Washington joins Massachusetts as the second state this year to amend its data breach notification law. The amendments will not take effect, however, until March 1, 2020. As amended, the definition of personal information has...more
The ICO first began its examination of Bounty UK Ltd. (a support club for parents) when the ICO was investigating the data brokerage industry generally, of which it viewed Bounty as taking part (given that it shared member...more
4/18/2019
/ Consent ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Information Commissioner's Office (ICO) ,
Notification Requirements ,
Personally Identifiable Information ,
Privacy Policy ,
UK
In response to the concern of many that the definition of consumer is so broad as to cover employees, a bill has been introduced in California to exclude employees from the scope of CCPA. As those who have been following CCPA...more
Ohio recently followed South Carolina as the second state to adopt cybersecurity legislation modeled after the NAIC’s Insurance Data Security Model Law. The Ohio law, Senate Bill 273, applies to insurers authorized to do...more
3/21/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Information Security ,
Insurance Industry ,
Insurer Liability ,
New Legislation ,
Personally Identifiable Information ,
Risk Assessment ,
State Data Breach Notification Statutes ,
Third-Party Service Provider
Massachusetts’ breach notice law has been amended, requiring companies who suffer a data breach to provide more information to the Attorney General about the incident. The law will go into effect in a month, on April 11,...more
3/12/2019
/ Amended Legislation ,
Corporate Counsel ,
Credit Monitoring ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Hackers ,
Personally Identifiable Information ,
State Attorneys General ,
State Data Breach Notification Statutes
Over the course of 2018, the FTC brought several actions against US companies for violations of the Privacy Shield program. The program, which as we have reported on previously gives participating US companies a mechanism to...more
1/15/2019
/ Data Privacy ,
Data Protection ,
Data Security ,
Departments of Commerce ,
Enforcement ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Privacy Certification ,
Privacy Policy
On January 1, 2019 Vermont’s breach notice law will include obligations specific to data brokers. A “data broker” is defined as a business that “knowingly collects and sells or licenses to third parties the brokered personal...more
12/24/2018
/ Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Collection ,
Data Protection ,
Data Security ,
Disclosure Requirements ,
Encryption ,
Good Faith ,
New Legislation ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Registration Requirement ,
State Data Breach Notification Statutes
The New Jersey attorney general recently announced its settlement with software company LightYear Dealer Technologies, LLC- doing business as DealerBuilt- over a 2016 data breach. The company provides its clients, car...more
The Securities and Exchange Commission recently settled with Voya Financial Advisors, Inc. for alleged violation of Regulation S-ID (otherwise known as the Identity Theft Red Flags Rule) and Regulation S-P (otherwise known as...more
10/23/2018
/ Bad Actors ,
Broker-Dealer ,
Customer Information ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Fines ,
Identity Theft ,
Identity Theft Prevention Program ,
Identity Theft Red Flags Rule ,
Investment Adviser ,
Passwords ,
Personally Identifiable Information ,
Policies and Procedures ,
Regulation S-ID ,
Regulation S-P ,
Safeguards Rule ,
Securities and Exchange Commission (SEC)