The California Attorney General sent a sweep of notices to businesses with loyalty programs alleging noncompliance with the California Consumer Privacy Act.
Effective January 1, 2022, California Senate Bill 41, the Genetic Information Privacy Act (GIPA), imposes requirements on the collection, use, and disclosure of genetic data collected or derived from direct-to-consumer genetic testing products and services.
The EDPB releases guidelines to clarify a simple but surprisingly confusing question, “What is a data transfer under the GDPR?” In light of the new guidelines, businesses should review potential transfer activities and ensure that the proper transfer mechanisms are in place.
On November 17, 2021, the Department of Defense (DoD) published an advanced notice of proposed rulemaking in connection with announced changes to the Cybersecurity Maturity Model Certification (CMMC) for the defense industrial base, styled “CMMC 2.0.”
In a Notice of Inquiry, the FCC is requesting public comment in a proceeding that will help determine the scope and nature of regulation of the “Internet of Things” for the next several decades.
Personal information is one of the most valuable assets held by any organization. When dealing with employee benefits, the type of personal information managed is quite sensitive and, therefore, requires a heightened level of care and an increased value.
In Blackbaud Inc. Customer Data Security Breach Litigation, No. 3:20-mn-02972 (D.S.C. Aug. 12, 2021), a federal judge found that defendant, Blackbaud Inc. was subject to the CCPA despite its motion to dismiss asserting that it did not qualify as a “business” under the Act.
Schiff Hardin LLP is pleased to announce that Partner Adam Diederich has been named among Crain’s Chicago Business’ Notable Rising Stars in Law for 2021.
The Middle District of Pennsylvania recently rejected arguments that a report created in response to a data breach was protected as work-product and/or under attorney-client privilege because:
The Department of Labor (DOL) recently issued new guidance on best practices for maintaining cybersecurity in connection with ERISA plans (the Guidance).
Although the Connecticut legislature was not successful in passing a privacy law similar to those passed in California, Colorado and Virginia, on June 24, 2021, the “Act Incentivizing The Adoption Of Cybersecurity Standards For Businesses” (Public Act No. 21-119 ) (“Cybersecurity Standards Act”)
Colorado passes its own omnibus state privacy law. Although there are overlaps with the California and Virginia privacy laws, the Colorado Privacy Act has its own distinctions and variations, namely a longer cure period and an explicit ban on consent obtained through dark patterns.
Crippling data breaches and sophisticated ransomware attacks are increasingly common threats to modern businesses. Ransomware attacks can not only target confidential company data and data collected from customers but employee data as well.
The legislation updates the Children’s Online Privacy Protection Act (COPPA) by prohibiting internet companies from collecting personal information from anyone 13- to 15-years old without the user’s consent