US

Subscribe to US RSS Feed

Washington and Oklahoma Privacy Bills Have Officially Died; Florida’s Privacy Bill is Significantly Amended

As the trend of state laws granting more privacy and greater control over personal information continues in the US, the fate of privacy bills in Washington State, Oklahoma and Florida serve as a reminder that as with any other issue, political compromise is still a necessity in order for legislation to progress. This is an … Continue Reading

DFS Enters Into $1.5 Million Consent Order With Residential Mortgage Company In Wake of Data Breach

Correction to the original article: First American Title Insurance Company is not associated or involved with the March 3, 2021 consent decree between Residential Mortgage and New York Department of Financial Services. In early March, the New York State Department of Financial Services (“DFS”) entered into a consent order requiring Residential Mortgage Company to pay … Continue Reading

Florida is the Latest State to Consider Comprehensive Data Privacy Legislation

The Florida state legislature is considering a sweeping data privacy bill introduced by Governor Ron DeSantis in February.  House Bill 969 is the latest state provision to follow in the footsteps of the California Consumer Privacy Act (“CCPA”), the California Privacy Rights Act and the Virginia Consumer Data Protection Act, in giving consumers greater control … Continue Reading

Consumers’ “Right to Delete” under US State Privacy Laws

Among the challenges presented by the increasing number of state privacy laws are identifying how consumer rights differ under each of the various laws and operationalizing a workflow for responding to rights requests that ensures compliance with each.  In this post, we will focus on consumers’ “right to delete” under the California Consumer Privacy Act … Continue Reading

Virginia Governor Signs Virginia Consumer Data Protection Act

As expected, today Virginia Governor Ralph Northam signed the Virginia Consumer Data Protection Act (the “Act”) into law, though the Act will not go into effect until January 1, 2023.  As a result, Virginia becomes the second state in the United States to enact a data privacy law that purports to regulate the collection, use, … Continue Reading

Virginia Set to Become Second State to Enact Holistic Data Privacy Law

This article originally published on February 23, 2021, by the American Bar Association, and is republished here with permission. For more information visit www.americanbar.org.    The article expands on our original report on the Virginia Consumer Data Protection Act published on February 2, 2021. In the coming days, Governor Ralph Northam is expected to sign … Continue Reading

Off to the Races: Over 50 Privacy Bills Introduced in the State of New York

The on-going state competition to enact comprehensive privacy legislation, triggered by the enactment of the 2018 California Consumer Privacy Act, is heating up in 2021. We recently wrote a post on the recent Virginia developments, but the Commonwealth of Virginia is not alone. New York was closely watched in privacy circles last year, as approximately … Continue Reading

The Biden Presidency: What’s in Store for Data Privacy and Data Privacy Litigation

The United States is in the process of completing its 59th presidential election and electing its 46th president.  A change in administrations is inevitably accompanied by a change in executive priorities.  Assuming that Vice President Biden is sworn in as President on January 20, 2021, the area of data privacy will likely be of particular … Continue Reading

CFPB to Hold First Tech Sprint

The Consumer Financial Protection Bureau (the “CFPB”) recently announced that it will hold its first Tech Sprint to reduce regulatory burden and improve consumer understanding of financial services.  The CFPB describes its Tech Sprints as a model that:… Continue Reading

NIST Releases Zero Trust Architecture

The U.S National Institute of Standards and Technology (“NIST”) recently published its “Zero Trust Architecture,” which outlines a road map for cybersecurity measures across an organization.  NIST explained that the security concept was created with the purpose of “mov[ing] defenses from static, network-based perimeters to focus on users, assets, and resources.”  “Zero trust” is a … Continue Reading

Key Takeaways from the FTC’s PrivacyCon

What even might actually manage to have more geeks than Comic-Con? PrivacyCon! Ok, probably not, but on July 21, 2020 the FTC hosted their fifth annual PrivacyCon event, and for the first time it was entirely online. This event is designed to provide researched information on various important privacy topics. The FTC curates the event … Continue Reading

NYDFS Files Formal Charges Against Insurance Company for Violations of New York’s Cybersecurity Regulation

As predicted in our February 4, 2020 blog post, the New York Department of Financial Services (“DFS”) has filed its first formal charges for violation of the state’s cybersecurity regulation. The charges were filed against an insurance company for allegedly violating several provisions of Part 500 of Title 23 of the New York Codes, Rules, … Continue Reading

NYDFS Cybersecurity Certification Deadline Extended to June 1, 2020

The impact of the COVID-19 outbreak continues to expand, as the New York Department of Financial Services (“NYDFS”) has extended the deadlines for Certification of Compliance for the Cybersecurity Regulation (23 NYCRR Part 500).  A statement on NYDFS’ website explicitly notes that this change is solely a result of “the outbreak of COVID-19.”  Accordingly, all … Continue Reading

Senate to Introduce “COVID-19 Consumer Data Protection Act”

On April 30, 2020, four Republican Senators[1],including the Chairman of the U.S. Senate Committee on Commerce, Science & Transportation, announced that they intend to introduce federal privacy legislation to regulate the collection and use of personal information in connection with the Coronavirus pandemic.  According to the Senators’ press release, the COVID-19 Consumer Data Protection Act (the … Continue Reading

Business in the time of COVID-19: US Cybersecurity and Privacy Issues for You to Consider

The current COVID-19 pandemic raises some significant issues and risks relating to cybersecurity and data privacy in the US that should be considered carefully and addressed appropriately. Concerns range from cybercriminals targeting a newly-remote workforce with clever phishing scams that prey on the environment of uncertainty, to worries that the crisis will give cover to … Continue Reading

The Illinois Biometric Information Privacy Act (“BIPA”): When Will Companies Heed the Warning Signs?

The Illinois Biometric Information Privacy Act (“BIPA”) went into effect in 2008 and has been a steady source of litigation ever since. This post summarizes the obligations BIPA imposes, the current state of BIPA litigation, and what steps businesses can take to reduce litigation risks. What is BIPA? The stated intent of BIPA was to … Continue Reading

New York Cybersecurity Upgrades: Are You Ready?

This spring, New York’s cybersecurity landscape shifts dramatically as certain provisions of New York’s Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) take effect.  The SHIELD Act, 2019 N.Y. Ch. 117, which was signed into law by Governor Cuomo on July 25, 2019, modifies existing data breach law to expand the definition of … Continue Reading

Enforcement of the NYDFS Cybersecurity Regulation Coming in the Near Future

The NY Department of Financial Services Cybersecurity Regulation, 23 N.Y. Comp. Code R. & Regs. § 500, provides for the protection of customer information and information technology systems of Covered Entities, in recognition of the “ever growing threat posed to information and financial systems by nation-states, terrorist organizations and independent criminal actors.” The Cybersecurity Regulation … Continue Reading

CCPA Coming Soon… Is Your Organization Ready?

In just a few short weeks (January 1, 2020), the California Consumer Privacy Act (CCPA) will impose burdensome GDPR-like transparency and individual rights requirements on almost every company that handles “personal information” regarding California residents, including employees.  Is your organization ready? We have prepared a number of client alerts and blog posts to help you … Continue Reading
LexBlog