Each of the 50 states has its own definition of what constitutes a reportable data breach. For some, it requires “unauthorized access” to personal information. For others, it requires “unauthorized acquisition.” And then,...more
7/25/2024
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Theft ,
Identity Theft ,
Personal Data ,
Personally Identifiable Information ,
Unauthorized Access
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
As we discussed in part three of this series, “Navigating the Complexities of Regulatory Data Incident Investigations,” when an organization is the subject of regulatory data incident investigations, it must navigate a...more
2/19/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Incident Response Plans ,
Investigations ,
NIST ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Oversight ,
Regulatory Reform ,
Regulatory Requirements ,
Settlement
It is indeed a tangled regulatory web woven to potentially trap an organization in the wake of a data incident. Navigating this web can involve significant resources, time, and stress. As we discussed in part two of this...more
12/13/2023
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Oversight ,
State Attorneys General
On October 10, Governor Newsom signed the Delete Act ( SB 362) into law, which amends California's current data broker law to impose extensive additional disclosure and registration requirements on data brokers, and to...more
10/20/2023
/ California ,
California Privacy Protection Agency (CPPA) ,
Consumer Reporting Agencies ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Deletion ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
New Legislation ,
Notice of Proposed Rulemaking (NOPR) ,
Personal Data ,
Personal Information ,
Personally Identifiable Information ,
Popular ,
Public Comment ,
Regulatory Reform
Popular file transfer tool MOVEit’s recent data security vulnerability prompted many businesses to communicate, internally and externally, about the impact of the incident on its business.
Originally published in Law360 -...more
10/16/2023
/ Consumer Privacy Rights ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Communications ,
Incident Response Plans ,
Personal Data ,
Personally Identifiable Information ,
Popular
Government regulators are seemingly as numerous as the stars nowadays, especially in the universe of data incidents. When organizations experience a data incident, they will need to quickly assess what happened, why it...more
10/16/2023
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Personally Identifiable Information ,
PHI ,
Regulatory Agencies ,
State Attorneys General
In the burgeoning realm of data incidents, it is a truism that such incidents are not created equal. Indeed, a data incident is not necessarily a data breach.
Originally published in Reuters -August 24, 2023...more
8/25/2023
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
NIST ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Regulatory Oversight
A thesis statement for this month's Cyber Capsule might be "You're Doing It Wrong." Whether it's easily guessable passwords, manipulated URLs, or waiting longer than prudent to report a data breach, most of our items look at...more
In Gardiner v. Walmart, Inc., a Walmart customer who purchased goods online filed a putative class action alleging that Walmart's cybersecurity procedures led to a purported unauthorized disclosure of his personal identifying...more
Enforcement of the California Consumer Privacy Act (CCPA) began July 1, 2020. Our privacy team at Troutman Pepper includes several attorneys who worked in an attorney general’s office. This privacy regulatory team has...more
Enforcement of the California Consumer Privacy Act (CCPA) began July 1, 2020. Our privacy team at Troutman Pepper includes several attorneys who worked in an attorney general’s office. This privacy regulatory team has...more
7/17/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Sellers ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government