Privacy & Data Security

February 28, 2021

The Commonwealth of Virginia is on the verge of becoming the second state with a comprehensive consumer data protection law. The Consumer Data Protection Act (“CDPA”), which awaits signature by Governor Northam (who is expected to sign the bill into law), would go into effect on January 1, 2023. Like California’s CCPA (and CPRA, also set to take effect January 1, 2023), the CDPA establishes a comprehensive framework for the collection and use of personal…

Assured SPC Blog

Webinar: Cybersecurity (Without Boiling the Ocean)

By Barry Weber

February 26, 2021

Announcing a Secure The Village Webinar on Cybersecurity (without boiling the ocean) Date and Time: March 11, 2021 (10-11am PT) Description: Organizations struggle with many cybersecurity issues demanding attention, time and money. These issues include managing information security risk, the ever-changing landscape of threats and the cost of safeguards. An effective solution is to approach cybersecurity as a step-by-step journey rather than a destination. Barry Weber, vCISO and Privacy Practice Leader for Assured SPC, will present…

Cleary Cybersecurity and Privacy Watch

Ready to Pounce: Regulators Are Intensifying GDPR Enforcement

By Natalie Farmer & Louie Ka Chun

February 26, 2021

After what appears to be a period of relative leniency in 2018/19, enforcement actions for violations of the EU General Data Protection Regulation (“GDPR”) have since intensified. In 2020, according to publically available information, supervisory authorities across the EU and the UK Information Commissioner’s Office (“ICO”) have issued over EUR 170 million worth of fines combined[1], with six of the top ten individual fines imposed being issued in 2020[2]. While supervisory…

Inside Privacy

European Commission Publishes Report on EU Member States’ Rules in Relation to Health Data

By Kristof Van Quathem

February 26, 2021

In February 2021, the European Commission (“Commission”) released a report on European Union (“EU”) Member States’ laws governing the processing of health data. The report discusses three general types of health data uses: primary use for health care services; secondary use for public health purposes; and secondary use for scientific research purposes. For each of these general purposes, the report assesses real-world use cases. For example, for health care services, the report considers e-health applications,…

Inside Privacy

2021 State Privacy Legislation Roundup: California, Virginia, New York, and Washington

By Shane Rogers, Libbie Canter, Lindsey Tonsager, Jayne Ponder, Alexandra Scott & Inside Privacy

February 26, 2021

https-www-insideprivacy-com-wp-content-uploads-sites-6-2021-02-2021-state-privacy-legislation-roundup-california-virginia-new-york-washington-table-scaled-jpg

Several states have proposed new privacy bills since their sessions began. Some of the proposed bills carry over or re-introduce bills drafted in previous legislative sessions, while others are introducing first–in-time omnibus privacy bills. In the high-level chart below, we compare five of the key state privacy frameworks: the CPRA, VCDPA (which we blogged about here), the NYPA, the general privacy provisions of the Washington Privacy Act, and the newly introduced Washington People’s Privacy Act (HB 1433). …

Password Protected

DOJ Indictment Highlights Attack Methods Used by State-Sponsored Cybercriminals

By Kevin M. Lally, Rodger A. Heaton, Erin L. Wilson & Clare E. Reardon

February 26, 2021

The U.S. Department of Justice announced an indictment in the U.S. Attorney’s Office for the Central District of California against a North Korea-sponsored international cybercriminal organization that infiltrated public and private computer networks, fundamentally compromised these systems, and sought to obtain over a billion dollars from this illicit access. Read the full article on our Subject to Inquiry blog for details about this enforcement action, which spotlights the cybercriminals’ methods to steal intellectual property and…

Data Privacy Dish

The Million Dollar Question: Is the use of Adtech considered the sale of personal information?

By David A. Zetoony

February 26, 2021

The California Attorney General was asked to clarify whether the use of “website cookies shared with third parties” constituted the sale of personal information. The Attorney General declined to answer, stating only that whether a particular situation constitutes the sale of information “raises specific legal questions that would require a fact-specific determination, including whether or not there was monetary or other valuable considerations involved, the consumer directed the business to intentionally disclose the personal information,…

Privacy Quick Tips

California Legislature Returns Its Focus to Automated Decision Systems

By Dominique Shelton Leipzig, Arsen Kourinian & Zachary Watterson

February 26, 2021

As the California legislature reconvened in Sacramento in January with hopes for a more regular legislative session in 2021, it again returned its focus to address the potential for bias and discrimination from the use of automated decision systems (ADS) by businesses. Assemblymember Ed Chau, chair of the Assembly Privacy and Consumer Protection Committee, is spearheading a bill—AB 13, or the Automated Decision Systems Accountability Act of 2021. AB 13 would require any…

Legal Health Information Exchange

Checklist for Info Blocking Compliance

By Helen Oscislawski

February 25, 2021

Your vendor is not “taking care of it.” Compliance with the Information Blocking rule is about more than just the technology. Assemble a “task team” to tackle operational decisions that need to be made to comply with Information Blocking. Use a checklist to begin “ticking off” boxes to ensure that your organization is moving towards compliance with Info Blocking by April 5th! Subscribe to HERE to Legal HIE’s compliance library to gain access to sample policies,…

Taft Privacy & Data Security Insights

And Then There Were Two: The Commonwealth of Virginia Joins California in Enacting Comprehensive Privacy Rights Law

By Zachary Heck & Jordan Jennings

February 25, 2021

On February 3, 2021, the Virginia Senate passed the Virginia Consumer Data Protection Act (“VCDPA” or the “Act”). Upon approval from Governor Ralph Northam, Virginia will be the second state in the nation to adopt a comprehensive data privacy law. This proposed legislation places Virginia alongside California at the forefront of domestic data privacy regulations. In 2020, California changed the landscape of data privacy laws in the United States with the California Consumer Privacy …

Privacy & Data Security

STATES ARE STEPPING UP TO THE PRIVACY PLATE. WHO’S NEXT? VIRGINIA.

Webinar: Cybersecurity (Without Boiling the Ocean)

Ready to Pounce: Regulators Are Intensifying GDPR Enforcement

European Commission Publishes Report on EU Member States’ Rules in Relation to Health Data

2021 State Privacy Legislation Roundup: California, Virginia, New York, and Washington

DOJ Indictment Highlights Attack Methods Used by State-Sponsored Cybercriminals

The Million Dollar Question: Is the use of Adtech considered the sale of personal information?

California Legislature Returns Its Focus to Automated Decision Systems

Checklist for Info Blocking Compliance

And Then There Were Two: The Commonwealth of Virginia Joins California in Enacting Comprehensive Privacy Rights Law

Privacy & Data Security Blogs

Stay Connected

Company

Products

Support

New to the Network