State and Local

To note the one year anniversary of the California Consumer Privacy Act enforcement date, California Attorney General Rob Banta held a press conference to share key information about enforcement efforts and announce a new consumer privacy tool. There are two key takeaways from this announcement. First, it is important to note that the AG’s office […]

On July 6, 2021, Connecticut enacted a new law that creates a safe harbor for companies that followed certain cybersecurity protocols, in the event there’s a security breach. The law is similar to the one Ohio enacted in 2018. Both laws apply to “covered entities” that possess “personal information” and suffer a “breach of security […]

In reaction to the continued uptick in high profile data incidents, Wisconsin Governor Evers signed into law Act 73, a law establishing cybersecurity requirements for the insurance industry’s protection of data collected. With a stroke of a pen, Wisconsin joins the growing number of states imposing cybersecurity regulations on insurance providers. Insurance Commissioner Mark Afable […]

The Colorado Legislature recently passed the Colorado Privacy Act, joining Virginia and California as states with comprehensive privacy legislation. Colorado Governor Jared Polis signed the bill (SB 21-190) into law on July 7, and it will go into effect on July 1, 2023. How does the measure stack up against the VCDPA and the CCPA […]

On March 2, 2021, Governor Ralph Northam signed the Virginia Consumer Data Protection Act into law. This made Virginia the second state to enact a consumer privacy and data security law, and follows hot the heels of the California Consumer Privacy Act and the newly-enacted California Privacy Rights and Enforcement Act. Virginia’s recent action is […]

Ransomware attacks have been soaring in frequency and severity, affecting companies, government agencies, and nonprofits and leading to larger and larger ransom demands as a condition for unlocking the victim’s information systems. On June 30, 2021, the New York State Department of Financial Services (NYDFS) issued guidance on how potential victims can minimize the risk […]

The New York Department of Financial Services issued has new guidance intended to assist organizations in thwarting ransomware attacks. The guidance clarifies its expectation that NYDFS-regulated companies should “implement these controls whenever possible” and report any successful deployment of ransomware or unauthorized access to privilege accounts to the NYDFS under its established cybersecurity event reporting […]

On July 7, 2021, Gov. Jared Polis signed into law the Colorado Privacy Act (CPA), which will go into effect on July 1, 2023. Like California’s and Virginia’s data privacy laws, the CPA aims to provide consumers with greater control over their data and enhanced transparency with respect to how their data is used. However, […]

A group of nine associations of state and local government officials has sent a letter to House and Senate leaders of both parties asking them to include a new cybersecurity grant program in some relevant upcoming legislation. The letter cites statistics of growing ransomware attacks, and asks Congress to “authorize and fully fund” a dedicated […]

On July 7, Colorado Governor Jared Polis signed into law the Colorado Privacy Act, a far-reaching statute providing Colorado residents new rights to control the collection, use, and disclosure of their personal information by businesses active in the state. In so doing, Gov. Polis made Colorado the third state, following California and Virginia, to mandate […]