Almost everyone working in cybersecurity compliance is aware that each U.S. state has its own set of breach notification requirements. What is less known is that many of these states…
Earlier this year, we wrote about the SEC’s cybersecurity priorities. Since then, the SEC announced a settlement with First American Title Insurance and Services (“First American”) for violating Rule 13a-15(a)…
On July 19, 2021, California Attorney General Rob Bonta announced his first-year enforcement update on the California Consumer Privacy Act (“CCPA”), and unveiled a tool to help the Attorney General’s…
Companies face increasing risk to their operations resulting from a cyber breach of a critical vendor. We have recently written about creating a sensible cybersecurity and AI risk framework for…
Colorado has just adopted a brand-new data privacy law and Nevada has just significantly amended its law. These changes add rights for consumers, and compliance obligations for businesses, that take…
This is Part 1 of a two-part article on the recent U.S. Supreme Court TransUnion decision. In Part 2, we will discuss the implications of the decision for efforts to…
Since the implementation of the California Consumer Privacy Act (“CCPA”) 18 months ago, more than 75 lawsuits have been filed seeking damages using the Act’s private cause of action. The CCPA…
On Monday, June 14, 2021, the Board of the California Privacy Protection Agency (“Agency”) hosted its first inaugural public meeting. As discussed in a prior posting, the California Privacy Rights…
On April 14, 2021, the New York State Department of Financial Services (the “DFS”) announced that its cyber enforcement action against National Securities Corporation (“National Securities”) has been resolved by…