State data privacy laws Archive
It has been a busy time for cybersecurity pronouncements on both sides of the Atlantic. First there was President Biden’s National Cybersecurity Strategy, then the UK government’s data protection reform bill and its white paper on AI (artificial intelligence), and …
Product liability has been a significant area for class action litigation, with billions of dollars of awards made. Recent litigation includes cases against Johnson & Johnson and Bayer, which began after the organizations’ products were found to increase the risk …
A data breach is a type of security incident that leads to the accidental or unlawful destruction, loss, alteration, authorized disclosure of, or access to, sensitive information. These incidents occur when personal information is mishandled, whether through malicious intent, carelessness, …
This is a guest article by IT Governance USA GDPR Consultant William Gamble. I am one of the few lawyers with an advanced certification in cybersecurity. I help organizations identify and comply with relevant cybersecurity and privacy laws. Four years …
Last month, the U.S. Congress passed the CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act of 2022), which requires organizations involved in critical infrastructure to report cybersecurity incidents within 72 hours. Jen Easterly, the head of the CISA (Cybersecurity and …
The United States was once the leader in creating rules curtailing fraud on stock exchanges. One of its most famous rules, Rule 10-b5 codified at 17 CFR 240.10b-5, was created in the 1940s and prohibits acts or omissions resulting in …
The odds of an organization experiencing a cyber security breach are about 30% in any two-year period. A cybersecurity breach can have major, sometimes catastrophic, effects – on an organization’s reputation and even the cost of debt. This makes responding …
Data privacy laws in the United States are notoriously tricky. There are a patchwork of industry-specific federal laws and state legislations whose scope and jurisdiction vary. And to complicate matters further, each state has its own requirements for disclosing security …
Do you operate in Massachusetts? Do you regularly process the personal information of people in the state? If so, you may be aware of a law dating back to 2010 that requires that “every person that owns or licenses personal …
The U.S. Presidential election has left voters grasping for certainty when it comes to executive leadership. What is clear is that voters in California have overwhelmingly approved Proposition 24, also known as the CPRA (California Privacy Rights Act). The CPRA …