Saturday, October 16, 2021

Subscribers Only

Free

California’s New Privacy Agency Kicks Off the New CPRA Rulemaking Process

On September 22, the California Privacy Protection Agency—the new agency established by the California Privacy Rights and Enforcement Act (CPRA)—released an Invitation for Preliminary Comments on Proposed Rulemaking. The CPRA amends and extends the CCPA and the privacy obligations for entities that do business in California that flow from it, including establishing the privacy agency […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

CPRA Rulemaking Begins with an Invitation by the New California Privacy Protection Agency

For businesses awaiting guidance on how to comply with the California Privacy Rights Act (CPRA), the new California Privacy Protection Agency (CPPA) began the rulemaking process on September 22, with an Invitation for Preliminary Comments on Proposed Rulemaking. In the invitation, the CPPA specifically highlights eight areas in which the agency is particularly interested in […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

All CPRA Comments due November 8, 2021

The California Privacy Protection Agency refreshed its invitation for public comments on the California Privacy Rights Act regulations. It clarified that commenters can comment on the enumerated topics we discussed here or any others. The deadline for the comments is November 8, 2021. More at Covington & Burling
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Fall Cybersecurity Enforcement Update: State and Federal Regulators Increase Scrutiny on Victims of Cyberattacks

We have written here previously about the dramatic increase in cyberattacks on companies of all types since the start of the COVID-19 pandemic. Indeed, by some estimates, ransomware attacks have increased over 90% during the first half of 2021 compared to the same period last year. As these and other types of cyberattacks have increased, […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Under Pressure: California Clarifies Cyber Risk Management Best Practices for Healthcare Sector

On August 24, California’s attorney general Rob Bonta issued a guidance bulletin to health care providers reminding them of their compliance obligations under the state’s health data privacy laws, and urging providers to take proactive steps to protect against cybersecurity threats. This guidance comes, in part, as a response to federal regulators sounding the alarm […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

California Privacy Protection Agency Seeks Comments on Preliminary CPRA Issues

The California Privacy Protection Agency (CPPA), which is responsible for issuing regulations implementing the California Privacy Rights Act (CPRA), has posted its approved discussion draft for seeking public comments in preparation for its CPRA rulemaking activities.  The CPPA indicated that it is particularly interested in receiving comments on the following eight topics: Determining what processing […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

CCPA Enforcement is Picking Up. Are you Ready?

California’s new Attorney General Rob Bonta has stepped up enforcement of the CCPA, and we have compiled a checklist based on CCPA enforcement actions taken. The California OAG appears to have been targeting, in particular, the public disclosures companies make regarding handling of personal information, as well as maintaining effective, proper and streamlined methods for […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

States Hire ‘Cyber Navigators’ for Local Election Officials

Local election officials are often underfunded or lack the expertise to protect their systems from cyber threats. In response, several states – so far including Florida, Illinois, Iowa, Massachusetts, Michigan, Minnesota, and Ohio – have launched “cyber navigator” programs to assist them. These offer qualified experts who can serve as contacts, offering guidance to local […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

OSFI Issues Stricter Reporting Requirements for Technology and Cybersecurity Incidents

On August 13, 2021, Canada’s Office of the Superintendent of Financial Institutions (OSFI) issued a new advisory on Technology and Cyber Security Incident Reporting. The 2021 Advisory replaces OSFI’s guidance from 2019 on how and when federally regulated financial institutions (FRFIs) are required to notify OSFI about technology or cybersecurity incidents. In general, the 2021 […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Indiana, Cybersecurity Vendor Dispute Circumstances of Data Breach

Indiana officials say that an unauthorized party recently accessed the personal information of about 750,000 state residents from a COVID-19 contact-tracing database, identifying it as a cybersecurity vendor “that intentionally looks for software vulnerabilities, then reaches out to seek business.” They say the vulnerability was immediately corrected after the breach, but the company – independently […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.