The Consumer Financial Protection Bureau (the “CFPB”) recently announced that it will hold its first Tech Sprint to reduce regulatory burden and improve consumer understanding of financial services. The CFPB describes its Tech Sprints as a model that:… Continue Reading
The U.S National Institute of Standards and Technology (“NIST”) recently published its “Zero Trust Architecture,” which outlines a road map for cybersecurity measures across an organization. NIST explained that the security concept was created with the purpose of “mov[ing] defenses from static, network-based perimeters to focus on users, assets, and resources.” “Zero trust” is a … Continue Reading
What even might actually manage to have more geeks than Comic-Con? PrivacyCon! Ok, probably not, but on July 21, 2020 the FTC hosted their fifth annual PrivacyCon event, and for the first time it was entirely online. This event is designed to provide researched information on various important privacy topics. The FTC curates the event … Continue Reading
As predicted in our February 4, 2020 blog post, the New York Department of Financial Services (“DFS”) has filed its first formal charges for violation of the state’s cybersecurity regulation. The charges were filed against an insurance company for allegedly violating several provisions of Part 500 of Title 23 of the New York Codes, Rules, … Continue Reading
The advocacy group, Californians for Consumer Privacy, is going to court in an effort to ensure that California residents have the ability to vote on the proposed California Privacy Rights Act (“CPRA”) in a referendum in November.… Continue Reading
The impact of the COVID-19 outbreak continues to expand, as the New York Department of Financial Services (“NYDFS”) has extended the deadlines for Certification of Compliance for the Cybersecurity Regulation (23 NYCRR Part 500). A statement on NYDFS’ website explicitly notes that this change is solely a result of “the outbreak of COVID-19.” Accordingly, all … Continue Reading
On April 30, 2020, four Republican Senators[1],including the Chairman of the U.S. Senate Committee on Commerce, Science & Transportation, announced that they intend to introduce federal privacy legislation to regulate the collection and use of personal information in connection with the Coronavirus pandemic. According to the Senators’ press release, the COVID-19 Consumer Data Protection Act (the … Continue Reading
The current COVID-19 pandemic raises some significant issues and risks relating to cybersecurity and data privacy in the US that should be considered carefully and addressed appropriately. Concerns range from cybercriminals targeting a newly-remote workforce with clever phishing scams that prey on the environment of uncertainty, to worries that the crisis will give cover to … Continue Reading
The Illinois Biometric Information Privacy Act (“BIPA”) went into effect in 2008 and has been a steady source of litigation ever since. This post summarizes the obligations BIPA imposes, the current state of BIPA litigation, and what steps businesses can take to reduce litigation risks. What is BIPA? The stated intent of BIPA was to … Continue Reading
This spring, New York’s cybersecurity landscape shifts dramatically as certain provisions of New York’s Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) take effect. The SHIELD Act, 2019 N.Y. Ch. 117, which was signed into law by Governor Cuomo on July 25, 2019, modifies existing data breach law to expand the definition of … Continue Reading
The NY Department of Financial Services Cybersecurity Regulation, 23 N.Y. Comp. Code R. & Regs. § 500, provides for the protection of customer information and information technology systems of Covered Entities, in recognition of the “ever growing threat posed to information and financial systems by nation-states, terrorist organizations and independent criminal actors.” The Cybersecurity Regulation … Continue Reading
In just a few short weeks (January 1, 2020), the California Consumer Privacy Act (CCPA) will impose burdensome GDPR-like transparency and individual rights requirements on almost every company that handles “personal information” regarding California residents, including employees. Is your organization ready? We have prepared a number of client alerts and blog posts to help you … Continue Reading
Partner Elliot Golding joins the Daon Podcast Series, to share his expertise on the coming impact of the California Consumer Privacy Act (CCPA) and what companies should know before it takes effect on January 1st, 2020. A recording of the episode is available here.… Continue Reading
The California Consumer Privacy Act (CCPA) takes effect on January 1, 2020. The California legislature passed a number of amendments on September 13, 2019, that alter the law in important ways. These amendments are now being reviewed by the governor and will be finalized by October 13, 2019. Join our webinar just a few days later, … Continue Reading
This is Squire Patton Boggs’ Data Privacy and Cybersecurity Group’s second post regarding the recent amendments to the California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020. Our earlier post covering the CCPA amendment requiring data brokers to register with the California Attorney General, is available here. Please also read our prior posts … Continue Reading
The California legislature made several amendments to the California Consumer Privacy Act (“CCPA”) last Friday, September 13, 2019. This post focuses on the enactment of Assembly Bill No. 1202, which requires certain businesses that sell consumers’ personal information, as defined under the CCPA, to register as data brokers with the California Attorney General. For more … Continue Reading
With the CCPA’s January 1, 2020 compliance date rapidly approaching, organizations subject to the California Consumer Privacy Act (“CCPA”) should conduct a gap assessment to determine what they need to accomplish in the next three months. Our second client alert in our California Consumer Privacy Act Series – Part 2: Gap Assessments provides further insight … Continue Reading
As explained in a recent post published on Squire Patton Bogg’s Anticorruption Blog, the DOJ is pursuing providers who submit false claims under the electronic health records initiative. This enforcement action should serve as a reminder to examine carefully attestations of EHR compliance, including the requirement to complete a HIPAA-required security risk assessment.… Continue Reading
Last year, the California legislature enacted the California Consumer Privacy Act (the “CCPA”), which imposes key data privacy requirements on businesses collecting or storing data about California residents. The CCPA provides for civil penalties imposed by the California Attorney General (“AG”) and creates a private right of action for those residents impacted by a data … Continue Reading
Effective January 1, 2020, the California Consumer Privacy Act (CCPA) will impose burdensome GDPR-like transparency and individual rights requirements on almost every company that handles “personal information” regarding California residents, regardless of where the business is based. The Act will impact information regarding not only consumers, but also employees and business contacts. Join us for … Continue Reading
From the continual evolution of the California Consumer Protection Act (CCPA) to the potential ramifications of a Brexit “no-deal” on data transfers, 2019 may be a defining point in data privacy and cybersecurity. Nowhere is this increased attention more pronounced than the growing support for US federal data privacy legislation. … Continue Reading
The Illinois Supreme Court’s recent broad interpretation of the pioneering Illinois Biometric Identity Protection Act justifies close attention to legislative and regulatory developments regarding collection and protection of biometric identifier data. Our previous report of this decision may be found here. Two other states, Texas and Washington, already have biometric identifier privacy laws in place, … Continue Reading
On January 25, 2019, the Illinois Supreme Court ruled that a consumer need not demonstrate an adverse effect or specific harm, such as evidence that personal information was stolen or misused, to have standing to sue under the state’s Biometric Identity Protection Act (BIPA). The court held that a procedural violation of the law itself … Continue Reading
Cybersecurity awareness recently took center stage in the healthcare industry when the Department of Health and Human Services (HHS) issued comprehensive risk-prioritized cybersecurity best practices to combat top threats. HHS mapped this guidance to the National Institute of Standards and Technology (NIST) Cybersecurity Framework, cross-referencing 88 individual sub-practices for healthcare organizations of all sizes. The … Continue Reading
