Archives: Data Security

Subscribe to Data Security RSS Feed

New York Could Become the Next Hotbed of Class Action Litigation Over Biometric Privacy

Dubbed the “Biometric Privacy Act,” New York Assembly Bill 27 (“BPA”) is virtually identical to the Biometric Information Privacy Act in Illinois, 740 ILCS 14 et seq. (BIPA). Enacted in 2008, BIPA only recently triggered thousands of class actions in Illinois. If the BPA is enacted in New York, it likely will not take as … Continue Reading

IoT Devices to See New Security Guidelines in 2021

Setting up that new IoT device you received for Christmas? Maybe you’ve been derelict in feeding the dog and found a smart dog feeder under the tree, one that will alert you that Luna has been fed or that you have to refill the feeder. Smart gizmos are not just for the home, approximately 25% … Continue Reading

Personal Data from Thousands of Pension Plan Accounts Breached…Third-Party Service Provider Blamed

One of the last things pension plan participants would want to learn as they get ready to celebrate the Christmas holiday is that personal data from their pension accounts may have been compromised. This is the case, unfortunately, for approximately 30,000 Now:Pensions customers whose names, postal and email addresses, birth dates and the equivalent of … Continue Reading

Phishing Attack Messaging Targets COVID-19 Vaccine

In April of this year, which seems far longer than eight months ago, we posted about an alert from federal agencies warning that cyber threat actors were exploiting the coronavirus pandemic to fuel phishing and other attacks. Those efforts have continued throughout the year with attackers now retooling their messaging around the COVID-19 vaccine. Criminal … Continue Reading

California DOJ Issues Fourth Set of Modifications to the CCPA Regulations

On December 10, 2020, the California Department of Justice (“Department”) announced a fourth set of modifications to the California Consumer Privacy Act’s (CCPA) regulations.  The deadline to submit comments to the modifications is Monday, December 28, 2020. As a quick recap of past developments related to the CCPA regulations, the Department first published proposed regulations … Continue Reading

As Voice Recognition Technology Market Surges, Organizations Face Privacy and Cybersecurity Concerns

A new report released by Global Market Insights, Inc. last month estimates that the global market valuation for voice recognition technology will reach approximately $7 billion by 2026, in main part due to the surge of AI and machine learning across a wide array of devices including smartphones, healthcare apps, banking apps and connected cars, … Continue Reading

CPRA Series: New, Expanded and Modified Consumer Rights

On November 3, 2020, Californians approved another significant piece of privacy rights legislation, the California Privacy Rights Act, or the CPRA.  The CPRA amends and expands the already (almost) infamous CCPA (California Consumer Privacy Act), which is the privacy law that went into effect in the Golden State last year. New Rights under CPRA The … Continue Reading

CPRA Series: Impacts On Notice At Collection And Privacy Policy

Already at the cutting edge of U.S. privacy law, California jumped even further ahead of the pack with the recent approval by State voters of the California Privacy Rights Act (“CPRA”).  The CPRA, which builds upon the already extensive framework of privacy rights and obligations established in the California Consumer Privacy Act (“CCPA”), is likely … Continue Reading

CPRA Series: Extension of CCPA’s Anti-Discrimination/Retaliation Provision to Employees, Applicants, and Independent Contractors

During the California Consumer Privacy Act’s (“CCPA”) amendment process prior to enactment, personal information in the employment context was highly contested and has continued to be a point of deliberation even after the CCPA’s effective date last January 1, 2020.  CCPA excludes certain employment-related personal information from most of the act’s requirements until January 1, … Continue Reading

California Passes Prop 24: Here Comes CCPA 2.0

It goes without saying that November 3rd 2020 was an important day for the future of the nation, but it was also a significant day for the future of California privacy law.  On Tuesday, a strong majority of California voters supported Proposition 24, a ballot measure which aims to expand and enhance the California Consumer … Continue Reading

Federal Agencies Issue Joint Alert on Imminent Cybercrime Threat to Healthcare Providers

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have issued a joint cybersecurity advisory stating they have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. The advisory describes the tactics, techniques, and procedures … Continue Reading

Hacked Healthcare Provider Refuses to Pay Ransom, Attackers Target Psychotherapy Patients

Earlier this year, we reported on an evolution in the form of cyberattack known as ransomware –attackers transitioning from denying affected users access to critical data by encrypting it to removing data from the compromised systems and threatening public release in exchange for payment. These attacks typically target the companies maintaining the data. However, attackers … Continue Reading

California DOJ Announces a Third Set of Modifications to the CCPA Regulations

Back in August, after much anticipation and several rounds of review and modification, the California Consumer Privacy Act (CCPA) regulations finally became effective. This was long awaited by businesses and their service providers looking for compliance guidance and clarity on key issues related to facilitation of consumer rights.  This week, the California Department of Justice … Continue Reading

New York and New Jersey Release COVID-19 Exposure Apps

New York and New Jersey release “COVID Alert NY” and “COVID Alert NJ,” apps designed to alert their users when they have been exposed to someone who tested positive for COVID-19. These apps follow those released in Pennsylvania and Delaware and are soon to be joined by Connecticut. The states hope to enhance their contact … Continue Reading

The CCPA’s “B2B” Exemption Is Also Extended by Governor Newsom

By signing AB 1281 into law on September 29th, 2020, California Governor Gavin Newsom amended the California Consumer Privacy Act (“CCPA”) to extend until January 1, 2022, not only the current exemption on employee personal information from most of the CCPA’s protections, but also the so-called “B2B” exemption. Welcomed by many “B2B” (business to business) … Continue Reading

House Passes Internet of Things Cybersecurity Improvement Act

The House of Representatives recently passed the Internet of Things (IoT) Cybersecurity Improvement Act of 2020 (the Act).  The Act has been moved to the Senate for consideration. The legislation sets minimum security standards for all IoT devices purchased by government agencies. IoT refers to the myriad of physical devices that are connected to the … Continue Reading

DHS IG Report Raises Questions About Department’s and its Subcontractors’ Ability to Protect Biometric Information Following Breach

Earlier this month, our Immigration Group colleagues reported the Department of Homeland Security (DHS) would release a new regulation to expand the collection of biometric data in the enforcement and administration of immigration laws. However, as reported by Roll Call, a DHS Inspector General report raised significant concerns about whether Department is able to adequately … Continue Reading

Indiana AG Proposed Regulations Creating Corrective Action Plan Requirement and Cybersecurity Safe Harbor

A proposal by Indiana’s Attorney General Curtis Hill on Wednesday would add a significant step in the incident response process for responding to breaches of security affecting Indiana residents. On Wednesday, during a U.S. Chamber of Commerce virtual event, he announced his proposed rule designed to better protect Hoosiers from cyberattacks. It is expected that … Continue Reading

Massachusetts Attorney General Creates Data Privacy and Security Division

The Massachusetts Office of the Attorney General has created a new Data Privacy and Security Division. This Division is charged with protecting consumers from the threats to the privacy and security of their data. The Attorney General, Maura Healey, announced “The Data Privacy and Security Division will build on our office’s commitment to empowering Massachusetts … Continue Reading

Michigan Considers Enhanced Data Breach Notification Law

Privacy and security continue to be at the forefront for legislatures across the nation, despite (or perhaps because of) the COVID-19 pandemic.  In late May, with back-to-back amendments, Washington D.C. and Vermont significantly overhauled their data breach notification laws, including expansion of the definition of personal information, and heightened notice requirements.  Now, Michigan may follow … Continue Reading

HIPAA Covered Entities and Business Associates Need an IT Asset Inventory List, OCR Recommends

Last week, in its Cybersecurity Summer Newsletter, the Office of Civil Rights (OCR) published best practices for creating an IT asset inventory list to assist healthcare providers and business associates in understanding where electronic protected health information (ePHI) is located within their organization, and improve HIPAA Security Rule compliance.  OCR investigations often find that organizations … Continue Reading

NSA Releases Helpful Guidance for Limiting Location Data Exposure

The National Security Agency (NSA) recently released helpful guidance on how to effectively limit location data exposure for its staffers, which also can be helpful information for the general public. Businesses likely will have different perspectives about location data than the NSA, which is trying to protect its staffers and its vital national security missions. … Continue Reading

National Biometric Information Privacy Act, Proposed by Sens. Jeff Merkley and Bernie Sanders

Whether it is facial recognition technology being used in connection with COVID-19 screening tools and in law enforcement, continued use of fingerprint-based time management systems, or the use of various biometric identifiers for physical security and access management, applications involving biometric identifiers and information in the public and private sectors continue to grow. Concerns about … Continue Reading

Will the Public Health Emergency Privacy Act Make it into the Next Stimulus Package?

Despite several attempts, Congress has struggled to push forward a federal consumer privacy law over the past few years. But the COVID-19 pandemic, which has raised concerns regarding location monitoring, GPS tracking and use of health data, has heightened the urgency for federal consumer privacy legislation. In May, a group of Democrats from the U.S. … Continue Reading
LexBlog