Leaders charged with safeguarding data privacy and cybersecurity often assume that size equates to security—that large, well-resourced organizations must have airtight defenses against cyberattacks and data breaches. It’s a natural assumption: mature enterprises tend to have robust policies, advanced technology, and deep security teams. Yet, as recent events remind us, even the biggest organizations can
CCPA Compliance Reminder: Annual Update Requirement for Online Privacy Policies
For businesses subject to the California Consumer Privacy Act (CCPA), a compliance step often overlooked is the requirement to annually update the businesses online privacy policy. Under Cal. Civ. Code § 1798.130(a)(5), CCPA-covered businesses must among other things update their online privacy policies at least once every 12 months. Note that CCPA regulations establish
DOL Expands Fiduciary Obligations for Cybersecurity to Health and Welfare Plans
A little more than three years ago, the U.S. Department of Labor (DOL) posted cybersecurity guidance on its website for ERISA plan fiduciaries. That guidance extended only to ERISA-covered retirement plans, despite health and welfare plans facing similar risks to participant data.
Last Friday, the DOL’s Employee Benefits Security Administration (EBSA) issued Compliance Assistance Release
Should Companies Terminate Third Party Vendors That Cause a Data Breach?
According to reports, bank customers in Australia (yes, data breach notification requirements exist down under) have been affected by “an industry-wide” data breach experienced by a third-party service provider to the banks – property valuation firm, LandMark White. As expected, the banks are investigating and in some cases notifying customers about the incident. However,
Third Party Vendors Equal Data Breach Risk, Massachusetts Vendor Contract Deadline Approaches – March 1, 2012
Massachusetts service provider contract deadline – March 1, 2012 – should be a reminder to revisit all contracts with third party vendors to ensure they require the vendor to safeguard personal information.
Continue Reading Third Party Vendors Equal Data Breach Risk, Massachusetts Vendor Contract Deadline Approaches – March 1, 2012
The Final, Final Massachusetts Data Security Regulations and a Checklist for Compliance
The Massachusetts Office of Consumer Affairs and Business Regulations (OCABR) announced on November 4, 2009, the filing of final regulations (pdf) with the Secretary of State’s office, the final step before the regulations take effect March 1, 2010.
The final regulations differ slightly from the version of the regulations issued in August 2009, which made significant