Author

Harry Valetk

Browsing

In the United States, a significant legislative trend is on the horizon for insurers in 2020: a new breed of state privacy and cybersecurity laws. In the absence of federal intervention, a growing number of state legislatures are enacting laws and regulations modeling California’s Consumer Privacy Act for all businesses, and, in parallel, prescribing privacy and cybersecurity requirements directed at insurers. To help insurers stay ahead of the curve, we summarize below several cybersecurity measures…

On February 7, 2020, the California Attorney General released its revised draft implementing regulations for the California Consumer Privacy Act. The revised regulations are not yet final. The California AG will accept written comments regarding the updated regulations until 5:00 pm (PST) on Tuesday, February 25, 2020. The following is a high-level overview of the key new requirements under the updated regulations that are important for businesses to consider in connection with their CCPA compliance…

On midnight January 31, 2020, the United Kingdom’s law formally governing its exit from the European Union went into effect.  From a data protection perspective, however, Brexit has not resulted in any changes in law.  In fact, The EU Withdrawal Agreement implements a transition period to resolve post Brexit concerns and other formalities through December 31, 2020.  During that time period, most EU law (including GDPR) will continue to apply, and, presumably, the UK will…

On January 7, 2020, the U.S. Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) announced its 2020 Examination Priorities that included cybersecurity practices. Soon after the publication of the OCIE Examination Priorities, on January 27, 2020, OCIE followed-up with a report entitled Cybersecurity and Resiliency Observations These two OCIE releases, along with prior SEC alerts and actions, provide strong indications that the SEC, in 2020, will be ramping up its focus…

In recent years, South Korea has become synonymous with some of the strictest data protection laws and regulatory requirements in the region. The laws are regulated by the Korea Communications Commission (KCC), the Ministry of the Interior and Safety (MOIS), and other sector-specific supervisory authorities. Recent amendments to these three laws have resulted in stricter penalties, as well as criminal prosecution for data security breaches. Privacy Officer found guilty of criminal negligence for failing to…

The Federal Trade Commission (FTC) finalized settlements with five companies for claiming EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield certification. Those companies included organizations focused on providing workforce solutions, collaboration platforms, artificial intelligence analytics, clinical trial management, and other IT providers. The actions In each case, the FTC alleged that each company wrongfully claimed current certification under either the EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield. Both frameworks establish a mechanism for companies to legally…

The Federal Trade Commission finalized a settlement with cloud software provider InfoTrax Systems, L.C. following claims that it failed to enact sufficient data security policies, enabling a hacker to access sensitive personal data. The security incident According to the FTC, a hacker was able to access InfoTrax System’s server over 20 times from May 2014 to March 2016, successfully obtaining sensitive personal data, which could be used to commit identity theft and fraud. The FTC…

What does this mean for covered businesses? Two important privacy law developments took place last week in California. On 10 October 2019, the California Attorney General (AG) published its proposed regulations under the California Consumer Privacy Act (CCPA), and on 11 October 2019, Governor Gavin Newsom signed several bills that were passed in mid-September amending the CCPA (click here for a summary of those amendments). In this alert, we summarize some of the key requirements…

Earlier this year, California enacted a new first-of-its-kind disclosure law, the Bolstering Online Transparency Act (B.O.T. Act) (Cal. Code BPC § 17940 et seq.), which became effective on July 1, 2019. The B.O.T. Act prohibits the use of a bot to communicate or interact with California residents online, where the intent is to mislead individuals about the bot’s artificial identity, to knowingly deceive individuals about the content of the communication, in order to incentivize a…

On 25 July 2019, the New York Governor, Andrew Cuomo, signed into law the “Stop Hacks and Improve Electronic Data” Act (S.6933-B) (SHIELD). When it becomes effective, SHIELD will provide stronger protections for New Yorkers by imposing strict cybersecurity requirements on all companies that handle their private information, even if those companies are located elsewhere. SHIELD updates New York’s existing privacy protection laws governing data breach notification requirements, consumer data protection obligations, and broadens the…