Two state privacy laws that pose unique applicability concerns went into effect July 1, 2024: the Oregon Consumer Privacy Act (the “OCPA”) and the Texas Data Privacy and Security Act (the “TDPSA”). Generally following the...more
Although not yet the subject of the formal rulemaking process, the California Privacy Protection Agency (the “CPPA”) has released draft proposed regulations for cybersecurity audits required by Section 1798.185(a)(15)(A) of...more
On February 28, 2024, by Executive Order (“EO”) 14117, President Biden issued “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” The EO directs...more
The United States is on track to see a record number of data breaches in 2023 and state regulators are paying attention. The swift action required by victim companies includes containment and elimination of the threat, and...more
In 2023, new consumer privacy laws will be effective in California, Colorado, Connecticut, Utah, Virginia. Other laws from the states of Delaware, Indiana, Iowa, Montana, Tennessee, Oregon, and Texas were signed this year and...more
Last fall, we provided an update on the state of the regulations promulgated under the California Consumer Privacy Act (CCPA). At the time, we identified key gaps in the current regulations, specifically the lack of guidance...more
Washington state recently enacted the My Health, My Data Act (House Bill 1155) (the “MHMD Act”), which aggressively requires all entities that collect, share, or sell consumer health data in Washington to comply with very...more
Iowa Joins the Consumer Privacy Party -
On March 28, 2023, Governor Kim Reynolds signed a new Iowa consumer privacy statute to be effective January 1, 2025, the Iowa Consumer Data Protection Act, joining California,...more
In 2023, new consumer privacy laws will be effective in California, Colorado, Connecticut, Utah, and Virginia. These laws will come online throughout the year as follows...more
Licensees of the New York Department of Financial Services (“DFS”) should be tracking the proposed amendments to the DFS Cybersecurity Regulation. All covered entities under the Regulation will need to revisit their...more
The California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA”) has had some major developments over the summer. On July 8, 2022, the California Privacy Protection Agency (California’s privacy...more
Already considered among the most rigorous cybersecurity requirements for financial services companies, the existing New York Department of Financial Services (“NY DFS”) Cybersecurity Regulation (the “Regulation”) set the...more
U.S. authorities have increased warnings of threats to critical infrastructure from Russian sources and have laid the groundwork for 72-hour reporting requirements for critical infrastructure organizations. At the end of...more
Addressing the evolving landscape of privacy laws will be at the top of the list of New Year’s resolutions for those doing business in the U.S. Businesses will need to assess and address changes in California privacy law, and...more
On December 7, 2021, the New York Department of Financial Services (“NY DFS”) released an industry letter providing guidance on Multi-Factor Authentication (“MFA”). MFA, which requires users of information systems to...more
In 2023, new consumer privacy laws will be effective in Colorado, Virginia, and California. Of these, the Colorado Privacy Act (SB 21-190 , the “CPA”) is the latest to be enacted. Effective July 1, 2023, the CPA shares many...more
New York’s recent steps to protect biometric privacy are well worth your attention. The “Biometric Identifier Information” Law (BIIL) was passed by the New York City Council and will be effective July 9, 2021 in New York...more
If your business is subject to the CCPA and (alone or in combination) bought, received, sold, or shared for commercial purposes the personal information of 10 million or more consumers (i.e., California residents) in 2020,...more
“Reasonable Security” is a term that is becoming more important due to the continued increase in ransomware incidents over the past few years, which the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) has...more
The New York Department of Financial Services (NYDFS) has now released a pair of alerts on the increase in cyberattacks on public facing insurance websites that provide instant quoting services to customers. If you provide...more
The passage of the California Privacy Rights Act (“CPRA”) on November 3, 2020 will result in increased litigation and enforcement actions for companies doing business in California. Indeed, only months after the California...more
Having set a new standard for privacy in the United States with the California Consumer Privacy Act of 2018 (the “CCPA”), California has again raised the bar for consumer privacy with the California Privacy Rights Act (the...more
On June 1, 2020, the Office of the California Attorney General submitted the final proposed regulations package under the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL). As...more
Recently we discussed NY DFS guidance to regulated entities, warning of the heightened cyber risks resulting from COVID-19 as cyber criminals look to exploit the increase in remote work and many individuals accustom...more