Massachusetts AG Creates “Data Privacy and Security Division”; What Enforcement Changes Will Follow?

Massachusetts Attorney General Maura Healey recently announced the creation of the Data Privacy and Security Division within her office, with the stated goal of “protect[ing] consumers from the surge of threats to the privacy and security of their data in an ever-changing digital economy.”

The leadership of the Office of the Attorney General’s (OAG’s) privacy and security efforts will not change:  Sara Cable,… More

Privacy Shield: We’ve Lost the EU but We’ve Still Got Switzerland!

In the wake of the Schrems II decision invalidating the the EU-US Privacy Shield, the US Department of Commerce has decided it should make lemonade out of the Schrems lemons.  The Department recently issued a set of FAQs, which go on at length about how the Swiss-US Privacy Shield is still in place and the steps that businesses can take to participate:

The Swiss-U.S.… More

A “Time of Heightened Tensions”: Homeland Security and National Security Agency Issue Joint Cybersecurity Alert

On July 23, 2020, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), joined by the National Security Agency (NSA), issued a cybersecurity alert to operators of critical infrastructure.  This cybersecurity alert outlines a series of “immediate actions” companies should take to reduce the risk of operational interference resulting from cyberattack. Unlike the bulletin issued by the Department of Homeland Security in January of 2020,… More

FERC NOI Considers Expansion of Cybersecurity Rules to Distributed Generation

On Wednesday, June 24, 2020, the Federal Energy Regulatory Commission (FERC or “the Commission”) published a Notice of Inquiry (NOI) in the Federal Register soliciting comments on Federal Energy Regulatory Commissionpotential enhancements to the Critical Infrastructure Protection (CIP) Reliability Standards[1] that currently exist to help our energy infrastructure protect itself from attack. (Initial Comments are due by August 24, 2020, and Reply Comments are due by September 22,… More

Privacy Shield No Longer Viable Basis for EU-US Data Transfers

On July 16, 2020, the European Court of Justice issued one of its most important decisions on data privacy law (Schrems II), holding that the EU-US Privacy Shield is no longer a viable mechanism for EU-US data transfers under the European General Data Protection Regulation (GDPR). Entities that relied on the Privacy Shield will immediately need to find another basis for their EU-US personal data transfers.… More

Watch Now: Maintaining Privacy and Data Security in the Remote Workplace

The coronavirus pandemic has required a rapid and dramatic shift to remote work, raising important implications for workplace privacy and information security. Some of these concerns are new; others are the same concerns that employers have always held, now amplified by the increasingly blurred lines between work and home. All of these concerns will remain as the workplace travels from the office to the home and, in the near future,… More

Watch Now: CCPA Enactment: What Stays the Same and New Privacy Concerns After COVID-19

Chris Hart and Colin Zick, both Partners at Foley Hoag and Co-Chairs of the Privacy and Data Security Practice joined Mass Technology Leadership Council for their regular update on CCPA and other global and state privacy regulations.

This program, which was planned prior to the COVID-19 outbreak in the US, did provide an update on what California is currently enforcing and who is leading the charge.… More

Privacy v. Speech? Supreme Court to Weigh in on TCPA Restrictions on Automated Calls

The Supreme Court on May 6, 2020 heard oral argument on a widely-watched First Amendment case that may have broad ramifications for the Telephone Consumer Protection Act and, potentially, government restrictions on telecommunications more broadly.

Originally passed in 1991, the Telephone Consumer Protection Act is enforced by the Federal Communications Commission and contains various restrictions on telemarketing, including the use of auto-dialers (sometimes called “robocallers”).  The FCC has strengthened the law’s restrictions over time and adapted them to newer communications technologies,… More

GDPR, CCPA and Now, the NY SHIELD Act: Additional Data Security Responsibilities for Companies Holding the Private Information of NY Residents

On March 21, 2020, the last of the features of the NY Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) became effective:  its data security requirements.  The SHIELD Act is a sweeping statute governing individual rights relating to data breaches.  It was adopted in July 2019 and has been rolled out in the months since then:  its breach notification provisions took effect on October 23, 2019, and its data security requirements have now taken effect. … More