Cybersecurity 2020 — The Year in Preview: The Energy Sector’s Growing Vulnerability to Cyberattack

Editors’ Note:  This is the second in our fourth-annual end-of-year series examining important trends in data privacy and cybersecurity in the coming year.  Our previous entry discussed the CCPA.  Up next:  a look at the effect of Brexit on the GDPR.

The electric power grid is subject to escalating threats of attack by foreign adversaries and individual bad actors. … More

CCPA: Q&As for Investment Advisers and Private Fund Managers

As you may already be aware, the CCPA goes into effect on January 1, 2020. California’s Attorney General has issued draft regulations under the CCPA and final regulations are expected to be issued shortly. Below are some frequently asked questions and answers about the CCPA as a short guide to assist you with understanding what the CCPA may require.

What is the CCPA?

It is the new California Consumer Privacy Act (CCPA) that creates new “consumer” rights relating to the access to,… More

Cybersecurity 2020 — The Year in Preview: Top 11 CCPA Developments to Watch Out for in 2020

Editors’ Note:  This is the first in our fourth-annual end-of-year series examining important trends in data privacy and cybersecurity in the coming year.  Up next:  a look at trends in the energy space.

Lists of “top” things used to come in a standard size of 10: The 10 Commandments, 10 Things I Hate About You, David Letterman’s Top 10,… More

Presentation: GDPR and Health Care

Partner Colin Zick recently joined a Bloomberg Law webinar on GDPR and healthcare.  Topics included: GPDR compliance requirements impacting the health care industry, the costs of data privacy and security failures and strategies for developing data privacy programs for GDPR compliance specific to health care. Click here to download the materials. More

InfoTrax Systems Settles FTC Allegations It Failed to Safeguard Consumer Data

InfoTrax Systems, a Utah-based technology company, has agreed to implement a comprehensive data security program to settle Federal Trade Commission allegations that the company failed to put in place reasonable security safeguards, which allowed a hacker to access the personal information of a million consumers.  InfoTrax Systems, L.C., provides back-end operation services to multi-level marketers. This includes such services as compensation, inventory, orders, accounting, training,… More

Countdown to CCPA: Foley Hoag Podcast Series Number 2

The passage of the California Consumer Privacy Act (CCPA) was a seismic event in U.S. data privacy law. CCPA has an expansive, rights-based approach to privacy, with national and international ramifications.

Foley Hoag attorneys Colin ZickChris Hart, Yoni Bard and Scott Bloomberg present a second podcast discussing the latest developments with the CCPA. Click here to listen to part one.

CCPA Amendments – and a Ballot Initiative on the Horizon

October brought three new developments to California’s comprehensive data privacy law, the California Consumer Privacy Act (“CCPA” or “Act”).  First, the state enacted a series of amendments to the CCPA that both clarify ambiguities and create new exceptions.    Second, we learned that the organization whose 2018 ballot initiative pushed California to enact the CCPA is planning to introduce another data privacy ballot initiative in 2020.  Finally, California’s Attorney General published draft regulations for notice and comment.… More

Presentation: MaHIMA Dot Wagg Memorial Legislative Seminar

Partner Colin Zick recently spoke at the MaHIMA Dot Wagg Memorial Legislative Seminar on HIPAA updates. Click here to download the slides. Topics included: HIPAA FAQs on right of access, CMS interoperability and the patient access proposed rule, HIPAA enforcement trends, the proposed AKS safe harbors, and more. More

Lessons Learned From The Greek Supervisory Authority’s PwC Decision on Employee Data Under GDPR

On 26 July 2019, the Greek Supervisory Authority (SA) found Pricewaterhouse Coopers (“PwC”) not compliant with General Data Protection Regulation (GDPR) in relation to the processing of its Greek employees’ personal data. The SA issued a €150,000 fine and an injunction requiring PwC to take measures to comply within three months (which is has apparently done). A summary of the decision in English is available on the Greek SA’s website.… More