Data Security

The North Carolina Attorney General’s Office issued a letter to Google on October 11th demanding that the company answer questions about the recent breach affecting its Google+ network. The NC AG’s inquiry signals that companies...

Read More →

The classic refrigerator clean-out rule, “When in doubt, throw it out” could be a tagline for Colorado’s recent amendment to its data security and breach notification laws, HB 18-1128. As a policy, if you don’t...

Read More →

A Canadian law that goes into effect on November 1st will require companies to maintain a record of all breaches, regardless of whether they are reportable. We’ve previously written about the Canadian law that will...

Read More →

The SEC and Voya Financial Services recently reached a $1 million settlement, stemming from a 2016 security incident in which individuals impersonating Voya’s independent contractors were able to gain access to the PII (including full...

Read More →

Note: SB 1121 was signed into law on September 23, 2018. On August 31, 2018, the California legislature unanimously passed a bill, SB 1121, amending the California Consumer Privacy Act (“CCPA”). While the bill does...

Read More →

Note: SB 327 was signed into law on September 28, 2018. The California State Senate has passed a bill (SB 327) that would make California the first state to regulate the security of the Internet...

Read More →

On August 14, 2018, the NIST Small Business Cybersecurity Act was enacted. In some ways, the Act appears to be a continuation of policies to enhance private sector cybersecurity through the use of voluntary resources,...

Read More →

Ohio has become the first state to enact legislation providing liability protection for businesses that implement a written cybersecurity program that “reasonably conforms” to certain cybersecurity frameworks or laws to protect personal information. This approach...

Read More →

Since at least fall of 2017, the Department of Education (“ED”) has expected institutions of higher education to report data breaches directly to the department on the same day a breach is discovered – or...

Read More →

Nearly three years after adding a mandatory data breach notification provision to its federal privacy law, Canada has taken steps that will effectuate the dormant requirement. The Governor General in Council, on the recommendation of...

Read More →