canadian House of Commons introduced draft legislation that, if enacted, would align federal Canadian privacy law with the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). The draft legislation, titled the Consumer Privacy Protection Act (CPPA), proposes significant advancements to the current legal regime governing personal data.
Read more »
-
Don’t Forget the HIPAA Small Breach Notification Deadline of March 1, 2021. It’s Right Around the Corner! Posted on: February 10, 2021 In: Data Privacy & CybersecurityDespite all that made 2020 an unusual year, data security incidents did not slow down. For organizations that are covered by the Health Insurance Portability and Accountability Act (HIPAA), the deadline to report small incidents is fast approaching. Organizations that experienced a data security incident in 2020, which affected the protected health information (PHI) of less than 500 individuals, have until March 1, 2021 to submit their notification to the U.S. Dept. of Health & Human Services.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part V: New & Expanded Consumer Rights Posted on: February 08, 2021 In: Data Privacy & CybersecurityThe newly-passed California Privacy Rights Act (CPRA) includes additional and expanded consumer rights not currently existing under the California Consumer Privacy Act (CCPA). This fifth installment in our series about the changes to the CCPA brought by the CPRA focuses on consumers’ new rights of correction and access to certain personal information and revisions to certain existing consumer rights in the CCPA, including rights to know (and access), deletion, non-discrimination, and rights for minors.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part II: CPRA’s Covered “Businesses” & Exemptions Posted on: December 29, 2020 In: Data Privacy & CybersecurityCalifornia voters’ approval of the California Privacy Rights Act (CPRA), a privacy ballot initiative that amends and expands the California Consumer Privacy Act (CCPA), is a significant development in the U.S. privacy world. In this second installment of our Digital Insights series on the major changes effected by the CPRA, we discuss what qualifies as a regulated "business" under the Act, and what data exemptions exist.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape: CPRA’s Definition and Treatment of “Sensitive Personal Information” Posted on: December 23, 2020 In: Data Privacy & CybersecurityOn November 3, 2020, Californians approved Proposition 24, a ballot measure creating the California Privacy Rights Act (CPRA), which amends and expands the provisions and requirements of the California Consumer Privacy Act (CCPA). In this Digital Insights series on the CPRA, we will highlight and detail some of the most substantive and important modifications the new law will impose on the CCPA, and what those changes mean to businesses subject to California’s ever-evolving privacy regime.
Read more »
-
California Voters Make CCPA 2.0 a Reality – California Privacy Rights Act Ballot Measure Passes Posted on: November 10, 2020 In: Data Privacy & CybersecurityOn November 3, 2020, California voters approved Proposition 24, otherwise known as the California Privacy Rights Act (CPRA), a ballot measure that will expand the privacy protections for California residents under the existing California Consumer Privacy Act (CCPA). Effective January 1, 2023, the CPRA significantly amends the CCPA by expanding consumer rights, heightening privacy protections, and establishing an enforcement agency dedicated to protecting consumers through vigorous enforcement of the law.
Read more »
-
The Next Major Public Health Crisis Posted on: October 15, 2020 In: Data Privacy & CybersecurityIn 2014, a business associate of a healthcare entity was notified by law enforcement that it had suffered a cyberattack to the company's information system. The hackers were able to access and exfiltrate the health information of more than 6 million people from numerous entities served by the business associate. In addition to a fine issued by OCR, a related covered entity was sued and a multimillion-dollar settlement was reached. OCR placed the covered entity under a very detailed corrective action plan.
Read more »
-
California Legislature Extends CCPA Exemptions for Employees’ Personal Information & “Business-to-Business” Exchanges to 2022 Posted on: September 24, 2020 In: Data Privacy & CybersecurityBut for limited exemptions added to the California Consumer Privacy Act (CCPA) last year, personal information exchanged in the employment context, and personal information collected through “business-to-business” exchanges, would be subject to all requirements of the CCPA. Those exemptions were set to expire next year. However, the California legislature has recently voted, through Assembly Bill 1281, to extend the exemptions until January 1, 2022.
Read more »
Blog Search
Featured Posts
- December 15, 2021 Which States Are Paying More Money in 2022: An Overview of Minimum Wage Increases Across the Country
- June 11, 2021 Using Artificial Intelligence to Track Growing Remote Workforce and Related Litigation Implications
- June 07, 2021 Backup, Separate, & Secure: White House Cyber Recommendations Reach the Private Sector
- June 02, 2021 How to Protect Your Investment in Employees in a Tight Labor Market
- March 29, 2021 Complaint Itself Cannot Meet Knowledge Requirement For Indirect & Willfulness Claims, Says Delaware District Court
Blog Tags
alabama
arkansas
audit
banking
bank secrecy act
biometric data
breach notification
california
canada
ccpa
client notification
colorado
congress
connecticut
consumer consent
consumer notification
consumer rights
coronavirus
covid-19
cpra
cryptocurrency
cyber insurance
cybersecurity
cyber threat
data breach
data privacy
data privacy act
data security
delaware
electronic protected health information
email
employment
equifax
eu
eu-u.s. privacy shield
european unioin
european union
executive order
fbi
fcra
federal trade commission
fincen
fraud
ftc
gdpr
hacking
healthcare
hhsocr
hhs ocr
hipaa
holiday season
hssocr
human resources
identity theft
illinois
incident response
information security
irs
legislation
legislative alert
malware
managed service providers
maryland
massachusetts
michigan
microsoft exchange servers
microsoft office 365
multi-factor authentication
multi-factor identification
new jersey
new mexico
new york
ninth circuit
nist
nist framework
nist security controls
online operators
opt out
personal data
personal information
phishing
private sector
protected health information
ransomware
regulations
social engineering
social media
spectre
statute
supreme court
tax returns
utah
video-teleconferencing
virginia
w2
washington
websites
workplace policy
zero-day
zoom