Data Privacy & Cybersecurity Blog Posts From June 2022

• Blog: Privacy Protection Patchwork, Part IV: How the Connecticut Data Privacy Act Could Impact Your Business
  Date: June 28, 2022 Title: Privacy Protection Patchwork, Part IV: How the Connecticut Data Privacy Act Could Impact Your Business
  Summary: The number of states enacting comprehensive privacy laws is growing, adding to the existing patchwork of privacy, security, and data breach notification laws that keep legal and compliance personnel busy. This five-part series will highlight key provisions in a few of the new comprehensive privacy laws and regulations. Each week we will examine laws in a new state and provide recommendations on what steps businesses should consider taking. In Part IV, we discuss the Connecticut Data Privacy Act....
• Blog: The “Follina” Vulnerability: Microsoft Support Diagnostic Tool Alert for Zero Day Exploit CVE-2022-30190
  Date: June 27, 2022 Title: The “Follina” Vulnerability: Microsoft Support Diagnostic Tool Alert for Zero Day Exploit CVE-2022-30190
  Summary: On May 30, 2022, Microsoft issued an alert regarding a vulnerability in its Microsoft Support Diagnostic Tool that can be exploited using Microsoft Office documents and results in the unauthorized installation of programs or access to data.The vulnerability evades common protections associated with Microsoft Office documents, requires minimal user interaction, and can be used by a remote attacker to execute arbitrary code, escalate privileges to fully take over a machine, or deploy additional malware....
• Blog: North Carolina Prohibits Ransom Payments by State and Local Government Agencies
  Date: June 24, 2022 Title: North Carolina Prohibits Ransom Payments by State and Local Government Agencies
  Summary: North Carolina made national headlines recently as the first state to prohibit state agencies and local government entities from paying a ransom following an attack. But N.C. Gen. Stat. § 143-800 goes one step further, prohibiting those entities from even communicating with a threat actor following an attack....
• Blog: Privacy Protection Patchwork, Part III: What Your Business Should Know About Utah’s Consumer Privacy Act
  Date: June 20, 2022 Title: Privacy Protection Patchwork, Part III: What Your Business Should Know About Utah’s Consumer Privacy Act
  Summary: The number of states enacting comprehensive privacy laws is growing, adding to the existing patchwork of privacy, security, and data breach notification laws that keep legal and compliance personnel busy. This five-part series will highlight key provisions in a few of the new comprehensive privacy laws and regulations. Each week we will examine laws in a new state and provide recommendations on what steps businesses should consider taking. In Part III, we discuss the Utah Consumer Privacy Act....
• Blog: Privacy Protection Patchwork, Part II: How the Colorado Privacy Act Could Impact Your Business
  Date: June 13, 2022 Title: Privacy Protection Patchwork, Part II: How the Colorado Privacy Act Could Impact Your Business
  Summary: The number of states enacting comprehensive privacy laws is growing, adding to the existing patchwork of privacy, security, and data breach notification laws that keep legal and compliance personnel busy. This five-part series will highlight key provisions in a few of the new comprehensive privacy laws and regulations. Each week we will examine laws in a new state and provide recommendations on what steps businesses should consider taking. In Part II, we explore the Colorado Privacy Act....
• Blog: Privacy Protection Patchwork, Part I: New Comprehensive State Privacy Laws and How They Could Impact Your Business
  Date: June 06, 2022 Title: Privacy Protection Patchwork, Part I: New Comprehensive State Privacy Laws and How They Could Impact Your Business
  Summary: The number of states enacting comprehensive privacy laws is growing, adding to the existing patchwork of privacy, security, and data breach notification laws that keep legal and compliance personnel busy. This five-part series will highlight key provisions in a few of the new comprehensive privacy laws and regulations. Each week we will examine laws in a new state and provide recommendations on what steps businesses should consider taking. We begin with the Virginia Consumer Data Protection Act....
• Blog: CPPA Issues CPRA Draft Regulations
  Date: June 01, 2022 Title: CPPA Issues CPRA Draft Regulations
  Summary: On Friday, May 27, 2022, the California Privacy Protection Agency (CPPA) issued draft proposed regulations ahead of its June 8, 2022 board meeting. While these draft regulations are subject to public comment and may undergo extensive revisions before they are finalized, the draft rules provide some insight into the direction the CPPA is taking with regard to how businesses may collect and use personal information as well as the form and content for notices and disclosures to consumers....