State data privacy laws Archive
Only three U.S. states have laws protecting biometric data: Illinois, Texas, and Washington. Of those, Illinois’s BIPA (Biometric Information Privacy Act) is the most rigorous, and its rules have led to almost 2,000 class action lawsuits being filed since 2017. …
U.S. organizations might be surprised by the recent onslaught of information security requirements issued by the SEC (Securities and Exchange Commission). It has put forward two proposals aimed at regulating cybersecurity: the Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure …
When a new rule or regulation comes into effect, organizations usually have one question: Does it apply to me? For U.S. businesses in the health care industry and defense industry, the answer is rather simple. If the new rule covers …
It has been a busy time for cybersecurity pronouncements on both sides of the Atlantic. First there was President Biden’s National Cybersecurity Strategy, then the UK government’s data protection reform bill and its white paper on AI (artificial intelligence), and …
Product liability has been a significant area for class action litigation, with billions of dollars of awards made. Recent litigation includes cases against Johnson & Johnson and Bayer, which began after the organizations’ products were found to increase the risk …
A data breach is a type of security incident that leads to the accidental or unlawful destruction, loss, alteration, authorized disclosure of, or access to, sensitive information. These incidents occur when personal information is mishandled, whether through malicious intent, carelessness, …
This is a guest article by IT Governance USA GDPR Consultant William Gamble. I am one of the few lawyers with an advanced certification in cybersecurity. I help organizations identify and comply with relevant cybersecurity and privacy laws. Four years …
Last month, the U.S. Congress passed the CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act of 2022), which requires organizations involved in critical infrastructure to report cybersecurity incidents within 72 hours. Jen Easterly, the head of the CISA (Cybersecurity and …
The United States was once the leader in creating rules curtailing fraud on stock exchanges. One of its most famous rules, Rule 10-b5 codified at 17 CFR 240.10b-5, was created in the 1940s and prohibits acts or omissions resulting in …
The odds of an organization experiencing a cyber security breach are about 30% in any two-year period. A cybersecurity breach can have major, sometimes catastrophic, effects – on an organization’s reputation and even the cost of debt. This makes responding …