The Baltimore City Council recently passed an ordinance, in a vote of 13-2, barring the use of facial recognition technology by city residents, businesses, and most of the city government (excluding the city police department) until December 2022. Council Bill 21-0001 prohibits persons from “obtaining, retaining, accessing, or using certain face surveillance technology or any
Musings of Retirement Plan Fiduciaries on Cybersecurity: Episode One
By now, plan fiduciaries and their service providers likely have heard about the DOL’s cybersecurity guidance. The Department of Labor’s stepping into cybersecurity in this way – a posting of best practices on the agency’s website – has left plan fiduciaries with some questions. Here are a few:
- “When is this effective?”
- “Does this
Texas Joins Other States with New Texas Data Breach Notification Requirement: Is This a New Trend?
The Texas Legislature, which meets every other year, pushed a change to its data breach notification law at the end of the session in late May, and yesterday Governor Greg Abbott signed the bill into law. It follows a growing trend of changes to privacy and cybersecurity laws at the state level.
Texas House Bill
Connecticut on its Way to an Enhanced Data Breach Notification Law
UPDATE: On June 16, Gov. Ned Lamont signed HB 5310 into law which becomes effective October 1, 2021.
State legislatures across the nation are prioritizing privacy and security matters, and Connecticut is no exception. This week, Connecticut Attorney General William Tong announced the passage of An Act Concerning Data Privacy Breaches, a measure that
Supreme Court Adopts Narrow Interpretation of Computer Fraud and Abuse Act
In a landmark decision, the U.S. Supreme Court has ruled that the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030 et seq., does not prohibit improper use of computer information to which an individual has authorized access. Rather, the law prohibits obtaining information from areas of a computer, such as files, folders,
NY Attorney General Announces Settlement After Website Data Breach
In late May, New York Attorney General Letitia James announced a $200,000 settlement agreement with Filters Fast, an online water filtration retailer, stemming from a 2019 data breach compromising the personal information of over 300,000 consumers across the U.S., including nearly 17,000 in New York state. The settlement also requires the online retailer to strengthen
Long-Term Care Facilities Must Educate, Offer, and Report on COVID-19 Vaccinations for Residents and Staff, According to CMS Interim Rule
On May 11, 2021, the Centers for Medicare & Medicaid Services (CMS) of the U.S. Department of Health & Human Services published an interim final rule/guidance to establish COVID-19 vaccination requirements for Long-Term Care (LTC) facilities. The requirements are applicable to both residents and staff. LTC facilities have already been managing COVID-19 vaccination requirements both
Is New York Next? A Comprehensive Consumer Privacy Bill Reintroduced
On May 13th, New York State Senator Kevin Thomas, Chair of NY’s Consumer Protection Committee, reintroduced the New York Privacy Act (“NYPA”), a comprehensive consumer privacy law similar in kind to the California Consumer Privacy Act (“CCPA”), California Privacy Rights Act (“CPRA”), and Virginia’s Consumer Data Protection Act (“CDPA”). The NYPA had been
Biden Administration Issues Cybersecurity Executive Order Following Colonial Pipeline Cyberattack
On May 12, 2021, the Biden Administration issued an Executive Order on “Improving the Nation’s Cybersecurity” (EO). The EO was in the works prior to the Colonial Pipeline cyberattack, reportedly a ransomware incident that snarled the flow of gas on the east coast for days. Ransomware attacks are nothing new, but they are increasing in
COVID-19 Vaccine Passport Programs: Privacy and Security Considerations
As access to COVID-19 vaccines becomes more prevalent, and we begin to conceptualize what a post-pandemic world might look like, many governments are assessing the idea of a COVID-19 vaccine passport framework. In late March, the European Commission announced its plan for a COVID-19 Digital Green Certificate framework (“the framework”) to facilitate “safe free movement