Privacy, Data and CybersecurityBlog Posts
City of Baltimore May Criminalize the Use of Facial Recognition Technologies by BusinessesThe Baltimore City Council recently passed an ordinance, in a vote of 13-2, barring the use of facial recognition technology by city residents, businesses, and most of the city government (excluding the city police department) until December 2022. Council Bill 21-0001 prohibits persons from “obtaining, retaining, accessing, or using certain face surveillance technology or any...… Continue ReadingJune 21, 2021 |
Musings of Retirement Plan Fiduciaries on Cybersecurity: Episode OneBy now, plan fiduciaries and their service providers likely have heard about the DOL’s cybersecurity guidance. The Department of Labor’s stepping into cybersecurity in this way – a posting of best practices on the agency’s website – has left plan fiduciaries with some questions. Here are a few: “When is this effective?” “Does this apply...… Continue ReadingJune 15, 2021 |
Texas Joins Other States with New Texas Data Breach Notification Requirement: Is This a New Trend?The Texas Legislature, which meets every other year, pushed a changed to its data breach notification law at the end of the session in late May, and yesterday Governor Greg Abbott signed the bill into law. It follows a growing trend of changes to privacy and cybersecurity laws at the state level. Texas House Bill...… Continue ReadingJune 15, 2021 |
Connecticut on its Way to an Enhanced Data Breach Notification LawState legislatures across the nation are prioritizing privacy and security matters, and Connecticut is no exception. This week, Connecticut Attorney General William Tong announced the passage of An Act Concerning Data Privacy Breaches, a measure that will enhance and strengthen Connecticut’s data breach notification law. The Connecticut House of Representatives unanimously approved the bill on...… Continue ReadingJune 9, 2021 |
Supreme Court Adopts Narrow Interpretation of Computer Fraud and Abuse ActIn a landmark decision, the U.S. Supreme Court has ruled that the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030 et seq., does not prohibit improper use of computer information to which an individual has authorized access. Rather, the law prohibits obtaining information from areas of a computer, such as files, folders, or...… Continue ReadingJune 9, 2021 |
NY Attorney General Announces Settlement After Website Data BreachIn late May, New York Attorney General Letitia James announced a $200,000 settlement agreement with Filters Fast, an online water filtration retailer, stemming from a 2019 data breach compromising the personal information of over 300,000 consumers across the U.S., including nearly 17,000 in New York state. The settlement also requires the online retailer to strengthen...… Continue ReadingJune 8, 2021 |
The New EU Standard Contractual ClausesThe EU Commission is expected to adopt the long awaited updated Standard Contractual Clauses (“SCCs”) on June 4, 2021. In the wake of the Schrems II decision invalidating the EU-U.S. Privacy Shield, the SCCs have played an increased role as an appropriate safeguard for transferring personal data from the European Economic Area to recipients in...… Continue ReadingJune 4, 2021 |
Long-Term Care Facilities Must Educate, Offer, and Report on COVID-19 Vaccinations for Residents and Staff, According to CMS Interim RuleOn May 11, 2021, the Centers for Medicare & Medicaid Services (CMS) of the U.S. Department of Health & Human Services published an interim final rule/guidance to establish COVID-19 vaccination requirements for Long-Term Care (LTC) facilities. The requirements are applicable to both residents and staff. LTC facilities have already been managing COVID-19 vaccination requirements both...… Continue ReadingMay 27, 2021 |
Is New York Next? A Comprehensive Consumer Privacy Bill ReintroducedOn May 13th, New York State Senator Kevin Thomas, Chair of NY’s Consumer Protection Committee, reintroduced the New York Privacy Act (“NYPA”), a comprehensive consumer privacy law similar in kind to the California Consumer Privacy Act (“CCPA”), California Privacy Rights Act (“CPRA”), and Virginia’s Consumer Data Protection Act (“CDPA”). The NYPA had been introduced in a previous...… Continue ReadingMay 26, 2021 |
Don’t be Fooled by the CPRA Effective Date, Employers Have Current Obligations Under the CCPAThe passage of Prop 24, the California Privacy Rights Act of 2020 (“CPRA”), has caused a bit of confusion among businesses in California. The confusion stems from the fact that the CPRA has an effective date of January 1, 2023, amending the existing California Consumer Privacy Act (CCPA) when it takes effect, but also immediately...… Continue ReadingMay 21, 2021 |