A data security incident will always require a technical response, and usually that technical response will come from outside experts. Those experts are hired to investigate and remediate an incident. Since data incidents can lead to government investigations and litigation, the question is whether digital forensics reports from those vendors — and the communications around those reports — will be subject to discovery when litigation occurs. A recent decision in this important and evolving area of case law makes clear that protecting those reports and communications is very difficult,… More
Monthly Archives: August 2021
Colorado Becomes that Latest State to Adopt a New Data Privacy Law
On July 7, 2021, Governor Jared Polis signed into law the Colorado Privacy Act (CPA), making Colorado the most recent state to enact comprehensive privacy legislation. While the CPA does not take effect until July 1, 2023, it contains robust provisions that businesses will need some time to prepare for.
The CPA draws many principles from and has a similar framework to the California Consumer Privacy Act (CCPA),… More
China Adopts New Data Security Law
On June 10, 2021, China adopted a new Data Security Law that will impact every business operating in or doing business with China. The law, which will take effect in less than a month (September 1, 2021), is sweeping in scope, imposes extensive data processing obligations, and establishes potentially severe penalties for violations. Although many of the details surrounding implementation remain unclear, given the law’s extensive requirements and severe penalties for noncompliance,… More