Tag Archives: security

Massachusetts AG Creates “Data Privacy and Security Division”; What Enforcement Changes Will Follow?

Massachusetts Attorney General Maura Healey recently announced the creation of the Data Privacy and Security Division within her office, with the stated goal of “protect[ing] consumers from the surge of threats to the privacy and security of their data in an ever-changing digital economy.”

The leadership of the Office of the Attorney General’s (OAG’s) privacy and security efforts will not change:  Sara Cable,… More

GDPR, CCPA and Now, the NY SHIELD Act: Additional Data Security Responsibilities for Companies Holding the Private Information of NY Residents

On March 21, 2020, the last of the features of the NY Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) became effective:  its data security requirements.  The SHIELD Act is a sweeping statute governing individual rights relating to data breaches.  It was adopted in July 2019 and has been rolled out in the months since then:  its breach notification provisions took effect on October 23, 2019, and its data security requirements have now taken effect. … More

US Security Officials Warning of Cyber Attacks in Wake of Iran Strike

On January 4, 2020, the US Department of Homeland Security posted at National Terrorism Advisory System Bulletin, in the wake of the killing of a senior Iranian military leader by a US drone.  That DHS advisory states:

The United States designated Iran a “State Sponsor of Terrorism” in 1984 and since then, Iran has actively engaged in or directed an array of violent and deadly acts against the United States and its citizens globally.… More

What Do Pumpkin Spice Lattes and National Cybersecurity Awareness Month Have in Common?

What do pumpkin spice lattes and National Cybersecurity Awareness Month have in common?  Not much, other than both should be top of mind in October, but that doesn’t mean that it’s wrong to think about them both in August.

Held every October, National Cybersecurity Awareness Month is a collaborative effort between government and industry to ensure every American has the resources they need to stay safe and secure online while increasing the resilience of the Nation against cyber threats.  … More

China’s Internet Regulator Drafts COPPA-Like Rules for Children’s Data Privacy

In early June, the Cyberspace Administration of China released for public comment new draft regulations applicable to the collection of personal information relating to children under 14 by online service providers.

The draft regulations share many of the same structures as those utilized by the Children’s Online Privacy Protection Act (“COPPA”) in the United States:

  • online service operators will have to obtain parental consent based on a comprehensive disclosure about the collection,…
  • More

Privacy and Data Security Strategies for Start-Up Companies

Start-up companies know that, when potential investors kick the tires, they will look carefully at the company’s business model and IP portfolio.  These days, investors are also likely to look at whether the company is in compliance with privacy and data security laws.  Cybersecurity has become increasingly important for business of all sizes.  While identity thieves may focus on the target rich environments of large-scale enterprises,… More

China Expands Its Cybersecurity Regulations

As noted recently in the Wall Street Journal, “New cybersecurity rules will give Chinese authorities sweeping powers to inspect companies’ information technology and access proprietary information—steps that are likely to deepen concerns among foreign businesses about their China operations.”  These regulations were issued pursuant to the Cybersecurity Law of the People’s Republic of China, which came into force on June 1, 2017.… More

Senator Warner’s White Paper Gives Congress Options for Regulating Social Media and Technology Companies

Senator Mark Warner of Virginia has released a white paper outlining policy proposals for regulating social media and technology companies. The paper has gained significance in recent weeks as pressure builds on Congress to pass federal data privacy legislation. In the wake of Europe’s GDPR and California’s Consumer Privacy Act, industry groups, tech companies, and privacy activists alike have urged Congress to act.… More

California Amends its Consumer Privacy Act

On September 23, 2018, California Governor Jerry Brown signed into law SB-1121, a bill that makes several amendments to the Golden State’s landmark Consumer Privacy Act (“CCPA”). California enacted the CCPA in June after legislators reached a last-minute compromise with a group of privacy activists who would have put a more stringent data protection measure on the November ballot. Given the hasty enactment of the law,… More