Data Security

On October 10, 2019, the California Attorney General issued its notice of proposed rulemaking containing its proposed CCPA Regulations. In many instances, the draft Regulations go beyond simply clarifying existing CCPA provisions and instead set forth new...

Read More →

Key Takeaways: Subject data rights for employee data and business-to-business data were narrowed (for a year). The definition of personal information was clarified; the toll-free number requirement has an exception. The definition of sale remains...

Read More →

Following a breach affecting 145 million consumers, the Federal Trade Commission has announced a settlement with Equifax for up to $700 million, the largest ever for a data breach. In the same action, Equifax also settled with...

Read More →

New York has updated its breach notification and data security law, expanding the definition of a data breach and imposing detailed reasonable security requirements, among other changes. The amendment also adds a number of new...

Read More →

Following a yearlong investigation triggered in part by the Cambridge Analytica incident, the Federal Trade Commission (FTC) has announced a much anticipated settlement with Facebook, Inc. The Commission determined that the company violated its existing 2012 FTC Order...

Read More →

The California Consumer Privacy Act (“CCPA”) goes into effect on January 1, 2020, but the contours of the law are still being ironed out. Following a marathon debate at a California Senate Judiciary Committee Hearing,...

Read More →

Tricky Topics in CCPA Compliance

June 10, 2019 | 0 Comments

At the time of the writing of this article, the final language of the California Consumer Privacy Act (“CCPA”) is yet to be determined. Nevertheless, given the effective date of the statute, as well as...

Read More →

The Department of Health and Human Services (“HHS”) may have signaled its interest in pursuing more enforcement actions against business associates. On May 24, 2019, the HHS Office for Civil Rights (“OCR”), released a fact sheet on the...

Read More →

In the year since the General Data Protection Regulation (“GDPR”) went into effect on May 25, 2018, companies worldwide have been adapting to the new privacy rules—and EU regulators have also been busy adjusting to the new...

Read More →

Arkansas has updated its breach notification law to expand the definition of “personal information” and to require notifying the Arkansas Attorney General when a breach involves more than 1,000 individuals’ personal information. On April 15, 2019, Governor...

Read More →