Tag Archives: data privacy

North Carolina is the First State to Prohibit Public Entities from Paying Ransoms: What Does This Mean for North Carolina Public Schools and Universities?

Photo of Elise ElamPhoto of Benjamin WangerBy Elise Elam and Benjamin Wanger on Posted in Data Counsel
On April 5th, North Carolina became the first state to prohibit state agencies and local governments from paying ransoms after becoming victims of a ransomware attack. Indeed, in addition to prohibiting said entities from paying ransoms, North Carolina’s new law actually goes so far as to prohibit a public entity from even communicating with threat … Continue Reading

2022 DSIR Deeper Dive: Increased Regulatory Scrutiny of Cybersecurity Incidents

Photo of Teresa Goody GuillénPhoto of Andreas KaltsounisBy Teresa Goody Guillén and Andreas Kaltsounis on Posted in Data Security Incident Response
Our 2022 Data Security Incident Response Report discussed the increased regulatory scrutiny of cybersecurity incidents and defenses following a year of high-profile and damaging cyberattacks, including the Russia-based SolarWinds espionage campaign and the Colonial Pipeline ransomware attack. This article summarizes several U.S. government actions aiming to improve the nation’s cybersecurity and the government’s ability to … Continue Reading

It’s Elementary: Measures that Educational Institutions Should Take to Prepare for Ransomware Attacks: Part 3

Photo of Benjamin WangerPhoto of Allison ClarkBy Benjamin Wanger and Allison Clark on Posted in Ransomware
PART 1 PART 2 PART 3 In the event of a ransomware attack, there are a host of legal frameworks that could potentially be implicated.  Whether those laws apply often depends on the nature of the data that the threat actor accessed and/or acquired.  In this installment, we address the laws that could be implicated … Continue Reading

A Digital Advertising Primer on Preparing for the Post-Cookie World: Part Four

Photo of Fernando A. Bohorquez, Jr.Photo of Gerald J. FergusonPhoto of Yadilsa DiazPhoto of Priyanka SurapaneniBy Fernando A. Bohorquez, Jr., Gerald J. Ferguson, Yadilsa Diaz and Priyanka Surapaneni on Posted in Cookies
Part I: What Are Third-Party Cookies and Why They Are Important Part II: Privacy Laws and Third-Party Cookies Part III: The Big Tech Phase-Out of the Third-Party Cookie and the Emerging Industry Landscape – Browsers and Mobile Part IV: The Big Tech Phase-Out of the Third-Party Cookie and the Emerging Industry Landscape – First-Party Data … Continue Reading

Part 2 of BakerHostetler’s Countdown to CPRA – Top 5 FAQs to Evaluate Compliance Strategy for Employees

Photo of Jennifer MitchellPhoto of Foram DmytrykBy Jennifer Mitchell and Foram Dmytryk on Posted in CPRA
In Part 1 of BakerHostetler’s Countdown to CPRA blog series, we provided initial guidance to businesses on key California Privacy Rights Act (CPRA) compliance readiness considerations. On January 1, 2023, California could become the first U.S. state to enact a comprehensive data privacy law covering employment-related data (“B2E”), whereas the California Consumer Privacy Act (CCPA) … Continue Reading

A Road Map for CPRA Compliance

Photo of Jennifer MitchellPhoto of Jeewon SerratoPhoto of Shruti Bhutani AroraPhoto of Marshall J. MatteraBy Jennifer Mitchell, Jeewon Serrato, Shruti Bhutani Arora and Marshall J. Mattera on Posted in CPRA
For companies preparing to comply with the California Privacy Rights Act (CPRA), operative on Jan. 1, 2023, this Road Map summarizes the provisions of the California Consumer Privacy Act (CCPA), which the CPRA amends, and the new requirements under the CPRA. It also includes a checklist of practical compliance actions. Read the Road Map.… Continue Reading

CPRA Rulemaking Explained and CPRA Amendments Push Forward, Including Employee and Business-to-Business Exemptions

Photo of Jeewon SerratoPhoto of Marshall J. MatteraBy Jeewon Serrato and Marshall J. Mattera on Posted in CPRA
On Feb. 18, Chairperson Jennifer Urban of the California Privacy Protection Agency (CPPA) addressed the California state bar and clarified the announcements that were made during the CPPA board meeting on Feb. 17. Read on for an explanation of the California Privacy Rights Act (CPRA) rulemaking process and brief summaries of the privacy bills in … Continue Reading

CPRA Regulations Postponed

Photo of Jeewon SerratoPhoto of Justin T. YedorPhoto of Marshall J. MatteraBy Jeewon Serrato, Justin T. Yedor and Marshall J. Mattera on Posted in CPRA
On Feb. 17, 2022, the California Privacy Protection Agency (CPPA or the Agency) held a public board meeting to address several topics, including the rulemaking under the California Privacy Rights Act (CPRA). Although the CPRA includes a July 1 deadline for the Agency to promulgate final regulations, it is clear the CPPA will not meet … Continue Reading

A Digital Advertising Primer on Preparing for the Post-Cookie World: Part Three

Photo of Fernando A. Bohorquez, Jr.Photo of Gerald J. FergusonPhoto of Yadilsa DiazPhoto of Priyanka SurapaneniBy Fernando A. Bohorquez, Jr., Gerald J. Ferguson, Yadilsa Diaz and Priyanka Surapaneni on Posted in Cookies
Part I: What Are Third-Party Cookies and Why They Are Important Part II: Privacy Laws and Third-Party Cookies Part III: The Big Tech Phase-Out of the Third-Party Cookie and the Emerging Industry Landscape – Browsers and Mobile — PART III — The Big Tech Phase-Out Welcome to the third installment in our eight-part series preparing … Continue Reading

A Digital Advertising Primer on Preparing for the Post-Cookie World: Part Two

Photo of Gerald J. FergusonPhoto of Fernando A. Bohorquez, Jr.Photo of Yadilsa DiazBy Gerald J. Ferguson, Fernando A. Bohorquez, Jr. and Yadilsa Diaz on Posted in Cookies, Data Privacy, GDPR, Privacy
Part I: What Are Third-Party Cookies and Why they are Important — PART II — Privacy Laws And Third-Party Cookies Welcome to our second installment in our eight-part series preparing you for the post-cookie world. In our first post, we provided a deep dive into cookies for a baseline understanding of the technology and why … Continue Reading

US Facial Recognition Firm Ordered to Stop Processing UK and Australian Data and Pay Fine Over Privacy Law Violations

Photo of Jeewon SerratoPhoto of Shea M. LeitchBy Jeewon Serrato and Shea M. Leitch on Posted in AI, Biometrics, Data Privacy, GDPR, Privacy, Privacy Litigation
ICO and OAIC Find ‘Serious Breaches’ of Privacy Law On Nov. 29, 2021, the U.K. Information Commissioner’s Office (ICO) announced a provisional intent to fine Clearview AI over £17 million, alleging several privacy violations related to the company’s use of “scraped” data and biometrics of individuals. More significantly, the provisional order would require the company … Continue Reading

A Digital Advertising Primer on Preparing for the Post-Cookie World: Part One

Photo of Gerald J. FergusonPhoto of Fernando A. Bohorquez, Jr.Photo of Yadilsa DiazBy Gerald J. Ferguson, Fernando A. Bohorquez, Jr. and Yadilsa Diaz on Posted in Data Privacy, Emerging Technology
Editor’s Note: This blog post was originally published in September 2021, courtesy of the Association of National Advertisers. It is repurposed with permission. — PART I — Overview of the Five-Part Series In a time of constant change in digital advertising, there is one consistent question that persists in advertisers’ minds: What do we do after third-party … Continue Reading

California Privacy Protection Agency Board Chair Discusses CPRA Rulemaking Process and Agency Authority

Photo of Justin T. YedorPhoto of Jeewon SerratoBy Justin T. Yedor and Jeewon Serrato on Posted in CCPA, Consumer Data, CPRA, Data Privacy, Data Protection, Uncategorized
Justin T. Yedor and Jeewon Serrato On October 5, 2021, Jennifer Urban, who serves as Chair of the Board the California Privacy Protection Agency (the CPPA) spoke with members of the California Lawyer’s Association about the Board’s work to get the new Agency off the ground, the challenges it faces in doing so and the … Continue Reading

The Impact of Data Security Incident Trends on Commercial Transactions: Part II – Development Agreements

Photo of Craig CarpenterBy Craig Carpenter on Posted in Cybersecurity, Data Breach Notification Laws, Data Breaches, Information Security, Uncategorized
The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report – a report based on the firm’s experience with data security incident response and litigation over the past year – features a number of important insights previously covered in this blog, including trends in global breach notification, healthcare industry risks and ransomware. The report is … Continue Reading

CPRA Rulemaking Begins with an Invitation by the New California Privacy Protection Agency

Photo of Justin T. YedorPhoto of Stanton BurkePhoto of Jeewon SerratoBy Justin T. Yedor, Stanton Burke and Jeewon Serrato on Posted in CCPA, CPRA, Information Security, Online Privacy, Uncategorized
By Justin Yedor, Stanton Burke, and Jeewon K. Serrato For businesses awaiting guidance on how to comply with the California Privacy Rights Act (the “CPRA”), the new California Privacy Protection Agency (“CPPA”) began the rulemaking process on September 22, 2021 with an Invitation for Preliminary Comments on Proposed Rulemaking (the “Invitation for Comment”).  In the … Continue Reading

Ohio Proposes Comprehensive Privacy Legislation

Photo of Damon C. BarhorstPhoto of William BerglundBy Damon C. Barhorst and William Berglund on Posted in Consumer Data, Data Protection, Enforcement, Privacy, State Legislation
Ohio recently became the latest state to consider enacting comprehensive privacy legislation. On July 13, 2021, the Ohio Personal Privacy Act (House Bill 376) was introduced into the Ohio House of Representatives with the backing of Ohio Governor Mike DeWine and Lt. Governor Jon Husted. If passed, OPPA would establish consumer data rights for natural … Continue Reading

The Impact of Data Security Incident Trends on Commercial Transactions: Part I – M&A

Photo of Craig CarpenterBy Craig Carpenter on Posted in Data Security Incident Response
The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report – a report based on the firm’s experience with data security incident response and litigation over the past year – features a number of important insights previously covered on this blog including trends in global breach notification, healthcare industry risks and ransomware. The Report is … Continue Reading

Virginia Likely to Become Second State with Comprehensive Privacy Legislation

By Kyle Dull and Kyle R. Fath on Posted in CDPA
With a special session scheduled to begin Feb. 10, Virginia is poised to become the second state to pass comprehensive consumer privacy legislation. The Consumer Data Protection Act (CDPA) passed the Virginia Senate on Friday, Feb. 5, and has been referred back to the Virginia House to be reconciled. Seeing that the House previously passed … Continue Reading

What Can We Learn From the Healthcare Data Breach ‘Wall of Shame’?

Photo of Eric A. PackelBy Eric A. Packel on Posted in HHS, HIPAA/HITECH
In addition to dealing with the public outcry and regulatory scrutiny resulting from a healthcare data breach, covered entities under the Health Insurance Portability and Accountability Act (or their business associates) are required to report breaches to the Department of Health & Human Services’ (HHS) Office for Civil Rights. But the pain doesn’t end there. … Continue Reading

Navigating the State Data Breach Laws? An Enhanced Resource is Available

Photo of Julie HeinBy Julie Hein on Posted in Breach Notification, Data Breach Notification Laws
In large security incidents, the differences among state breach notification laws usually do not come into play. In smaller matters, where individuals in only a few states are potentially affected, the differences sometimes result in having an obligation to notify individuals in some states but not others. And states have been active in amending their … Continue Reading

The Weekly Privacy Rewind

By Aaron Lancaster on Posted in Weekly Privacy Rewind
Class Actions Google Seeks Dismissal of BIPA Class Action • Google has sought dismissal of a putative class action lawsuit alleging violations of Illinois’ Biometric Information Privacy Act (BIPA). • According to the original complaint, Google allegedly violated BIPA by scanning photos of nonusers uploaded to Google Photos and then “extracting geometric data” of the … Continue Reading

Looking Back: The Federal Trade Commission Issues Annual Data Privacy Report for 2017

By John Busch on Posted in Cybersecurity, Enforcement, News
On Jan. 18, 2018, the Federal Trade Commission (FTC) published its Annual Privacy and Data Security Update. The update is helpful to businesses in that it recaps the efforts and areas of involvement the FTC has targeted in the past year as well as guides data protection strategies for 2018. The report provides a detailed … Continue Reading

SAMHSA Updates Privacy Regulations to Reflect Advancements in Healthcare

Photo of Lynn SessionsPhoto of Kathryn CareyBy Lynn Sessions and Kathryn Carey on Posted in HIPAA/HITECH, Privacy Litigation
On Jan. 3, 2018, the Substance Abuse and Mental Health Services Administration (SAMHSA) issued its final rule regarding the Confidentiality of Substance Use Disorder Patient Records Part 2. These changes become effective Feb. 2, 2018. As background, the Confidentiality of Substance Use Discover Patient Records Part 2 protects patient records maintained in connection with any … Continue Reading
LexBlog