Data Security

Overview of 2018 2018 was a watershed year for state privacy and security laws, with several states passing legislation in these areas. The most significant development was the enactment of the California Consumer Privacy Act...

Read More →

Massachusetts has updated its breach notification law to require credit monitoring services and more prescriptive breach notices to regulators, as well as to strengthen rules for consumer reporting agencies. Governor Charlie Baker signed the legislation...

Read More →

The Vermont Data Broker Regulation (“VDBR”) (9 V.S.A. §§ 2430, 2433, 2446–2447) went into effect on January 1, 2019. Therefore, data brokers must register with the Vermont Attorney General by January 31st and comply with...

Read More →

An Illinois federal judge granted summary judgment to Google in a case alleging that its use of facial recognition software in Google Photos violated Illinois’ Biometric Information Privacy Act (“BIPA”), citing Plaintiffs’ failure to establish...

Read More →

The South Carolina Insurance Data Security Act (the “Act”) took effect on January 1, 2019.  The bill, which largely resembles the New York Department of Financial Services cybersecurity regulations, is based on the National Association...

Read More →

2018 was a big year for information security and data privacy. The European General Data Protection Regulation (“GDPR”) became effective and helped bring greater awareness to the handling of personal data while several U.S. states...

Read More →

The North Carolina Attorney General’s Office issued a letter to Google on October 11th demanding that the company answer questions about the recent breach affecting its Google+ network. The NC AG’s inquiry signals that companies...

Read More →

The classic refrigerator clean-out rule, “When in doubt, throw it out” could be a tagline for Colorado’s recent amendment to its data security and breach notification laws, HB 18-1128. As a policy, if you don’t...

Read More →

A Canadian law that goes into effect on November 1st will require companies to maintain a record of all breaches, regardless of whether they are reportable. We’ve previously written about the Canadian law that will...

Read More →

The SEC and Voya Financial Services recently reached a $1 million settlement, stemming from a 2016 security incident in which individuals impersonating Voya’s independent contractors were able to gain access to the PII (including full...

Read More →