When Colorado enacted the Colorado Privacy Act (CPA), it included “biometric data that may be processed for the purpose of uniquely identifying an individual.” However, the CPA as originally drafted did not cover the personal data of individuals acting in a commercial or employment context. Last week, Colorado amended the CPA to broaden the protections

“Cybersecurity” has emerged as one of top risks facing organizations. Considering the steady stream of massive data breaches affecting millions (sometimes billions), the debilitating effects of ransomware on an organization’s information systems, the intrigue of international threat actors, and the mobilization and collaboration of national law enforcement to thwart these attacks, it’s no wonder. Notions

As organizations continue to take steps to prevent cyberattacks, a near-universal recommendation is that they should implement multi-factor authentication (MFA), and for good reason. Organizations subject to the updated FTC Safeguards Rule, for example, are required to implement MFA. The Cybersecurity & Infrastructure Security Agency (CISA) includes MFA as a best practice. And

The healthcare sector is a prime target for data breaches. According to a summary by the HIPAA Journal, 32% of all data breaches between 2015 and 2022 were in the healthcare sector, “almost double the number recorded in the financial and manufacturing sectors.” Industry analysts cite to many reasons for this, including the sensitivity

Happy Data Privacy Day from the Jackson Lewis Privacy, Data and Cybersecurity Team!

In Honor of National Privacy Day, we are focused on what is sure to be one of the hottest issues of 2019 and present our FAQs for employers on the California Consumer Privacy Act (CCPA).

As you know, data privacy and security

Earlier today, the Illinois Supreme Court handed down a significant decision concerning the ability of individuals to bring suit under the Illinois Biometric Information Privacy Act (BIPA). In short, individuals need not allege actual injury or adverse effect, beyond a violation of his/her rights under BIPA, in order to qualify as an “aggrieved” person and

On September 23, 2018, Governor Jerry Brown signed into law SB-1121 amending certain provisions of the California Consumer Privacy Act of 2018 (CCPA) which was enacted in June of this year. As we reported previously, CCPA will apply to any entity that does business in the State of California and satisfies one or more

On April 17th, the National Institute of Standards and Technology (“NIST”), a component of the U.S. Commerce Department, released Version 1.1 of the Framework for Improving Critical Infrastructure Cybersecurity (“Cybersecurity Framework Version 1.1”), which incorporates feedback from NIST-led workshops, public comments, and questions received by NIST team members over the last two

The United State Supreme Court recently denied certiorari in Nosal v. United States, 16-1344, declining to weigh in on the scope of unauthorized access under the Computer Fraud and Abuse Act (“CFAA”). The Ninth Circuit held in Nosal that David Nosal violated the CFAA by using his past assistant’s password to access his former