The Federal Trade Commission (FTC) has notified businesses that it is “resurrecting” its Penalty Offense Authority, an enforcement tool that had not been used by the agency since the 1980s. The Penalty Offense Authority,...more
The Governor of Colorado signed the Colorado Privacy Act (CPA) on July 7, 2021, making it the third state in the United States to enact broad consumer privacy legislation. Building on now-familiar concepts from the California...more
The California Privacy Rights Act (CPRA) will require businesses to update their privacy notices with additional disclosures and post website links that allow consumers to exercise their new rights under the CPRA. In this...more
On April 27, 2021, the New York State Department of Financial Services (“DFS” or the “Department”) released a report regarding its investigation into the response by DFS covered entities to the SolarWinds supply chain attack....more
5/5/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Incident Response Plans ,
Information Technology ,
NYDFS ,
Russia ,
Software ,
SolarWinds ,
Supply Chain ,
Third-Party Service Provider
As we have previously highlighted, the California Privacy Rights Act (CPRA) has created several new consumer rights that will require businesses to change existing California Consumer Privacy Act (CCPA) compliance programs. ...more
Ransomware victims face a nearly impossible decision: pay criminals holding their business hostage or refuse and face possible crippling consequences. This decision requires careful analysis of a number of considerations, and...more
2/25/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Incident Response Plans ,
Information Technology ,
New Guidance ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Ransomware
On February 4, the New York Department of Financial Services (NYDFS) released Insurance Circular Letter No. 2 (2021), a Cyber Insurance Risk Framework (Framework) for insurers that write cyber insurance....more
2/17/2021
/ Consumer Insurance Products ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
Insurance Regulations ,
NYDFS ,
Popular ,
Risk Management ,
State and Local Government
Virginia is on track to be the second U.S. state to enact comprehensive consumer privacy legislation. Both the Virginia House of Delegates and the Virginia Senate have passed nearly identical versions of the Consumer Data...more
2/10/2021
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
Risk Management ,
State and Local Government
On January 12, 2021, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) published a Notice of Proposed...more
1/13/2021
/ Cybersecurity ,
Data Breach ,
Data Protection ,
FDIC ,
Federal Breach Notification Standard ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
FRB ,
NPRM ,
OCC ,
Popular ,
Regulatory Requirements
California voters have spoken: in November 2020, they voted to enact the California Privacy Rights Act (CPRA), which will mark a significant expansion of California’s existing privacy laws when it takes effect on January 1,...more
The Consumer Financial Protection Bureau (CFPB) released an advanced notice of proposed rulemaking (ANPR) requesting information related to consumer access to financial records. The ANPR is another step towards the CFPB’s...more
The U.S. Department of Commerce (DOC), Department of Justice (DOJ), and the Office of the Director of National Intelligence (ODNI) jointly issued a White Paper containing information about privacy protections under U.S. law...more
9/29/2020
/ Court of Justice of the European Union (CJEU) ,
Data Management ,
Data Protection ,
Department of Justice (DOJ) ,
EU ,
FISA ,
International Data Transfers ,
National Security ,
ODNI ,
Personal Data ,
Risk Management ,
Schrems I & Schrems II ,
U.S. Commerce Department
Unmanned Aircraft Systems (UAS or drones) are increasingly popular in the United States and around the world. While most UAS operators operate safely and comply with relevant laws, growing security and privacy concerns over...more
On 21 August 2020, the Federal Aviation Administration (FAA) published a Call for White Papers to identify eligible manufacturers, vendors, and integrators of unmanned aircraft systems (UAS or drone) detection and/or...more
Unmanned Aircraft Systems (UAS or drones) have become increasingly popular in the United States and around the world. While the vast majority of UAS operators operate safely and in compliance with relevant laws, growing...more
On Friday, the California Attorney General issued the final implementing regulations for the California Consumer Privacy Act (CCPA). The final regulations—which had been under review by the California Office of Administrative...more
8/18/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Office of Administrative Law Judges (OALJ) ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Requirements ,
State and Local Government
Following promises of increased enforcement, on July 22, 2020, the New York Department of Financial Services (NYDFS) announced the first cybersecurity enforcement action pursuant to its Cybersecurity Regulation, which...more
It’s official. The California Privacy Rights Act (CPRA) has received enough valid signatures to appear on the November 2020 ballot. And if polling from late last year remains accurate, California voters are likely to approve...more
6/26/2020
/ Ballot Measures ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Legislative Agendas ,
Personally Identifiable Information ,
State and Local Government
On June 1, The California Attorney General (CA AG) submitted the final text of the CCPA regulations to the California Office of Administrative Law (OAL) for approval. ...more
6/2/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
The California Privacy Rights Act (CPRA) is progressing through California’s elections process for inclusion on the November 2020 ballot. Businesses may want to begin considering how their data privacy obligations in...more
Continuing its focus on COVID-19’s impact on its regulated entities, on April 13, the New York Department of Financial Services (NYDFS) released new cybersecurity guidance in response to the COVID-19 pandemic....more
On March 11, The California Attorney General (CA AG) released a second set of modifications to the proposed regulations implementing the California Consumer Privacy Act (CCPA)....more
3/13/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Digital Service Providers ,
Information Governance ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Right to Delete ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
On Friday, February 7, 2020, the California Attorney General (CA AG) released notice of changes to the California Consumer Privacy Act (CCPA) draft regulations. Initial draft regulations were published for public comment on...more
2/10/2020
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Regulation ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government
Alongside its flurry of CCPA amendments last term, the California legislature passed Assembly Bill 1202 (AB 1202), the nation’s second “data broker” registration law. AB 1202 requires “data brokers” to register with and pay...more
1/27/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Brokers ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Sellers ,
Deadlines ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Registration Requirement ,
Regulatory Requirements ,
State and Local Government ,
State Attorneys General ,
Third-Party Relationships
Washington State is already shaping up as a center of state privacy legislation for 2020.
Last year, SB 5376 (also known as the Washington Privacy Act, or WPA) gained significant traction in the legislature, passing the...more
1/14/2020
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Facial Recognition Technology ,
General Data Protection Regulation (GDPR) ,
Legislative Agendas ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Portability ,
Proposed Legislation ,
Right to Delete ,
State and Local Government