Deborah George

Deborah George

Deborah George is a member of Robinson+Cole’s Business Litigation Group as well as its Data Privacy + Cybersecurity Team. Ms. George advises clients on and focuses her practice on data privacy and security, cybersecurity, and compliance with related state and federal laws. She also has experience providing counsel in civil litigation and employment law matters. She has significant experience offering advice and counsel on legal issues related to human services agencies, including Medicaid, as well as drafting and reviewing contracts, business associate agreements, and data use agreements. Read her full rc.com bio here.

Subscribe to all posts by Deborah George

CCPA Final Proposed Regulations Filed

The California Attorney General submitted the final proposed California Consumer Privacy Act (CCPA) regulations on June 1, 2020 to the California Office of Administrative Law (OAL) for review. According to the Attorney General’s submission, OAL has thirty working days to review the regulations, plus an additional sixty calendar days under the Governor’s Executive Order N-40-20 … Continue Reading

CCPA 2.0 May Be Heading for the November Ballot in California

The consumer group Californians for Consumer Privacy announced on May 4, 2020, that it was submitting well over 900,000 signatures to qualify the California Privacy Rights Act (CPRA) for the November 2020 ballot. This new ballot initiative, which can be reviewed here, creates some additional consumer privacy rights and expands some areas already included in … Continue Reading

New York Department of Financial Services Issues Guidance Regarding Heightened Cybersecurity Awareness During COVID-19 Pandemic

The New York Department of Financial Services (DFS) recently issued guidance to its regulated entities regarding heightened cybersecurity awareness as a result of the COVID-19 pandemic. DFS described three primary areas of heightened risk during this time: remote working, increased instances of phishing and fraud, and third-party risks. With respect to remote working, DFS noted … Continue Reading

Businesses and Trade Groups Seek Delay in CCPA Enforcement Actions

Recently businesses and advertising trade groups wrote a letter to the California Attorney General Xavier Becerra to request delayed enforcement of the California Consumer Privacy Act (CCPA) as a result of the COVID-19 global pandemic. The letter cited the current health crisis as a result of COVID-19 and a state of national emergency as the … Continue Reading

California Attorney General Releases Additional Modifications to Draft CCPA Regulations

On March 11, 2020, the California Attorney General released the second set of modifications to the draft California Consumer Privacy Act (CCPA) regulations. This set of modifications contains deletions to language that was included in the February modifications to the regulations as well as some new language. Notable changes include the deletions of the “do … Continue Reading

Department of Health & Human Services Office for Civil Rights Issues Guidance Regarding HIPAA Privacy and Novel Coronavirus

The Office of Civil Rights (OCR) last month provided guidance and a reminder to HIPAA covered entities and their business associates regarding the sharing of patient health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule during an outbreak or emergency situation such as what we are all facing right now … Continue Reading

OIG Audit Finds that Majority of Part D Providers Surveyed Used E1 Transactions for Potentially Inappropriate Purposes

The Centers for Medicare and Medicaid Services (CMS) requested an audit by the Office of Inspector General (OIG) of Medicare Part D eligibility verification transactions (E1) transactions. The OIG recently released its report which found that the majority of the providers evaluated used E1 transactions for some inappropriate purpose other than to bill for a … Continue Reading

The Washington Privacy Act – Re-Introduced for 2020 – Is it the Best of CCPA and GDPR?

Washington legislators recently introduced the Washington Privacy Act (WPA). This legislation is a consumer-focused privacy law similar to the California Consumer Privacy Act (CCPA) but it also has some European Union General Data Protection Regulation (GDPR)-like concepts. The WPA protects personal data in much the same way as the CCPA, but with some significant differences. … Continue Reading

California Attorney General Releases Modified Draft CCPA Regulations

On February 10, 2020, the California Attorney General’s Office released modified California Consumer Privacy Act (CCPA) regulations. There are some notable differences in the regulations from the first draft, which can be seen in this redlined version. This article will highlight some of the new language added in the latest draft of the regulations. What’s … Continue Reading

IoT Manufacturers – What You Need to Know About California’s IoT Law

California has a privacy law that took effect on January 1, 2020, and it’s not the California Consumer Privacy Act (CCPA). This new privacy law regulates Internet of Things (IoT)-connected devices. SB 327 was enacted in 2018 and became effective on January 1, 2020. The California IoT law requires manufacturers of connected devices to equip … Continue Reading

NIST Releases Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management

The National Institute of Standards and Technology (NIST) released its first privacy framework tool  (the Privacy Framework) on January 16, 2020. In the Executive Summary, NIST states that with the unprecedented flow of data of individuals through a complex digital ecosystem, individuals may not be able to understand the potential consequences for their privacy as they … Continue Reading

Knowledge is Power: California Attorney General Issues Advisory on the CCPA

California Attorney General Xavier Becerra said last week that “knowledge is power, and in today’s world knowledge is derived from data. When it comes to your own data, you should be in control…” These words came in an Advisory highlighting California consumers’ rights under the California Consumer Privacy Act (CCPA). The Advisory outlined several areas … Continue Reading

CCPA Recap for the New Year

After much anticipation and trepidation, the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. Many companies are understandably still grappling with the details of the law, the amendments, and the proposed regulations and how to comply with them. If you have not determined whether the CCPA applies to your company, and … Continue Reading

FTC Settles First Case Involving Stalkerware

Would you hand over your smartphone, including your call history, text messages, photos, GPS locations, and browser history to your employer? To your significant other? How about to a random stranger? I’m guessing your answer is an overwhelming “No” to each of these questions. Stalkerware and stalking apps do just that. Both are spyware that … Continue Reading

CCPA News: Amendments Signed into Law by the California Governor and Draft Regulations Released by the State’s Attorney General

Last week was a busy week for the California Consumer Privacy Act (CCPA), as Attorney General Xavier Becerra released draft regulations on October 10 and Governor Newsom signed several pending CCPA amendments into law on October 11.  The CCPA amendments clarified several important issues, including: employee information and business-to-business (B2B) communications are exempt from the … Continue Reading

From California to Nevada: Another State Privacy Law That You Need to Know

While we’ve discussed the California Consumer Privacy Act (CCPA) at length, Nevada was busy amending its internet privacy law and in the process beat California’s deadline for the effective date by three months. Nevada’s SB 220 is effective as of October 1, 2019. This law prevents covered operators from selling individual’s personal information and allows … Continue Reading

Cybersecurity and the Electric Grid – New GAO Report Identifies Actions Needed to Address Cybersecurity Risks

The United States Government Accounting Office (GAO) recently issued a report on the cybersecurity risks facing the electric grid. The GAO reviewed the cybersecurity of the electric grid to determine the risks and challenges facing the grid, to describe federal efforts to address those risks, to assess the extent to which the Department of Energy … Continue Reading

CCPA Draft Regulations Expected in October

Bloomberg Law reported this week that California Attorney General Xavier Becerra expects to issue draft regulations for the California Consumer Privacy Act (CCPA) in October. Bloomberg reported that AG Becerra told reporters the regulations would be published next month. Businesses and consumers will then be able to submit public comments to the regulations. Bloomberg also reported … Continue Reading

NIST Privacy Framework Draft Released

The National Institute of Standards and Technology (NIST) recently released its draft Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (Privacy Framework). What is the NIST Privacy Framework? First, let’s begin with what is NIST? NIST was founded in 1901 and is now part of the U.S. Department of Commerce. According to … Continue Reading

Court Finds That Insurer’s Quote Implied Coverage for Computer Hacking Losses

In an interesting case from Indiana, a court recently ruled that language in the insurer’s “quotes” for coverage in a crime policy led the insured to believe that losses for computer hacking would be covered under the policy if the insured purchased coverage. The case, Metal Pro Roofing, LLC v. Cincinnati Insurance Company, 2019 WL … Continue Reading

Can You Really Protect Against Ransomware?

We’ve written a few times recently about municipalities, companies, and government agencies hit with ransomware attacks this year. In early July, it was reported that a court system in Georgia was attacked with ransomware, causing lawyers, court employees and the public to have to rely on “old school” paper to file pleadings and keep the … Continue Reading

Oregon’s New IoT Law

Oregon became the latest state to require manufacturers of internet “connected devices” that make, sell or offer to sell the devices in the state to equip the device with “reasonable security features” according to Oregon House Bill 2395 amending ORS 646.607. According to the law, “[R]easonable security features” means methods to protect a connected device … Continue Reading
LexBlog