Recent Posts

The classic refrigerator clean-out rule, “When in doubt, throw it out” could be a tagline for Colorado’s recent amendment to its data security and breach notification laws, HB 18-1128. As a policy, if you don’t need personal identifying information (“PII”), it should be properly disposed of or destroyed. If you are going to keep PII,...

Read More →

The Importance of Being Honest & Accurate in Representing your Privacy Shield Status

Oct 8, 2018 by Michelle Anderson, Amanda Irwin and Mason Weisz

The Federal Trade Commission (“FTC”) announced settlements on September 27, 2018 with four companies that the FTC alleged falsely claimed to be EU-U.S. Privacy Shield certified. These settlements with IDmission, LLC, mResource LLC, SmartStart Employment Screening, Inc., and VenPath, Inc. – in conjunction with another settlement in July and three others in November 2017 –...

Read More →

A Canadian law that goes into effect on November 1st will require companies to maintain a record of all breaches, regardless of whether they are reportable. We’ve previously written about the Canadian law that will impose a country-wide data breach notification requirement, and we explain the recordkeeping requirement (sometimes referred to as a “ledger” requirement)...

Read More →

The SEC and Voya Financial Services recently reached a $1 million settlement, stemming from a 2016 security incident in which individuals impersonating Voya’s independent contractors were able to gain access to the PII (including full social security numbers, date of birth, and email address) of at least 5,600 Voya customers. The impersonators gained access by calling...

Read More →

Now Accepting Applications for Summer Legal Interns in 2019!

Oct 1, 2018 by Michelle Anderson and Zach Lerner

ZwillGen is hiring Summer Legal Interns for summer 2019 and is looking for energetic candidates to apply. ZwillGen is a leading boutique law firm specializing in the intersection of law and technology and serving the biggest names in technology. This opportunity will give law students exposure to cutting edge privacy, security, and surveillance issues and...

Read More →

Since the D.C. Circuit issued its ruling in March invalidating as arbitrary and capricious many of the FCC’s interpretations of the Telephone Consumer Protection Act (“TCPA”), courts have been tasked with clarifying the definition of autodialer under the TCPA. Industry received good news in June when the Third Circuit ruled that an autodialer must have...

Read More →

Note: SB 1121 was signed into law on September 23, 2018. On August 31, 2018, the California legislature unanimously passed a bill, SB 1121, amending the California Consumer Privacy Act (“CCPA”). While the bill does not change CCPA’s core compliance requirements, it does include some significant clarifications to the law, as well as technical corrections....

Read More →

Note: SB 327 was signed into law on September 28, 2018. The California State Senate has passed a bill (SB 327) that would make California the first state to regulate the security of the Internet of Things (“IoT”). Coming on the heels of the California Consumer Privacy Act enacted in June, SB 327 awaits Governor...

Read More →

ZwillGen is proud to announce Lisa Page joined the firm as Counsel in May. A seasoned lawyer, Lisa brings more than a decade of law enforcement experience at the Department of Justice and FBI on the types of national security and investigative issues that ZwillGen handles for its clients every day. Lisa’s significant government experience continues...

Read More →

NIST Cybersecurity Bill Enacted for Small Businesses

Sep 5, 2018 by Armin Tadayon and Allison Bender

On August 14, 2018, the NIST Small Business Cybersecurity Act was enacted. In some ways, the Act appears to be a continuation of policies to enhance private sector cybersecurity through the use of voluntary resources, such as the NIST Cybersecurity Framework developed under Executive Order 13636. However, it takes a new step forward in directing...

Read More →