Search

Search form

City of Baltimore May Criminalize the Use of Facial Recognition Technologies by Businesses

The Baltimore City Council recently passed an ordinance, in a vote of 13-2, barring the use of facial recognition technology by city residents, businesses, and most of the city government (excluding the city police department) until December 2022.  Council Bill 21-0001  prohibits persons from “obtaining, retaining, accessing, or using certain face surveillance technology or any...… Continue Reading
June 21, 2021

Musings of Retirement Plan Fiduciaries on Cybersecurity: Episode One

By now, plan fiduciaries and their service providers likely have heard about the DOL’s cybersecurity guidance. The Department of Labor’s stepping into cybersecurity in this way – a posting of best practices on the agency’s website – has left plan fiduciaries with some questions. Here are a few: “When is this effective?” “Does this apply...… Continue Reading
June 15, 2021

Texas Joins Other States with New Texas Data Breach Notification Requirement: Is This a New Trend?

The Texas Legislature, which meets every other year, pushed a changed to its data breach notification law at the end of the session in late May, and yesterday Governor Greg Abbott signed the bill into law.  It follows a growing trend of changes to privacy and cybersecurity laws at the state level. Texas House Bill...… Continue Reading
June 15, 2021

Connecticut on its Way to an Enhanced Data Breach Notification Law

State legislatures across the nation are prioritizing privacy and security matters, and Connecticut is no exception. This week, Connecticut Attorney General William Tong announced the passage of An Act Concerning Data Privacy Breaches, a measure that will enhance and strengthen Connecticut’s data breach notification law. The Connecticut House of Representatives unanimously approved the bill on...… Continue Reading
June 9, 2021

Supreme Court Adopts Narrow Interpretation of Computer Fraud and Abuse Act

In a landmark decision, the U.S. Supreme Court has ruled that the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030 et seq., does not prohibit improper use of computer information to which an individual has authorized access. Rather, the law prohibits obtaining information from areas of a computer, such as files, folders, or...… Continue Reading
June 9, 2021

NY Attorney General Announces Settlement After Website Data Breach

In late May, New York Attorney General Letitia James announced a $200,000 settlement agreement with Filters Fast, an online water filtration retailer, stemming from a 2019 data breach compromising the personal information of over 300,000 consumers across the U.S., including nearly 17,000 in New York state.  The settlement also requires the online retailer to strengthen...… Continue Reading
June 8, 2021

The New EU Standard Contractual Clauses

The EU Commission is expected to adopt the long awaited updated Standard Contractual Clauses (“SCCs”) on June 4, 2021. In the wake of the Schrems II decision invalidating the EU-U.S. Privacy Shield, the SCCs have played an increased role as an appropriate safeguard for transferring personal data from the European Economic Area to recipients in...… Continue Reading
June 4, 2021

Long-Term Care Facilities Must Educate, Offer, and Report on COVID-19 Vaccinations for Residents and Staff, According to CMS Interim Rule

On May 11, 2021, the Centers for Medicare & Medicaid Services (CMS) of the U.S. Department of Health & Human Services published an interim final rule/guidance to establish COVID-19 vaccination requirements for Long-Term Care (LTC) facilities. The requirements are applicable to both residents and staff. LTC facilities have already been managing COVID-19 vaccination requirements both...… Continue Reading
May 27, 2021

Is New York Next? A Comprehensive Consumer Privacy Bill Reintroduced

On May 13th, New York State Senator Kevin Thomas, Chair of NY’s Consumer Protection Committee, reintroduced the New York Privacy Act (“NYPA”), a comprehensive consumer privacy law similar in kind to the California Consumer Privacy Act (“CCPA”), California Privacy Rights Act (“CPRA”), and Virginia’s Consumer Data Protection Act (“CDPA”).  The NYPA had been introduced in a previous...… Continue Reading
May 26, 2021

Don’t be Fooled by the CPRA Effective Date, Employers Have Current Obligations Under the CCPA

The passage of Prop 24, the California Privacy Rights Act of 2020 (“CPRA”), has caused a bit of confusion among businesses in California.  The confusion stems from the fact that the CPRA has an effective date of January 1, 2023, amending the existing California Consumer Privacy Act (CCPA) when it takes effect, but also immediately...… Continue Reading
May 21, 2021

Pages