Podcast: Everything You Need to Know About NFTs in 10 Minutes or Less

Rob Musiala, a Counsel in the Digital Assets and Data Management group and the co-leader of our Blockchain Technologies and Digital Currencies team, breaks down everything you need to know about NFTs, all in 10 minutes or less.

Questions & Comments: rmusiala@bakerlaw.com

Listen to the episode.

Subscribe to BakerHosts
Apple Podcast | Google Podcast | iHeartRadio | Spotify | Stitcher | TuneIn
Download Episode Transcript

The Brave New World of Cybersecurity Compliance—Key Takeaways from Recent Government Action on Cybersecurity

After a series of high-profile supply chain and ransomware attacks, the federal government is ramping up its effort to improve the nation’s cybersecurity. In the past several months, multiple federal departments and agencies announced new policy initiatives and regulatory directives to drive their cybersecurity agenda forward, and state regulators are following the trend. It is unmistakably clear that companies in regulated sectors are entering a new era of cybersecurity regulatory compliance. And although much of this early action targets specific sectors (e.g., government contractors, pipeline operators, and public companies), these requirements will indirectly touch companies in other sectors and are a preview of broader regulation to come. Here, we discuss recent notable actions on cybersecurity by federal and state government agencies. Continue Reading

Welcome to the Digital Transformation and Data Economy Newsletter – July 2021 Issue

Across the economy, businesses are using digital technology to pivot into innovative service lines, accelerate growth and transform their businesses altogether. These businesses’ digital strategies and data assets play important roles in their success.

Since the California Consumer Privacy Act (CCPA) went into effect in January 2020, a growing number of comprehensive state privacy laws have been proposed in the United States, many of them aimed at providing consumers with privacy rights related to online advertising.

Read More.

The New China Data Security Law and the Impact on Multinational Companies

On June 10, 2021, the National People’s Congress of the People’s Republic of China (PRC) approved the passage of the Data Security Law (DSL), which will take effect on Sept. 1, 2021.


Unlike the PRC’s Cybersecurity Law of 2016 (CSL) and the Personal Information Protection Law – undergoing public comment for its second draft, released on April 29, 2021 – both of which permitted organizations doing business in the PRC to implement their own measures to protect personal data and data traversing organizations’ networks, the new DSL will mandate certain measures for the security of any record of information in electronic or other form (including physical copies) that has national or other security implications from a regulatory perspective. Continue Reading

Nevada Gov. Sisolak Signs Senate Bill (SB) 260 Expanding the State’s Internet Privacy Law

On June 2, 2021, Nevada Gov. Stephen F. Sisolak signed SB 260 approving amendments to the Nevada Privacy of Information Collected on the Internet from Consumers Act. Some key changes to the amended law include expanding the definition of “sale,” extending the current obligations of operators to “data brokers,” limiting the cure period and adding new exemptions. The amended law will go into effect on Oct. 1, 2021.

Definition of ‘Sale’

The amended law broadens the definition of “sale” by eliminating the previous requirement that the receiving person of the sale also licenses or sells the covered information after receiving it. Under the broadened definition, a “sale” is “the exchange of covered information for monetary consideration by an operator or data broker to another person.”

This means that what was previously out of scope – for example, the sale of covered information to a person who will use it to directly target consumers, for research purposes and/or for analytics purposes – will now be covered by the amended law. Consequently, a consumer’s right to opt out will apply to these previously out-of-scope transfers of covered information. Continue Reading

COVID-19 Consumer Protection Act Shows Alternative Path to Monetary Remedies

A recent Federal Trade Commission (FTC) action demonstrates how the FTC has pivoted toward enforcement actions based on specific acts of Congress and rules in light of the Supreme Court’s ruling in AMG Capital. Congress passed the COVID-19 Consumer Protection Act in December 2020, which made deceptive acts or practices involving the treatment, cure, prevention, mitigation, or diagnosis of COVID-19 unlawful. Since the pandemic began, the FTC has sent hundreds of warning letters to companies allegedly making deceptive or scientifically unsupported claims regarding their products’ ability to treat or prevent COVID-19.

Despite the hundreds of warning letters, the FTC did not file its first complaint under the COVID-19 Consumer Protection Act until April 15, 2021. In United States v. Nepute et al., the FTC and Department of Justice alleged that Quickwork and its chiropractor CEO, Eric Nepute, deceptively advertised that its vitamin D and zinc products are scientifically proven to treat or prevent COVID-19. Notably, the FTC had previously sent Nepute a warning letter in May 2020 regarding the same practices. After receiving the warning letter, however, the advertiser continued to make claims such as “COVID-19 Patients who get enough Vitamin D are 52% less likely to die.” Continue Reading

Ransomware, COVID-19 and Regulations: Healthcare Entities Confront a Triple Threat

Given what the healthcare industry faced in 2020, the seventh edition of our Data Security Incident Response (DSIR) Report, “Disruption and Transformation,” is aptly titled. As if fighting the COVID-19 pandemic weren’t enough for the industry to tackle, it also faced a surge of ransomware attacks, evolving legal/regulatory considerations, and novel and complex issues presented by pandemic- and technology-driven changes.

The growing wave of ransomware incidents that we saw toward the end of 2019 continued in 2020. Now, however, healthcare organizations are faced with an extra diabolical twist – in addition to the operational disruption, threat actors are now routinely stealing data and threatening to publish it online as an extra inducement for a ransom payment. With this new tactic, which took off in 2020 and is now the norm for nearly all ransomware matters we handle, came much higher ransom demands, longer downtime, and a significant increase in the number of patients requiring notification per HIPAA regulations. Continue Reading

Data Breach Enforcement Is a Global Risk

The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report highlights some regulatory enforcement trends we saw from the European Union (EU) data protection authorities (DPAs) during the past year. EU DPA enforcement actions increased significantly in 2020, as DPAs followed up on personal data breach notices and individual complaints and also launched investigations into other issues of interest. In particular, companies should be aware that a personal data breach notification in the EU may expose its entire General Data Protection Regulation (GDPR) compliance program to a DPA examination, which can uncover areas of noncompliance that result in even larger fines. For example, fines related to the lack of an appropriate legal basis – particularly consent when it is required – for a company’s use of EU personal data have been among the largest fines issued by EU DPAs.

The 2021 Data Security Incident Response Report identifies other DPA personal data breach enforcement trends, such as enforcement of the GDPR’s 72-hour breach notification deadline and DPAs taking a more active role in reviewing the content of individual data breach notifications and providing unofficial orders in the form of suggested actions. We also discuss some of the mitigating factors DPAs have cited for lowering GDPR enforcement fines, including, in some instances, economic hardship caused by the COVID-19 pandemic. Continue Reading

Pairing Real-World™ Problems with Realistic Solutions – a Push for Practical Information Governance

For those attorneys and information governance practitioners unfamiliar with recent pedagogic advancements, “real-world problem solving” moves teaching approaches away from the classical model that assumes individuals will operate logically and in self-interested ways to a more realistic view. The more realistic view then acknowledges the powers of wishful thinking, uneven knowledge across populations, and the politics and dynamics inherent in groups (including, for our purposes, companies and other organizations). This is a challenge for individuals trying to sell outdated textbooks online; this is an improvement for people interested in actually making a difference.

Real-world problem solving is slowly but surely being accepted as the reality of information governance practice as well. This is also an improvement when there are no simple or apparent solutions. Note too that there is no time to lose; while the information people and organizations are collectively governing does not necessarily double year-over-year, it likely will between 2020 and 2024. The situation is intensely and quantitatively complex and involves many moving parts, but the solutions are not complex. That is, commonsense solutions can be the best approach for defensible practices – and can resonate best within the group dynamics that are the reality for most organizations struggling with governance projects. Continue Reading

Texas Passes Bill Allowing Public Listing of Data Breaches, Effective Sept. 1, 2021

On May 31, 2021, the Texas Legislature approved House Bill 3746, which amends the Texas Business and Commerce Code § 521.053 relating to certain notifications required following a data breach involving Texas residents.

The bill includes the existing requirement that any business or entity notify the attorney general of a data breach within 60 days of its occurrence if the breach involves at least 250 Texas residents. The notice must include the nature and circumstances of the breach, the number of residents involved, the number of residents who were sent a notice letter, the measures taken regarding the breach and whether law enforcement is engaged in investigating the breach. In our discussions, with the Texas attorney general’s office, they encourage reporting entities to utilize the online reporting portal.

Notably, the bill allows the attorney general to post on its website a public listing of the data breach notifications received, excluding any sensitive personal information, which will be updated monthly. After one year, the attorney general will remove the posted notification if the entity has not reported any additional breaches during that period.

Once the bill is signed by Texas Gov. Greg Abbott, it will take effect beginning Sept. 1, 2021.