The Privacy Insider Podcast Ep. 7: David, Goliath, and Data Privacy Part II: Max Schrems
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
[Webinar] You Are Here: First Steps in Data Mapping
Fintech Focus Podcast | What Does AI Safety Mean For Fintechs?
The FTC's Health Privacy Enforcement Actions
The FTC and DOJ Act Against Amazon to Protect Privacy
Law Brief®: Rich Schoenstein and Annmarie Giblin Discuss Cyber Law
Biometric Litigation
Podcast - The FTC Agenda & Data Privacy
Webinar Recording – The Colorado Privacy Act and Draft Rules
2022 DSIR Report Deeper Dive: Personal Data Deletion
Congress Tries to Wrangle Cyber and Crypto Industries
Who are the decision makers at INTERPOL's CCF?
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
Oklahoma: Changing Data Privacy as We Know It?
Privacy Talk | The New Swiss Data Protection Act
Update on Global Data Privacy Regulations by John Jackson
Actions in the last six months of the Brazilian National Data Protection Authority (“ANPD”) suggest that it intends to aggressively enforce the Brazilian Data Protection Law (“LGPD”). The LGPD applies to any entity that...more
I was hanging out with my friend this weekend, both catching up on emails from a coffee shop. After a while, he turned to me. “Well sh*t. Looks like my social security number might be on the dark web.”...more
Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
HealthEquity, an administrator of workplace benefits for more than 15 million people, is notifying 4.3 million individuals, starting on August 9, 2024, that their personal information was compromised. The compromised data...more
Pennsylvania’s Governor recently approved amendments to the Commonwealth’s data breach notification law, which represent a significant overhaul to the law. As detailed below, the amended law makes a number of material...more
Each of the 50 states has its own definition of what constitutes a reportable data breach. For some, it requires “unauthorized access” to personal information. For others, it requires “unauthorized acquisition.” And then,...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
Introduction - In recent years, Ohio has made unique and nationally-mirrored efforts toward advancing a goal of protecting the personal data of its residents. In addition to joining other U.S. states in 2005 by requiring...more
Introduction - Illinois has enacted laws addressing rights and obligations related to data privacy. Companies and organizations that handle, collect, disseminate, or otherwise deal in nonpublic information have a number of...more
Introduction - The legal regime in India relating to data protection and privacy has undergone a significant re-haul and revamp. The Digital Data Protection Act, 2023 (“DPDPA”) received the President’s assent and was...more
Introduction - The Brazilian General Data Protection Law (“LGPD”), enacted in 2018 and enforced since 2020, serves as the cornerstone of the country's data protection framework. Its primary objective is to ensure the...more
Convergent Outsourcing Inc., a debt-collection agency, settled a data breach class action in the U.S. District Court for the Western District of Washington for $2.45 million. The class action suit against Convergent alleged...more
Editor’s Note: In recent regulatory and enforcement developments, the White House announced a new executive order aimed at strengthening cybersecurity at U.S. ports, and another executive order was issued to protect sensitive...more
Introduction This briefing is part of a Walkers series on the Data Protection (Bailiwick of Guernsey) Law, 2017 (the "DPL"), and provides an overview on personal data breaches. It describes some key points which...more
The Brazilian Data Protection Authority (Autoridade Nacional de Proteção de Dados, “ANPD”), applied its first two sanctions of 2024 against two Brazilian governmental institutions. It is worth noting that, as both are public...more
As we discussed in part three of this series, “Navigating the Complexities of Regulatory Data Incident Investigations,” when an organization is the subject of regulatory data incident investigations, it must navigate a...more
The American Hospital Association (AHA) has warned that information technology (IT) help desks are being targeted in a social engineering scheme that uses the stolen identity of revenue cycle employees or employees in other...more
In the privacy world, confidential information relating to the nature, amount, or use of telecommunications services has always been subject to separate rules from other types of customer data. Prior to the advent of...more
It is indeed a tangled regulatory web woven to potentially trap an organization in the wake of a data incident. Navigating this web can involve significant resources, time, and stress. As we discussed in part two of this...more
CYBERSECURITY - New York Governor Proposes Cybersecurity Regulations for NY Hospitals - On November 13, 2023, Governor Kathy Hochul released proposed cybersecurity regulations applicable to all hospitals located within...more
Popular file transfer tool MOVEit’s recent data security vulnerability prompted many businesses to communicate, internally and externally, about the impact of the incident on its business. Originally published in Law360 -...more
CYBERSECURITY - Joint Commission Issues Alert on Patient Safety After a Cyber-Attack - On August 15, 2023, the Joint Commission issued a Sentinel Event Alert entitled “Preserving patient safety after a cyberattack,”...more
I recently had the chance to visit with Jonathan Armstrong on a recent data breach case that occurred in the health service provider NHS Lanarkshire (Scotland) during the COVID-19 pandemic. This breach serves as a stark...more
In the burgeoning realm of data incidents, it is a truism that such incidents are not created equal. Indeed, a data incident is not necessarily a data breach. Originally published in Reuters -August 24, 2023...more