Search

Search form

Congress Releases Draft Federal Privacy Law with Potential Traction To Pass

The federal government has been trying to reach a consensus on data privacy and thus far has failed to pass legislation. On June 3, 2022, a bipartisan draft bill, titled the American Data Privacy and Protection Act was released by the Committee on Energy and Commerce. The bill intends to provide comprehensive data privacy legislation,...
June 21, 2022

CPPA Votes to Proceed with CPRA Rulemaking

At the California Privacy Protection Agency (CPPA) Board meeting on June 8, 2022, the board voted to begin the rulemaking process. The Board previously released a 66-page draft of regulations, that are intended to implement and interpret the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). While the draft redline...
June 9, 2022

California Privacy Protection Agency Board Takes Steps Toward First Official Rulemaking

On June 8, 2022, the California Privacy Protection Agency (CPPA) Board, will meet to discuss and take potential action regarding a draft of its proposed regulations. The June 8th public meeting includes an agenda item where the CPPA Board will consider “possible action regarding proposed regulations … including possible notice of proposed action.” In advance...
June 1, 2022

North Carolina Prohibits Public Sector Entities from Paying Ransom in a Ransomware Cyberattack

Organizations attacked with ransomware have a bevy of decisions to make, very quickly! One of those decisions is whether to pay the ransom. Earlier this year, I had the honor of contributing to a two-part series, entitled Ransomware: To pay or not to pay? (Part 1 and Part 2). Joined by Danielle Gardiner, CPA, CFF,...
May 25, 2022

Indiana Tightens the State’s Deadline for Providing Notification of a Data Breach

States continue to tinker with their breach notification laws. The latest modification to the Indiana statute relates to the timing of notification. On March 18, 2022, Indiana Governor Eric Holcomb, signed HB 1351 which tightens the rules for providing timely notice to individuals affected by a data breach. Prior to the change, the relevant section...
May 24, 2022

FTC Blog: “The FTC Act creates a de facto breach disclosure requirement”

On May 20, 2022, the Federal Trade Commission’s Team CTO and the Division of Privacy and Identity Protection published a blog post entitled, “Security Beyond Prevention: The Importance of Effective Breach Disclosures.” In the post, the FTC takes the position that in some cases there may be a de facto data breach notification requirement, despite...
May 23, 2022

Connecticut Likely to Become Fifth State to Enact Comprehensive Consumer Privacy Law

When the California Consumer Privacy Act of 2018 (CCPA) became law, it was only a matter of time before other states adopted their own statutes intending to enhance privacy rights and consumer protection for their residents. After overwhelming support in the state legislature, Connecticut is about to become the fifth state with a comprehensive privacy...
May 4, 2022

Draft Regulations in California Would Curb Use of AI, Automated Decision Systems in Employment

“The EEOC is keenly aware that [artificial intelligence and algorithmic decision-making] tools may mask and perpetuate bias or create new discriminatory barriers to jobs. We must work to ensure that these new technologies do not become a high-tech pathway to discrimination.” Statement from EEOC Chair Charlotte A. Burrows in late October 2021 announcing the employment agency’s...
April 11, 2022

“Get a Life” – Another Dentist Responds to Patient’s Online Review, This Time Faces a $50,000 OCR Penalty

It can be cathartic responding to a negative online review. It can also backfire, as can failing to cooperate with an OCR investigation as required under HIPAA. The Office for Civil Rights (OCR) recently announced four enforcement actions, one against a small dental practice that imposed a $50,000 civil monetary penalty under HIPAA. The OCR...
March 29, 2022

The EU Data Act and Its Effects on the Data Economy

On February 23, 2022, the EU Commission published a Proposal for a Regulation on harmonized rules on the access to and use of data as part of its strategy for making the EU a leader in the data-driven society. The “Data Act” addresses the access, use and porting of “industrial data” generated in the EU...
March 29, 2022

Pages