Over the past several years, if your organization experienced a cyberattack, such as ransomware or a diversion of funds due to a business email compromise (BEC), and you had cyber insurance, you likely were very thankful. However, if you are renewing that policy (or in the cyber insurance market for the first time), you are
CCPA at the Two-Year Mark
The CCPA has reached the two-year mark. This is a good time for businesses to review the success of their compliance programs, recalibrate for the CCPA’s third year, and gear up for the CPRA’s January 1, 2023 effective date.
Here are a few suggestions:
- Privacy Policies. The CCPA requires a business to update the
Colorado Becomes Third State To Enact a Comprehensive Privacy Law
Colorado is officially the third U.S. state to enact comprehensive privacy legislation, following California and Virginia. The Colorado General Assembly passed the Colorado Privacy Act (CPA), Senate Bill 21-109, on June 8, 2021, and Governor Jared Polis signed it into law on July 7, 2021.
The Colorado Privacy Act takes effect July 1,
Don’t be Fooled by the CPRA Effective Date, Employers Have Current Obligations Under the CCPA
The passage of Prop 24, the California Privacy Rights Act of 2020 (“CPRA”), has caused a bit of confusion among businesses in California. The confusion stems from the fact that the CPRA has an effective date of January 1, 2023, amending the existing California Consumer Privacy Act (CCPA) when it takes effect, but also immediately
Data Protection and the Role of Vendor Management
The SolarWinds hack highlights the critical need for organizations of all sizes to include cyber supply chain risk management as part of their information security program. It is also a reminder that privacy and security risks to an organization’s data can come from various vectors, including third party vendors and services providers. By way of
CPRA Series: The CPRA and Risk Assessments
The California Privacy Protection Act (CPRA) amended the California Consumer Privacy Act (CCPA) and has an operative date of January 1, 2023. The CPRA introduces new compliance obligations including a requirement that businesses conduct risk assessments. While many U.S. companies currently conduct risk assessments for compliance with state “reasonable safeguards” statutes (e.g., Florida, Texas
Colorado Introduces a Comprehensive Consumer Privacy Bill
Colorado recently became the latest state to consider a comprehensive consumer privacy law. On March 19, 2021, Colorado State Senators Rodriguez and Lundeen introduced SB 21-190, entitled “an Act Concerning additional protection of data relating to personal privacy”. Following California’s bold example of the California Consumer Privacy Act (“CCPA”) effective since January 2020, Virginia
New York Considering Dramatic Expansion of Consumer Privacy Rights
In 2018, the California Consumer Privacy Act (“CCPA”), which provides for an expansive array of privacy rights and obligations, was enacted. At the time, it was reasonable to wonder whether California’s bold example would catalyze similar activity in other states. It’s clear now that it has. Virginia recently passed its own robust privacy law,
AG Becerra Announces Approval of Additional CCPA Regulations
Here we go again! On March 15th, 2021, the California Department of Justice (“Department”) announced approval of modifications to the California Consumer Privacy Act’s (CCPA) regulations, originally introduced in December of 2020. The new regulations mainly modify provisions related to a consumer’s right to opt out of sale of their personal information, with
Virginia Becomes 2nd State to Enact a Comprehensive Consumer Privacy Law
On Tuesday, March 2nd, Virginia Governor Ralph Northam signed into law the Consumer Data Protection Act (CDPA), officially joining California as the second state with a comprehensive consumer privacy law, intended to enhance privacy rights and consumer protection for state residents. We provide an in-depth analysis of the CDPA here, along with