As Cybersecurity Awareness Month wraps up, it’s worth mentioning that employee security awareness training is an ongoing process. Employee error remains a significant contributing factor in data breaches. According to  the 2022 Verizon Data Breach Report, “74% of all breaches include the human element… error, privilege misuse, use of stolen credentials or social engineering.”

With advances in technology and business marketing come changes in the law and new litigation. Many businesses are familiar with the federal Telephone Consumer Protection Act (TCPA) but may be less familiar with Florida’s version, the Florida Telephone Solicitation Act (FTSA). A recent wave of class-action lawsuits stems from a 2021 amendments to the FTSA

California passed Assembly Bill (AB) 2089, which amends the Confidentiality of Medical Information Act (CMIA) to include mental health application information under the definition of medical information. Under the revisions to CMIA, mental health application information is defined as information related to a consumer’s inferred or diagnosed mental health or substance use disorder, as

Earlier this month, New York Governor Kathy Hochul signed into a law a bill that will require New York private sector employers to provide written notice to employees before engaging in electronic monitoring of their activities in the workplace.  Civil Rights (CVR) Chapter 6, Article 5, Section 52-C*2 will take effect six months after enactment,

Here we go again! On March 15th, 2021, the California Department of Justice (“Department”) announced approval of modifications to the California Consumer Privacy Act’s (CCPA) regulations, originally introduced in December of 2020.  The new regulations mainly modify provisions related to a consumer’s right to opt out of sale of their personal information, with

Recently, the National Labor Relations Board (NLRB), in a split decision 2-1, approved a California-based ambulance company’s implementation of a social media policy that prohibited employees from “inappropriate communications” related to the company.  The NLRB’s ruling reversed a decision by an administrative law judge, back in October 2019, that concluded that the company’s social media

In the final days of 2020, the Office for Civil Rights (OCR) at the U.S. Health and Human Service (HHS) released a HIPAA Audits Industry Report (“the Report”), that could be quite helpful to covered entities and business associates for tackling HIPAA compliance as we enter the new year.  The Report examines OCR’s findings from

Assessing the privacy and cybersecurity practices of third-party service providers is critical not only for employee personal information, but also for confidential and personal information pertaining to an organization’s business and its clients, customers, patients, students, etc. The Federal Trade Commission (FTC) announced a settlement on December 15 with a financial institution that it