Privacy and Security Law – The New Normal

Showing 30 posts by Mitzi L. Hill.

Privacy Laws Heating Up Across the US

Face recognition application

2021 may be the year that privacy legislation explodes across the US.  Already, several states including New York, Virginia, and Washington have introduced some form of privacy legislation (many are re-introducing bills that did not pass in 2020).  

Continue reading Privacy Laws Heating Up Across the US ›

California Privacy Rights Act to Spur Additional Privacy Compliance Efforts

CCPA

Many businesses devoted substantial resources to privacy compliance in 2020, thanks to the California Consumer Privacy Act (CCPA).  They will be rewarded for that effort: during the fall election, Californians approved a ballot initiative that will strengthen the CCPA, dedicate billions of state dollars to privacy enforcement, and create a new enforcement agency for personal privacy rights.

Continue reading California Privacy Rights Act to Spur Additional Privacy Compliance Efforts ›

Threat Actor in Iran Acting Against Certain VPN Products

The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have published a warning regarding attacks to certain VPN products by a known threat actor based in Iran.  The CISA warning is here for reference.  Once it has attacked the specified vulnerabilities, the threat actor is able “to gain initial access to targeted networks and then maintained access within the successfully exploited networks for several months using multiple means of persistence,” according to CISA. 

Continue reading Threat Actor in Iran Acting Against Certain VPN Products ›

EU Data Transfers Under Fire

News emerged this week that the Irish data authority will order Facebook to stop use in the US of data and information about Irish residents. This development is part of a long-running saga between the EU and the US about what constitutes “adequate” protection of personal data about European individuals. If your company has employees, customers, or suppliers in Europe and relies on contracts, government certification, or other formal mechanisms to allow you to use data about those individuals on systems located in the US, the Facebook news and related issues may be relevant.

Continue reading EU Data Transfers Under Fire ›

New Phishing Scam Targeting Remote Workers

The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning regarding a new “voice phishing” scam arising from the massive shift to teleworking during the pandemic. Under the new scheme, threat actors posing as the company IT department call workers and request usernames and passwords for the company’s systems in order to log into a new VPN link. The “bad guys” then have access to the company’s existing VPN and log in as if they are legitimate employees.

Continue reading New Phishing Scam Targeting Remote Workers ›

California Consumer Privacy Act Implementing Regulations Now Final

Posted In CCPA

Earlier this summer, the Attorney General of California issued draft regulations to clarify and expand certain parts of the California Consumer Privacy Act (CCPA). On August 14, the draft regulations took effect. This means that, two years after its tumultuous drafting and passage, the full CCPA and its associated regulations are in effect. In addition, the Attorney General now has a full set of rules to enforce regarding how companies collect, use, and store “personal information” of California residents.

Continue reading California Consumer Privacy Act Implementing Regulations Now Final ›

CCPA Now Enforceable by California AG; New Regulations Require Attention

Posted In CCPA

July 1 has arrived, which means that the California Attorney General (AG) may now enforce the state’s recently-enacted privacy statute, the California Consumer Privacy Act (CCPA).  Because of the breadth of the law, and the multiple evolutions of its requirements, this is a good time to check in on your compliance – even if you did some footwork at the end of 2019 in anticipation of the new law – to ensure that you are up to date with all the new elements of the CCPA. 

Continue reading CCPA Now Enforceable by California AG; New Regulations Require Attention ›

Some Legal Considerations for Zoom and Teleconference Meetings

The swift proliferation of Zoom and similar teleworking tools, due to the enforced work-at-home environment, has brought a number of security headaches with it. In addition to security, there are also other areas of risk to think through and manage. Below is a list of some of those areas, and recommended steps to mitigate associated risks.

Continue reading Some Legal Considerations for Zoom and Teleconference Meetings ›

Business Continuity During Coronavirus Lockdowns: Am I an “Essential” Business?

Men talking at work

With at least one in four Americans living under lockdown orders due to the Covid-19 pandemic, a new question has started to affect many US companies: can my company stay open during a lockdown?

Continue reading Business Continuity During Coronavirus Lockdowns: Am I an “Essential” Business? ›

Medicare Telehealth Waivers During the Covid-19 Emergency

My colleague Dan Brown wrote an interesting post on recent virus-related Medicare telehealth waivers. Of particular interest to those in the privacy arena are the HIPAA waivers in point 2 of the post.

Stay Connected

Subscribe to blog updates via email

Contributors