Tag Archives: data privacy

North Carolina is the First State to Prohibit Public Entities from Paying Ransoms: What Does This Mean for North Carolina Public Schools and Universities?

On April 5th, North Carolina became the first state to prohibit state agencies and local governments from paying ransoms after becoming victims of a ransomware attack. Indeed, in addition to prohibiting said entities from paying ransoms, North Carolina’s new law actually goes so far as to prohibit a public entity from even communicating with threat … Continue Reading

2022 DSIR Deeper Dive: Increased Regulatory Scrutiny of Cybersecurity Incidents

Our 2022 Data Security Incident Response Report discussed the increased regulatory scrutiny of cybersecurity incidents and defenses following a year of high-profile and damaging cyberattacks, including the Russia-based SolarWinds espionage campaign and the Colonial Pipeline ransomware attack. This article summarizes several U.S. government actions aiming to improve the nation’s cybersecurity and the government’s ability to … Continue Reading

It’s Elementary: Measures that Educational Institutions Should Take to Prepare for Ransomware Attacks: Part 3

PART 1 PART 2 PART 3 In the event of a ransomware attack, there are a host of legal frameworks that could potentially be implicated.  Whether those laws apply often depends on the nature of the data that the threat actor accessed and/or acquired.  In this installment, we address the laws that could be implicated … Continue Reading

A Digital Advertising Primer on Preparing for the Post-Cookie World: Part Four

Part I: What Are Third-Party Cookies and Why They Are Important Part II: Privacy Laws and Third-Party Cookies Part III: The Big Tech Phase-Out of the Third-Party Cookie and the Emerging Industry Landscape – Browsers and Mobile Part IV: The Big Tech Phase-Out of the Third-Party Cookie and the Emerging Industry Landscape – First-Party Data … Continue Reading

Part 2 of BakerHostetler’s Countdown to CPRA – Top 5 FAQs to Evaluate Compliance Strategy for Employees

In Part 1 of BakerHostetler’s Countdown to CPRA blog series, we provided initial guidance to businesses on key California Privacy Rights Act (CPRA) compliance readiness considerations. On January 1, 2023, California could become the first U.S. state to enact a comprehensive data privacy law covering employment-related data (“B2E”), whereas the California Consumer Privacy Act (CCPA) … Continue Reading

A Road Map for CPRA Compliance

For companies preparing to comply with the California Privacy Rights Act (CPRA), operative on Jan. 1, 2023, this Road Map summarizes the provisions of the California Consumer Privacy Act (CCPA), which the CPRA amends, and the new requirements under the CPRA. It also includes a checklist of practical compliance actions. Read the Road Map.… Continue Reading

CPRA Rulemaking Explained and CPRA Amendments Push Forward, Including Employee and Business-to-Business Exemptions

On Feb. 18, Chairperson Jennifer Urban of the California Privacy Protection Agency (CPPA) addressed the California state bar and clarified the announcements that were made during the CPPA board meeting on Feb. 17. Read on for an explanation of the California Privacy Rights Act (CPRA) rulemaking process and brief summaries of the privacy bills in … Continue Reading

CPRA Regulations Postponed

On Feb. 17, 2022, the California Privacy Protection Agency (CPPA or the Agency) held a public board meeting to address several topics, including the rulemaking under the California Privacy Rights Act (CPRA). Although the CPRA includes a July 1 deadline for the Agency to promulgate final regulations, it is clear the CPPA will not meet … Continue Reading

A Digital Advertising Primer on Preparing for the Post-Cookie World: Part Three

Part I: What Are Third-Party Cookies and Why They Are Important Part II: Privacy Laws and Third-Party Cookies Part III: The Big Tech Phase-Out of the Third-Party Cookie and the Emerging Industry Landscape – Browsers and Mobile — PART III — The Big Tech Phase-Out Welcome to the third installment in our eight-part series preparing … Continue Reading

A Digital Advertising Primer on Preparing for the Post-Cookie World: Part Two

Part I: What Are Third-Party Cookies and Why they are Important — PART II — Privacy Laws And Third-Party Cookies Welcome to our second installment in our eight-part series preparing you for the post-cookie world. In our first post, we provided a deep dive into cookies for a baseline understanding of the technology and why … Continue Reading

US Facial Recognition Firm Ordered to Stop Processing UK and Australian Data and Pay Fine Over Privacy Law Violations

ICO and OAIC Find ‘Serious Breaches’ of Privacy Law On Nov. 29, 2021, the U.K. Information Commissioner’s Office (ICO) announced a provisional intent to fine Clearview AI over £17 million, alleging several privacy violations related to the company’s use of “scraped” data and biometrics of individuals. More significantly, the provisional order would require the company … Continue Reading

A Digital Advertising Primer on Preparing for the Post-Cookie World: Part One

Editor’s Note: This blog post was originally published in September 2021, courtesy of the Association of National Advertisers. It is repurposed with permission. — PART I — Overview of the Five-Part Series In a time of constant change in digital advertising, there is one consistent question that persists in advertisers’ minds: What do we do after third-party … Continue Reading

California Privacy Protection Agency Board Chair Discusses CPRA Rulemaking Process and Agency Authority

Justin T. Yedor and Jeewon Serrato On October 5, 2021, Jennifer Urban, who serves as Chair of the Board the California Privacy Protection Agency (the CPPA) spoke with members of the California Lawyer’s Association about the Board’s work to get the new Agency off the ground, the challenges it faces in doing so and the … Continue Reading

The Impact of Data Security Incident Trends on Commercial Transactions: Part II – Development Agreements

The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report – a report based on the firm’s experience with data security incident response and litigation over the past year – features a number of important insights previously covered in this blog, including trends in global breach notification, healthcare industry risks and ransomware. The report is … Continue Reading

CPRA Rulemaking Begins with an Invitation by the New California Privacy Protection Agency

By Justin Yedor, Stanton Burke, and Jeewon K. Serrato For businesses awaiting guidance on how to comply with the California Privacy Rights Act (the “CPRA”), the new California Privacy Protection Agency (“CPPA”) began the rulemaking process on September 22, 2021 with an Invitation for Preliminary Comments on Proposed Rulemaking (the “Invitation for Comment”).  In the … Continue Reading

Ohio Proposes Comprehensive Privacy Legislation

Ohio recently became the latest state to consider enacting comprehensive privacy legislation. On July 13, 2021, the Ohio Personal Privacy Act (House Bill 376) was introduced into the Ohio House of Representatives with the backing of Ohio Governor Mike DeWine and Lt. Governor Jon Husted. If passed, OPPA would establish consumer data rights for natural … Continue Reading

The Impact of Data Security Incident Trends on Commercial Transactions: Part I – M&A

The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report – a report based on the firm’s experience with data security incident response and litigation over the past year – features a number of important insights previously covered on this blog including trends in global breach notification, healthcare industry risks and ransomware. The Report is … Continue Reading

Virginia Likely to Become Second State with Comprehensive Privacy Legislation

With a special session scheduled to begin Feb. 10, Virginia is poised to become the second state to pass comprehensive consumer privacy legislation. The Consumer Data Protection Act (CDPA) passed the Virginia Senate on Friday, Feb. 5, and has been referred back to the Virginia House to be reconciled. Seeing that the House previously passed … Continue Reading

What Can We Learn From the Healthcare Data Breach ‘Wall of Shame’?

In addition to dealing with the public outcry and regulatory scrutiny resulting from a healthcare data breach, covered entities under the Health Insurance Portability and Accountability Act (or their business associates) are required to report breaches to the Department of Health & Human Services’ (HHS) Office for Civil Rights. But the pain doesn’t end there. … Continue Reading

Navigating the State Data Breach Laws? An Enhanced Resource is Available

In large security incidents, the differences among state breach notification laws usually do not come into play. In smaller matters, where individuals in only a few states are potentially affected, the differences sometimes result in having an obligation to notify individuals in some states but not others. And states have been active in amending their … Continue Reading

The Weekly Privacy Rewind

Class Actions Google Seeks Dismissal of BIPA Class Action • Google has sought dismissal of a putative class action lawsuit alleging violations of Illinois’ Biometric Information Privacy Act (BIPA). • According to the original complaint, Google allegedly violated BIPA by scanning photos of nonusers uploaded to Google Photos and then “extracting geometric data” of the … Continue Reading

Looking Back: The Federal Trade Commission Issues Annual Data Privacy Report for 2017

On Jan. 18, 2018, the Federal Trade Commission (FTC) published its Annual Privacy and Data Security Update. The update is helpful to businesses in that it recaps the efforts and areas of involvement the FTC has targeted in the past year as well as guides data protection strategies for 2018. The report provides a detailed … Continue Reading

SAMHSA Updates Privacy Regulations to Reflect Advancements in Healthcare

On Jan. 3, 2018, the Substance Abuse and Mental Health Services Administration (SAMHSA) issued its final rule regarding the Confidentiality of Substance Use Disorder Patient Records Part 2. These changes become effective Feb. 2, 2018. As background, the Confidentiality of Substance Use Discover Patient Records Part 2 protects patient records maintained in connection with any … Continue Reading
LexBlog