Data Security

Note: SB 1121 was signed into law on September 23, 2018. On August 31, 2018, the California legislature unanimously passed a bill, SB 1121, amending the California Consumer Privacy Act (“CCPA”). While the bill does...

Read More →

Note: SB 327 was signed into law on September 28, 2018. The California State Senate has passed a bill (SB 327) that would make California the first state to regulate the security of the Internet...

Read More →

On August 14, 2018, the NIST Small Business Cybersecurity Act was enacted. In some ways, the Act appears to be a continuation of policies to enhance private sector cybersecurity through the use of voluntary resources,...

Read More →

Ohio has become the first state to enact legislation providing liability protection for businesses that implement a written cybersecurity program that “reasonably conforms” to certain cybersecurity frameworks or laws to protect personal information. This approach...

Read More →

Since at least fall of 2017, the Department of Education (“ED”) has expected institutions of higher education to report data breaches directly to the department on the same day a breach is discovered – or...

Read More →

Nearly three years after adding a mandatory data breach notification provision to its federal privacy law, Canada has taken steps that will effectuate the dormant requirement. The Governor General in Council, on the recommendation of...

Read More →

Alabama became the 50th and final state to enact data breach notification legislation when Governor Kay Ivey signed into law the Alabama Data Breach Notification Act of 2018. Alabama’s law comes on the heels of...

Read More →

The CLOUD Act has been enacted, effectively mooting the closely watched United States v. Microsoft case and marking a watershed moment in federal and international surveillance law. The Act codifies mechanisms for both US and...

Read More →

Selecting appropriate contract clauses is a key strategy for managing security risks with vendors. Security provisions in vendor contracts should be tailored to the risks posed by the specific engagement, the supply chain for the...

Read More →

In affirming the dismissal of the Wiretap case against Apple for its handling of iMessages from former users, the 9th Circuit yesterday affirmed the distinction it first set out in 2002 in Konop v. Hawaiian...

Read More →