Back in January, Colorado lawmakers on both sides of the aisle introduced a groundbreaking new bill requiring “reasonable security procedures and practices” for protecting personal identifying information, limiting the time frame to notify affected Colorado residents and the Attorney General of a data breach, and imposing data disposal rules, HB 1128. Now, Colorado Governor John … Continue Reading
Last month, South Dakota and Alabama became the final two states to enact a data breach notification law. In addition, many other states, in response to trends, heightened public awareness, and a string of large-scale data breaches, have continued amending their existing laws. Arizona is the latest state to update its data breach notification law to … Continue Reading
The Federal Trade Commission (FTC) recently announced that it will launch a national education campaign to aid the small business sector in strengthening its cybersecurity and protecting its sensitive and personal data. The national education campaign builds on the FTC’s 2017 Small Business Initiative which included the creation of a new website: FTC.gov/SmallBusiness aimed at … Continue Reading
Co-Author: Thomas Buchan As reported in our blog post from November 6, 2017, the New York State Attorney General announced the release of the proposed Shield Act in early November, 2017. This new legislation (we have some links for you below) would make significant changes to New York’s cybersecurity provisions (primarily under General Business Law … Continue Reading
On March 28th, Alabama Governor Kay Ivey (R) signed into law the Alabama Data Breach Notification Act, Act No. 2018-396, making Alabama the final state to enact a data breach notification law. South Dakota Governor Dennis Daugaard signed into a law a similar statute one-week prior. The Alabama law will take effect June 1, 2018. Being … Continue Reading
The deadline to comply with the GDPR’s complex and far ranging requirements is rapidly approaching. As your organization races to implement its compliance program before the May 25, 2018 effective date, questions and concerns are likely to arise. While there is no shortage of online guidance on the GDPR, finding answers to your specific questions … Continue Reading
Last week, the New York State Department of Financial Services (“DFS”) issued a press release to remind covered entities of an upcoming deadline under the DFS cybersecurity regulations. The next deadline under the regulations is February 15, 2018 – by that date, any covered entities (hopefully, you know who you are) must submit a statement … Continue Reading
U.S. Customs searches have become increasingly invasive over the years. Pursuant to Department of Homeland Security (DHS) policy, U.S. Customs and Border Protection (CBP) operates under the “broad search exception”, which allows searches and seizures at international borders or an equivalent (e.g. international airports) without probable cause or a warrant. CBP’s searches are deemed “reasonable” … Continue Reading
This Sunday, January 28, is Data Privacy Day, which Congress recognized on Jan. 27, 2014, when it adopted S. Res. 337, supporting the designation. As noted by the National Cyber Security Alliance, Data Privacy Day began in the United States and Canada in January 2008, an extension of the Data Protection Day celebration in Europe. Don’t … Continue Reading
Only two states in the United States lack data breach notification statutes, but that may change in 2018. If legislation pending in South Dakota passes, Alabama would be the only state without a data breach notification law. South Dakota Senate Bill No. 62 would create a breach notification requirement for any person or business conducting … Continue Reading
The United Kingdom High Court recently issued a landmark liability judgment against the supermarket, Morrisons, following a data breach caused by a rogue employee (Various Claimants v. WM Morrisons Supermarket [2017] EWHC3113 (QB]). Similar results have been reached in the U.S., but this is the first time the UK Court has addressed the issue of whether … Continue Reading
Physician practices and other health care providers respond to numerous requests for confidential patient information from patients and others. Mistakes made by employees fulfilling such requests for medical records or making similar disclosures can expose the practice to civil litigation. A recent decision by the Connecticut Supreme Court (Byrne v. Avery Center for Obstetrics and … Continue Reading
Citing to estimates in 2017 “more than 5.3 million North Carolinians were … affected by a data breach,” Attorney General Josh Stein and Rep. Jason Saine announced on January 8 proposed legislation aimed at protecting state residents from becoming victims of identity theft. To do so, the “Act to Strengthen Identity Theft Protections” (see fact … Continue Reading
With the continuing parade of high profile data security breaches, the concern U.S. organizations have about the security of their systems and data has been steadily growing. And rightly so. Almost every organization processes (collects, uses, stores, or transmits) individually identifiable data. Much of this data is personal data, including employee data, which brings heightened … Continue Reading
If you’ve been following the headlines, you know that a day doesn’t pass without a reference to the “GDPR”. On May 25, 2018, the European Union (EU) General Data Protection Regulation (GDPR) will take effect, marking the most significant change to European data privacy and security in over 20 years. Most multinational companies, and of … Continue Reading
Primarily motivated by several recent massive data breaches, Senate Democrats recently introduced a bill geared toward protecting Americans’ personal information against cyber attacks and to ensure timely notification and protection when data is breached. The Consumer Privacy Protection Act of 2017 provides that companies that collect and hold data on at least 10,000 Americans would … Continue Reading
A recent report indicates that nearly 500,000 individual health records were breached in September 2017. This figure is taken from the 39 healthcare data breaches involving more than 500 records that were reported to the Department of Health and Human Services’ Office for Civil Rights in September 2017. Healthcare providers suffered the most breaches with … Continue Reading
The flood of massive data breaches – including, most recently, the Equifax breach that compromised the personal data of around 145 million U.S. consumers – has increased the pressure on Congress to pass sweeping federal data security and breach reporting legislation. While it’s difficult to project whether such legislation will be enacted in the near … Continue Reading
A coalition of the Information Technology Industry Council, the Semiconductor Industry Association, the U.S. Chamber of Commerce Technology Engagement Center, Intel, and Samsung, recently released a report that puts out a call for the creation and implementation of a national strategy to invest, innovate and accelerate development and deployment of the Internet of Things (“IoT”). … Continue Reading
We are proud to once again announce that the Workplace Privacy Report has been nominated for The Expert Institute’s Best Legal Blog Competition. From a field of thousands of nominees, the Workplace Privacy Report has received enough nominations to join one of the largest competitions for legal blog writing online today. If you enjoy the Workplace … Continue Reading
New York State Governor Andrew Cuomo and the New York State Department of Financial Services (“DFS”) have been busy on the cybersecurity front. In a press release on September 18, 2017, building upon the state’s pride in its “first-in-the-nation” cybersecurity regulations that were passed earlier this year, (which we previously discussed on our blog and … Continue Reading
Laptop-maker Lenovo (United States), Inc. agreed to a no-fault settlement with the Federal Trade Commission and 32 states over allegations that it installed ad software that compromised customers’ web security and invaded users’ privacy. As part of the Consent Order, Lenovo agreed that it would: Not misrepresent any feature of installed software related to consumer … Continue Reading
After hearing a lot lately about big companies suffering data breaches, it is important to remember that, according to inc.com, half of all cyberattacks target small to mid-sized businesses (SMBs). Based on a 2016 State of SMB Cybersecurity Report, CNBC reported that in the prior 12 months half of all SMBs in the U.S. had been hacked. … Continue Reading
The deadline to comply with the first set of requirements under the new DFS Cybersecurity Regulations (“the Regulations”) is here! By today, August 28, 2017, businesses subject to the Regulations must ensure that they: Designate a Chief Information Security Officer (“CISO”) Establish a Cybersecurity Program Develop a Written Cybersecurity Policy. We have prepared an article … Continue Reading
