State and Local

On September 22, the California Privacy Protection Agency—the new agency established by the California Privacy Rights and Enforcement Act (CPRA)—released an Invitation for Preliminary Comments on Proposed Rulemaking. The CPRA amends and extends the CCPA and the privacy obligations for entities that do business in California that flow from it, including establishing the privacy agency […]

For businesses awaiting guidance on how to comply with the California Privacy Rights Act (CPRA), the new California Privacy Protection Agency (CPPA) began the rulemaking process on September 22, with an Invitation for Preliminary Comments on Proposed Rulemaking. In the invitation, the CPPA specifically highlights eight areas in which the agency is particularly interested in […]

The California Privacy Protection Agency refreshed its invitation for public comments on the California Privacy Rights Act regulations. It clarified that commenters can comment on the enumerated topics we discussed here or any others. The deadline for the comments is November 8, 2021. More at Covington & Burling

We have written here previously about the dramatic increase in cyberattacks on companies of all types since the start of the COVID-19 pandemic. Indeed, by some estimates, ransomware attacks have increased over 90% during the first half of 2021 compared to the same period last year. As these and other types of cyberattacks have increased, […]

On August 24, California’s attorney general Rob Bonta issued a guidance bulletin to health care providers reminding them of their compliance obligations under the state’s health data privacy laws, and urging providers to take proactive steps to protect against cybersecurity threats. This guidance comes, in part, as a response to federal regulators sounding the alarm […]

The California Privacy Protection Agency (CPPA), which is responsible for issuing regulations implementing the California Privacy Rights Act (CPRA), has posted its approved discussion draft for seeking public comments in preparation for its CPRA rulemaking activities.  The CPPA indicated that it is particularly interested in receiving comments on the following eight topics: Determining what processing […]

California’s new Attorney General Rob Bonta has stepped up enforcement of the CCPA, and we have compiled a checklist based on CCPA enforcement actions taken. The California OAG appears to have been targeting, in particular, the public disclosures companies make regarding handling of personal information, as well as maintaining effective, proper and streamlined methods for […]

Local election officials are often underfunded or lack the expertise to protect their systems from cyber threats. In response, several states – so far including Florida, Illinois, Iowa, Massachusetts, Michigan, Minnesota, and Ohio – have launched “cyber navigator” programs to assist them. These offer qualified experts who can serve as contacts, offering guidance to local […]

On August 13, 2021, Canada’s Office of the Superintendent of Financial Institutions (OSFI) issued a new advisory on Technology and Cyber Security Incident Reporting. The 2021 Advisory replaces OSFI’s guidance from 2019 on how and when federally regulated financial institutions (FRFIs) are required to notify OSFI about technology or cybersecurity incidents. In general, the 2021 […]

Indiana officials say that an unauthorized party recently accessed the personal information of about 750,000 state residents from a COVID-19 contact-tracing database, identifying it as a cybersecurity vendor “that intentionally looks for software vulnerabilities, then reaches out to seek business.” They say the vulnerability was immediately corrected after the breach, but the company – independently […]