Virginia may be the first state to follow California’s lead on consumer privacy legislation, but it certainly will not be the last. The International Association of Privacy Professionals (IAPP) observed, “State-Level momentum for comprehensive privacy bills is at an all-time high.” The IAPP maintains a map of state consumer privacy legislative activity, with in-depth analysis comparing key provisions. … Continue Reading
The California Privacy Rights Act (CPRA), passed in November, 2020, added to the California Consumer Privacy Act (CCPA) an express obligation for covered businesses to adopt reasonable security safeguards to protect personal information. The CPRA also clarified the CCPA’s private right of action for consumers whose personal information is breached due to a failure to implement … Continue Reading
For the past several years, thousands of businesses have been hit with phishing scams during tax season. Through these social engineering scams, hackers obtain employee Forms W-2 for filing fraudulent tax returns seeking large refunds. These phishing emails are typically sent as clients begin the process of issuing W-2s to employees. Often employers do not … Continue Reading
In recent years, there has been an uptick of W-2 phishing scams, and their consequences for an employer extend well beyond leaked data, including potential employee class action litigation. Just last week, a federal court in Illinois rejected a motion for class certification in a data breach case alleging disclosure of employees’ sensitive tax information … Continue Reading
Federal contractors know all too well the list of annual requirements and obligations can seem overwhelming at times. One that may get overlooked by some is annual training requirements. A fairly new such training went into effect in 2017 – it requires certain federal contractors to do annual data privacy training. According to the U.S. … Continue Reading
In honor of Data Privacy Day, we provide the following “Top 10 for 2021.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2021. COVID-19 privacy and security considerations. During 2020, COVID-19 presented organizations large and small with new and unique data privacy and security … Continue Reading
On December 8th, the Association of Corporate Counsel (ACC), which represents over 45,000 in-house counsel across 85 countries, announced the launch of its Data Steward Program (DSP) to help organizations and their law firms assess and share information about information security relating to client data. The DSP is two years in the making, collecting input … Continue Reading
While its rollout has been slow, the vaccine is being administered across the U.S. and in other countries. As of January 15, 2021, nearly 36 million doses of a COVID-19 vaccine have been administered, just over 11 million in the U.S. For a variety of reasons, organizations want to know whether their workforce members (employees, … Continue Reading
Dubbed the “Biometric Privacy Act,” New York Assembly Bill 27 (“BPA”) is virtually identical to the Biometric Information Privacy Act in Illinois, 740 ILCS 14 et seq. (BIPA). Enacted in 2008, BIPA only recently triggered thousands of class actions in Illinois. If the BPA is enacted in New York, it likely will not take as … Continue Reading
In the final days of 2020, the Office for Civil Rights (OCR) at the U.S. Health and Human Service (HHS) released a HIPAA Audits Industry Report (“the Report”), that could be quite helpful to covered entities and business associates for tackling HIPAA compliance as we enter the new year. The Report examines OCR’s findings from … Continue Reading
One of the last things pension plan participants would want to learn as they get ready to celebrate the Christmas holiday is that personal data from their pension accounts may have been compromised. This is the case, unfortunately, for approximately 30,000 Now:Pensions customers whose names, postal and email addresses, birth dates and the equivalent of … Continue Reading
In April of this year, which seems far longer than eight months ago, we posted about an alert from federal agencies warning that cyber threat actors were exploiting the coronavirus pandemic to fuel phishing and other attacks. Those efforts have continued throughout the year with attackers now retooling their messaging around the COVID-19 vaccine. Criminal … Continue Reading
A new report released by Global Market Insights, Inc. last month estimates that the global market valuation for voice recognition technology will reach approximately $7 billion by 2026, in main part due to the surge of AI and machine learning across a wide array of devices including smartphones, healthcare apps, banking apps and connected cars, … Continue Reading
Earlier this year, we reported on an evolution in the form of cyberattack known as ransomware –attackers transitioning from denying affected users access to critical data by encrypting it to removing data from the compromised systems and threatening public release in exchange for payment. These attacks typically target the companies maintaining the data. However, attackers … Continue Reading
By signing AB 1281 into law on September 29th, 2020, California Governor Gavin Newsom amended the California Consumer Privacy Act (“CCPA”) to extend until January 1, 2022, not only the current exemption on employee personal information from most of the CCPA’s protections, but also the so-called “B2B” exemption. Welcomed by many “B2B” (business to business) … Continue Reading
A proposal by Indiana’s Attorney General Curtis Hill on Wednesday would add a significant step in the incident response process for responding to breaches of security affecting Indiana residents. On Wednesday, during a U.S. Chamber of Commerce virtual event, he announced his proposed rule designed to better protect Hoosiers from cyberattacks. It is expected that … Continue Reading
The Massachusetts Office of the Attorney General has created a new Data Privacy and Security Division. This Division is charged with protecting consumers from the threats to the privacy and security of their data. The Attorney General, Maura Healey, announced “The Data Privacy and Security Division will build on our office’s commitment to empowering Massachusetts … Continue Reading
Privacy and security continue to be at the forefront for legislatures across the nation, despite (or perhaps because of) the COVID-19 pandemic. In late May, with back-to-back amendments, Washington D.C. and Vermont significantly overhauled their data breach notification laws, including expansion of the definition of personal information, and heightened notice requirements. Now, Michigan may follow … Continue Reading
Roger Severino, Director of the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), provides advice for HIPAA covered health care providers: When informed of potential HIPAA violations, providers owe it to their patients to quickly address problem areas to safeguard individuals’ health information According to OCR allegations, a … Continue Reading
With the California Consumer Privacy Act (CCPA) now in effect (January 1, 2020) and enforceable by California’s Attorney General (“AG”) (July 1, 2020), the AG has published Frequently Asked Questions (FAQs). Designed to aid consumers in exercising their rights under the CCPA, the FAQs also contain helpful reminders for businesses and service providers regarding their obligations … Continue Reading
As many have learned over the last several years, ransomware is a type of malware that denies affected users access to critical data by encrypting it. Attackers profit handsomely by requiring victims to pay substantial sums, typically tendered in a cryptocurrency such as Bitcoin. A look at some of the numbers over the past two … Continue Reading
As the COVID-19 pandemic presses on, privacy and security matters continue to be at the forefront for federal and state legislature. We recently reported that Washington D.C. updated its data breach notification law. Now, the Vermont legislature also amended its data breach notification law, with significant overhauls including expansion of its definition of personal information, … Continue Reading
In the midst of COVID-19 challenges, privacy and security matters continue to be at the forefront for federal and state legislature. In late March, the Washington D.C. (“D.C.”) legislature amended its data breach notification law, with significant overhauls including expansion of its definition of personal information, updates to notification requirements and new credit monitoring obligations. … Continue Reading
As organizations work feverishly to return to business in many areas of the country, they are mobilizing to meet the myriad of challenges for providing safe environments for their workers, customers, students, patients, and visitors. Chief among these challenges are screening for COVID19 symptoms, observing social distancing, contact tracing, and wearing masks. Fortunately, innovators are … Continue Reading