The explosion of generative AI has spawned a wide range of personal and professional tools and applications. One noteworthy (no pun intended) example of those tools and applications is notetakers that can capture, transcribe,...more
The Federal Trade Commission (FTC) has approved an amendment to its Safeguards Rule that will require non-banking financial institutions to report certain data breaches (or “notification events”) to the FTC (not affected...more
11/6/2023
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Personal Information ,
Private Commercial or Financial Information ,
Reporting Requirements ,
Safeguards Rule
On October 8, 2023, Governor Newsom signed Assembly Bill (AB) 947. Effective January 1, 2024, the bill will revise the California Consumer Privacy Act (CCPA) definition of “sensitive personal information” to include personal...more
Most human resources professionals are concerned about the privacy and security of the vast amounts of personal information they manage. This article discusses steps to consider taking against the challenges.
Deluge of...more
10/3/2023
/ Americans with Disabilities Act (ADA) ,
Breach Notification Rule ,
California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Deletion ,
Employee Privacy Rights ,
Employee Training ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Human Resources Professionals ,
Information Technology ,
Personal Information ,
Popular ,
Risk Assessment ,
Risk Management ,
Wage and Hour
When the California Privacy Rights Act (CPRA) was enacted, it created the California Privacy Protection Agency (CPPA) and delegated to the CPPA significant regulatory authority. One of the areas of that authority is...more
On May 11, 2023, Tennessee’s Governor signed Senate Bill 0073, the Tennessee Information Protection Act, making the state the eighth state to pass consumer privacy legislation. Tennessee joins California, Colorado,...more
5/12/2023
/ California Consumer Privacy Act (CCPA) ,
Consumer Protection Laws ,
COPPA ,
Data Controller ,
Data Processors ,
FERPA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
NIST ,
Personal Information ,
State Privacy Laws ,
Tennessee
Since the privacy and security regulations were issued under the federal Health Insurance Portability and Accountability Act (HIPAA), critics pointed to the limitations on the reach of those rules. A critical limitation...more
The Federal Trade Commission (FTC) recently took enforcement action against digital healthcare companies for sharing user information vie third-party tracking pixels, which enable the collection of user data....more
On December 22, 2022, the Nevada Gaming Commission (NGC) adopted regulations creating new cybersecurity requirements for certain gaming operators. This action joins agencies in other jurisdictions moving quickly to protect...more
On January 1, 2023, Virginia’s Consumer Data Protection Act (CPDA) takes effect. Key features of the CPDA include expansive consumer privacy rights (right to access, right of rectification, right to delete, right to opt-out,...more
On October 21 and 22, the California Privacy Protection Agency (CPPA) Board will meet to discuss possible action regarding the proposed regulations for the California Consumer Privacy Act (CCPA) and California Privacy Rights...more
1. What’s changing?
Under the current version of the California Consumer Privacy Act (“CCPA”), an employer’s obligations related to the personal information it collects from employees, applicants, and contractors residing...more
9/28/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Do Not Sell ,
Employee Rights ,
Job Applicants ,
Notice Requirements ,
Personal Information ,
Privacy Policy
For the past few years, California’s comprehensive privacy law known as the California Consumer Privacy Act (“CCPA”) included an important partial exemption for employees, applicants, and independent contractors...more
On August 11, 2022, the Federal Trade Commission (FTC) announced proposed rulemaking pertaining to “commercial surveillance and lax data security.” However, the overall focus of the potential rulemaking is consumer privacy...more
While the federal government attempts to move forward with a more uniform national law, Connecticut joined California, Colorado, Utah, and Virginia in passing a comprehensive consumer privacy law....more
After reading New York Attorney General Letitia James’ Business Guide for Credential Stuffing Attacks (“Guide”), I promptly reminded my family (and myself!) to change passwords. The practice of using the same password for...more
With ransomware and other cyber threats top of mind for most in the c-suite these days, a question frequently raised is whether a particular organization is a target for hackers. Of course, nowadays, any organization is at...more
With health-related data and how to protect it at the forefront of discussion since the start of the COVID-19 pandemic, this week California Governor Gavin Newsom signed into law two bills related to genetic data. First, AB...more
When use or disclosure of an individual’s health information or medical records is at issue, the assumption seems to be, much more often than not, that the HIPAA privacy and security rules apply. This has certainly been the...more
10/1/2021
/ Americans with Disabilities Act (ADA) ,
Anti-Discrimination Policies ,
Coronavirus/COVID-19 ,
Disclosure ,
Employment Records ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Medical Records ,
OCR ,
OSHA ,
Personal Information ,
PHI ,
Physicians ,
Vaccinations
On September 17, 2021, a three-judge panel of the Illinois Appellate Court for the First Judicial District issued a long-awaited decision regarding the statute of limitations for claims under the state’s Biometric Information...more
Cities step up their efforts to combat the COVID-19 Delta variant. New York City, New Orleans, and San Francisco have all announced requirements for certain persons to produce evidence of COVID vaccination status in order to...more
8/23/2021
/ California Consumer Privacy Act (CCPA) ,
Centers for Disease Control and Prevention (CDC) ,
Coronavirus/COVID-19 ,
Documentation ,
Masks ,
Personal Information ,
Reasonable Accommodation ,
Restaurant Industry ,
Social Distancing ,
Vaccinations ,
Vaccine Passports
Effective October 1, 2021, Connecticut becomes the third state with a data breach litigation “safe harbor” law (Public Act No. 21-119), joining Utah and Ohio. In short, the Connecticut law prohibits courts in the state from...more
In late May, New York Attorney General Letitia James announced a $200,000 settlement agreement with Filters Fast, an online water filtration retailer, stemming from a 2019 data breach compromising the personal information of...more
6/8/2021
/ Breach Notification Rule ,
Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Cyber Attacks ,
Data Breach ,
New York ,
Personal Information ,
Policies and Procedures ,
Settlement Agreements ,
SHIELD Act ,
State Attorneys General ,
Websites
One of industries perhaps hardest hit by the coronavirus, the travel industry, received welcomed news late last week in the form of CDC guidance stating that people fully vaccinated against COVID-19 can resume domestic travel...more
On Tuesday, March 2nd, Virginia Governor Ralph Northam signed into law the Consumer Data Protection Act (CDPA), officially joining California as the second state with a comprehensive consumer privacy law, intended to enhance...more