The Texas Legislature, which meets every other year, pushed a change to its data breach notification law at the end of the session in late May, and yesterday Governor Greg Abbott signed the bill into law. It follows a growing trend of changes to privacy and cybersecurity laws at the state level. Texas House Bill … Continue Reading
UPDATE: On June 16, Gov. Ned Lamont signed HB 5310 into law which becomes effective October 1, 2021. State legislatures across the nation are prioritizing privacy and security matters, and Connecticut is no exception. This week, Connecticut Attorney General William Tong announced the passage of An Act Concerning Data Privacy Breaches, a measure that will … Continue Reading
In late May, New York Attorney General Letitia James announced a $200,000 settlement agreement with Filters Fast, an online water filtration retailer, stemming from a 2019 data breach compromising the personal information of over 300,000 consumers across the U.S., including nearly 17,000 in New York state. The settlement also requires the online retailer to strengthen … Continue Reading
In a recent post, we highlighted the need for a privacy and cybersecurity training program, one not solely focused on spotting phishing attempts (although that is quite important as well). A primary reason, quite simply, is that employees continue to be a leading cause of data breaches. This fact was reaffirmed for the Wyoming Department … Continue Reading
In mid-March, Utah Governor Spencer Cox signed into law the Cybersecurity Affirmative Defense Act (HB80) (“the Act”), an amendment to Utah’s data breach notification law, creating several affirmative defenses for persons (defined below) facing a cause of action arising out of a breach of system security, and establishing the requirements for asserting such a defense. … Continue Reading
The 11th Circuit recently weighed in on the hottest issue in data breach litigation, whether a demonstration of actual harm is required to have standing to sue. Joining several other circuit courts, the 11th Circuit in Tsao v. Captiva MVP Rest. Partners, concluded that the plaintiff had failed to allege either that the data breach … Continue Reading
The California Privacy Rights Act (CPRA), passed in November, 2020, added to the California Consumer Privacy Act (CCPA) an express obligation for covered businesses to adopt reasonable security safeguards to protect personal information. The CPRA also clarified the CCPA’s private right of action for consumers whose personal information is breached due to a failure to implement … Continue Reading
In honor of Data Privacy Day, we provide the following “Top 10 for 2021.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2021. COVID-19 privacy and security considerations. During 2020, COVID-19 presented organizations large and small with new and unique data privacy and security … Continue Reading
One of the last things pension plan participants would want to learn as they get ready to celebrate the Christmas holiday is that personal data from their pension accounts may have been compromised. This is the case, unfortunately, for approximately 30,000 Now:Pensions customers whose names, postal and email addresses, birth dates and the equivalent of … Continue Reading
A proposal by Indiana’s Attorney General Curtis Hill on Wednesday would add a significant step in the incident response process for responding to breaches of security affecting Indiana residents. On Wednesday, during a U.S. Chamber of Commerce virtual event, he announced his proposed rule designed to better protect Hoosiers from cyberattacks. It is expected that … Continue Reading
Privacy and security continue to be at the forefront for legislatures across the nation, despite (or perhaps because of) the COVID-19 pandemic. In late May, with back-to-back amendments, Washington D.C. and Vermont significantly overhauled their data breach notification laws, including expansion of the definition of personal information, and heightened notice requirements. Now, Michigan may follow … Continue Reading
Roger Severino, Director of the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), provides advice for HIPAA covered health care providers: When informed of potential HIPAA violations, providers owe it to their patients to quickly address problem areas to safeguard individuals’ health information According to OCR allegations, a … Continue Reading
With the California Consumer Privacy Act (CCPA) now in effect (January 1, 2020) and enforceable by California’s Attorney General (“AG”) (July 1, 2020), the AG has published Frequently Asked Questions (FAQs). Designed to aid consumers in exercising their rights under the CCPA, the FAQs also contain helpful reminders for businesses and service providers regarding their obligations … Continue Reading
Most companies continue to grapple with compliance with the California Consumer Privacy Act (“CCPA”), which went into effect in January. Companies have overhauled their privacy programs and policies and designed new systems to comply with the CCPA. Now, the privacy-right activist group that sponsored the CCPA – Californians for Consumer Privacy – is pushing for … Continue Reading
As the COVID-19 pandemic presses on, privacy and security matters continue to be at the forefront for federal and state legislature. We recently reported that Washington D.C. updated its data breach notification law. Now, the Vermont legislature also amended its data breach notification law, with significant overhauls including expansion of its definition of personal information, … Continue Reading
In the midst of COVID-19 challenges, privacy and security matters continue to be at the forefront for federal and state legislature. In late March, the Washington D.C. (“D.C.”) legislature amended its data breach notification law, with significant overhauls including expansion of its definition of personal information, updates to notification requirements and new credit monitoring obligations. … Continue Reading
In the US, many organizations anxiously awaiting assistance under the CARES Act are becoming the targets of cyberattackers looking to feed off of the massive relief being provided by the US treasury. Yesterday, the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre … Continue Reading
Earlier this month, California Attorney General (“AG”) Xavier Becerra sent a letter to several members of U.S. Congress, providing an update on the implementation of the newly effective California Consumer Privacy Act (CCPA), and urging Congress not to enact a federal law that would preempt the CCPA and other state consumer privacy measures. Instead, AG … Continue Reading
Over the past few months, businesses across the country have been focused on the California Consumer Privacy Act (CCPA) which dramatically expands privacy rights for California residents and provides a strong incentive for businesses to implement reasonable safeguards to protect personal information. That focus is turning back east as the Stop Hacks and Improve Electronic … Continue Reading
As announcements relaying the spread of Coronavirus (COVID-19) continue daily, governmental agencies at all levels are offering information and guidance, and businesses are scrambling to prepare and protect their employees and customers. As part of a larger group in my firm helping to synthesize all this information, there is an aspect of responding to COVID-19 … Continue Reading
As reported by Bloomberg Law, data breach class action litigation has begun under the California Consumer Privacy Act (CCPA). Filed in the Northern District of California, San Francisco Division, a putative class action lawsuit against Hanna Andersson, LLC and its ecommerce platform provider, Salesforce.com, alleges negligence and a failure to maintain reasonable safeguards, among other … Continue Reading
In response to trends, heightened public awareness, and a string of large-scale data breaches, states continue to enhance their data breach notification laws. Illinois Governor J.B. Pritzker recently signed into law an amendment to the Personal Information Protection Act (PIPA), SB 1624, effective January 1, 2020. PIPA will now require that most “data collectors,” which includes … Continue Reading
The Georgia Supreme Court may weigh in on the hot issue plaguing data breach class action litigation across the nation, must a data breach victim suffer actual financial loss to recover damages, or is the threat of future harm enough? On August 20, the Georgia Supreme Court heard arguments in a class action suit stemming … Continue Reading
A new school year is upon us and some students are already back at school. Upon their return, many students may experience new technologies and equipment rolled out by their schools districts, such as online education resources, district-provided equipment, etc. to enhance the education they provide and improve district administration. However, a recent report, “The State … Continue Reading
