Search

Search form

Biden Administration Issues Cybersecurity Executive Order Following Colonial Pipeline Cyberattack

On May 12, 2021, the Biden Administration issued an Executive Order on “Improving the Nation’s Cybersecurity” (EO). The EO was in the works prior to the Colonial Pipeline cyberattack, reportedly a ransomware incident that snarled the flow of gas on the east coast for days. Ransomware attacks are nothing new, but they are increasing in...… Continue Reading
May 17, 2021

NYC Council Passes Data Privacy Bill That Would Impose Rigorous Requirements On Owners of “Smart Access” Buildings

As we noted in our last post, there has been a flurry of data privacy and security activity in New York, with the State appearing poised to join California as a leader in this space.  Most recently, on April 29, 2021, the New York City Council passed the Tenant Data Privacy Act (“TDPA”), which would...… Continue Reading
May 12, 2021

NYC Creates BIPA-Like Requirements for Retail, Hospitality Businesses Concerning Biometric Information Collected From Customers

By Damon Silver and Melissa Pascualini Effective July 9, 2021, certain retail and hospitality businesses that collect and use “biometric identifier information” from customers will need to post conspicuous notices near all customer entrances to their facilities.  These businesses will also be barred from selling, leasing, trading, sharing or otherwise profiting from the biometric identifier...… Continue Reading
May 12, 2021

COVID-19 Vaccine Passport Programs: Privacy and Security Considerations

As access to COVID-19 vaccines becomes more prevalent, and we begin to conceptualize what a post-pandemic world might look like, many governments are assessing the idea of a COVID-19 vaccine passport framework.  In late March, the European Commission announced its plan for a COVID-19 Digital Green Certificate framework (“the framework”) to facilitate “safe free movement...… Continue Reading
May 11, 2021

Data Protection and the Role of Vendor Management

 The SolarWinds hack highlights the critical need for organizations of all sizes to include cyber supply chain risk management as part of their information security program. It is also a reminder that privacy and security risks to an organization’s data can come from various vectors, including third party vendors and services providers. By way of...… Continue Reading
May 6, 2021

CPRA Series: The CPRA and Risk Assessments

The California Privacy Protection Act (CPRA) amended the California Consumer Privacy Act (CCPA) and has an operative date of January 1, 2023. The CPRA introduces new compliance obligations including a requirement that businesses conduct risk assessments. While many U.S. companies currently conduct risk assessments for compliance with state “reasonable safeguards” statutes (e.g., Florida, Texas, Illinois,...… Continue Reading
May 3, 2021

DOH Employee Error Causes Breach of COVID-19 and Other Health Data Affecting Nearly 165,000 Individuals

In a recent post, we highlighted the need for a privacy and cybersecurity training program, one not solely focused on spotting phishing attempts (although that is quite important as well). A primary reason, quite simply, is that employees continue to be a leading cause of data breaches. This fact was reaffirmed for the Wyoming Department...… Continue Reading
April 28, 2021

Florida Moves Forward a Revised Consumer Privacy Bill

Will Florida be the next state to enact a comprehensive consumer privacy law? It sure is starting to look like a viable possibility.  With the California Consumer Privacy Act (“CCPA”) in full effect, and the recent enactment of Virginia’s Consumer Data Protection Act (“CDPA”), there has been a flurry of state privacy legislative proposals since...… Continue Reading
April 27, 2021

Developing a Privacy and Cybersecurity Training Program for Employees

Increased remote work due to the COVID-19 pandemic has only exacerbated privacy and cybersecurity concerns, and likely has not changed the finding in Experian’s 2015 Second Annual Data Breach Industry Forecast: Employees and negligence are the leading cause of security incidents but remain the least reported issue. A more recent state of the industry report...… Continue Reading
April 20, 2021

Third Circuit Affirms Dismissal of Employee Who Advocated Violence in a Social Media Post

In a recent employee termination case, the Third Circuit Court of Appeals recently upheld the dismissal of race discrimination claims by a bank employee who was terminated due to a social media post. Plaintiff, a Caucasian woman, was employed as a project manager in her employer’s wealth management department.  In June 2018, a public news...… Continue Reading
April 15, 2021

Pages