Search

Search form

California State Senator Introduces a BIPA-like Law to Protect Biometric Information

Some members of the California legislature want their state to remain the leader for data privacy and cybersecurity regulation in the U.S. This includes protections for biometric information, similar to those under the Biometric Information Privacy Act in Illinois, 740 ILCS 14 et seq. (BIPA). State Senator Bob Wieckowski introduced SB 1189 on February 17, 2022, which...
February 23, 2022

$600,000 Reasons To Review Your SHIELD Act Compliance Program: NY Attorney General Announces Significant Settlement Stemming From Email Data Breach

On January 24, 2022, New York Attorney General Letitia James announced a $600,000 settlement agreement with EyeMed Vision Care, a vision benefits company, stemming from a 2020 data breach compromising the personal information of approximately 2.1 million individuals across the United States, including nearly 99,000 in New York State (the “Incident”). This settlement was the...
February 16, 2022

Massachusetts Legislature Evaluates Its Own Comprehensive Consumer Privacy Law

The Massachusetts Information Privacy and Security Act (MIPSA) continues to advance through the state legislative process, and is now before the full legislature. While the Act has several hurdles to clear before becoming law, its notable for two reasons. First, the comprehensive nature of the MIPSA exemplifies the direction state data protection laws are heading...
February 15, 2022

Massachusetts Privacy Bill Provides WISP Reminder, Safe Harbor for Punitive Damages

When Massachusetts issued its data security regulations in 2009 (Regulations), it led the way for states on data security. The Regulations became effective 12 years ago, almost to the day, March 1, 2010. The Bay State is now contemplating comprehensive privacy legislation, the Massachusetts Information Privacy and Security Act (MIPSA), similar to what has been...
February 14, 2022

SEC to Advisors and Funds – Adopt and Implement Cybersecurity Policies and Procedures

On February 9, the Securities and Exchange Commission (“SEC”) voted to propose rule 206(4)-9 under the Advisers Act and 38a-2 under the Investment Company Act (collectively, “Proposed Rule”). In general, the Proposed Rule would require all advisers and funds to adopt and implement cybersecurity policies and procedures containing several elements. While acknowledging spending on cybersecurity...
February 11, 2022

Jump in Facial and Voice Recognition Raises Privacy, Cybersecurity, Civil Liberty Concerns

Facial recognition, voiceprint, and other biometric-related technology are booming, and they continue to infiltrate different facets of everyday life. The technology brings countless potential benefits, as well as significant data privacy and cybersecurity risks. Whether it is facial recognition technology being used with COVID-19 screening tools and in law enforcement, continued use of fingerprint-based time...
February 4, 2022

Top 10 for 2022 – Happy Data Privacy Day!

In honor of Data Privacy Day, we provide the following “Top 10 for 2022.”  While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2022. State Consumer Privacy Law Developments On January 1, 2020, the CCPA ushered into the U.S. a range of new rights for consumers, including:...
January 28, 2022

Fraud, Data Breaches Continuing to Crush Federal and State Unemployment Benefit Departments, Pennsylvania’s Next?

Few want to get past the COVID-19 pandemic more than leaders of federal and state unemployment benefit departments. For the last 2 years they have been successfully targeted for fraud and data breaches, racking up billions in losses. Thousands of employees across the country, including yours truly, have had false claims submitted in their name....
January 24, 2022

California Consumer Privacy Act, California Privacy Rights Act FAQs for Covered Businesses

The California Consumer Privacy Act (CCPA), considered one of the most expansive U.S. privacy laws to date, went into effect on January 1, 2020. The CCPA placed significant limitations on the collection and sale of a consumer’s personal information and provides consumers new and expansive rights with respect to their personal information. Less than one...
January 19, 2022

The RIPTA Data Breach May Provide Valuable Lessons About Data Collection and Retention

Efforts to secure systems and data from a cyberattack often focus on measures such as multifactor authentication (MFA), endpoint monitoring solutions, antivirus protections, and role-based access management controls, and for good reason. But there is a basic principle of data protection that when applied across an organization can significantly reduce the impact of a data...
January 12, 2022

Pages