Photo of Deborah George

Deborah George is a member of Robinson+Cole’s Business Litigation Group as well as its Data Privacy + Cybersecurity Team. Ms. George advises clients on and focuses her practice on data privacy and security, cybersecurity, and compliance with related state and federal laws. She also has experience providing counsel in civil litigation and employment law matters. She has significant experience offering advice and counsel on legal issues related to human services agencies, including Medicaid, as well as drafting and reviewing contracts, business associate agreements, and data use agreements. Read her full rc.com bio here.

Kentucky Governor Andy Beshear recently signed House Bill 474 to become the latest state to enact data insurance security legislation. The new law is modeled after the data security law of the National Association of  Insurance Commissioners (NAIC). Licensees with more than 50 employees who are authorized to operate, or are registered under the insurance

Governor Glenn Youngkin of Virginia recently approved legislation to amend the Virginia Consumer Data Protection Act (VCDPA). In a time when data privacy bills creep through state legislatures only to die in committee, Virginia has not only passed a privacy law, but has also now amended that law. Three bills were recently signed by the

This week we learned that the email and social media marketing company Mailchimp suffered a data breach that allowed an intruder to view 319 Mailchimp accounts. According to multiple sources, audience data were accessed from 102 of those accounts.

It was reported that the threat actor was able to breach Mailchimp’s systems through social engineering

Private employers in New Jersey need to be aware of the latest employee privacy law that will take effect on April 18, 2022. A3950 prohibits employers from knowingly using a “tracking device” in a vehicle used by an employee without providing written notice to the employee.

Employers that violate this new law can be subject

The National Institute of Standards and Technology (NIST) recently released a Request for Information (RFI) that seeks to gather information to help evaluate and improve cybersecurity resources for the cybersecurity framework and cybersecurity supply chain risk management.

NIST indicated in its FAQs about the RFI that it is seeking feedback on the following objectives:

  • Evaluate

We all know businesses collect our data. But did you know that businesses can draw inferences from those data to determine whether a consumer is married, or is a homeowner, or is a likely voter? Recently, the question arose whether those inferences constitute personal information under the California Consumer Privacy Act of 2018 (CCPA or

California is the gold standard for state privacy laws, having recently enacted the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Virginia and Colorado also have enacted comprehensive privacy laws, which will take effect in 2023. Recently, the International Association of Privacy Professionals (IAPP) released its state privacy legislation tracker.

In a recent report by the Association of Corporate Counsel, a survey of chief legal counsels provided confirmation of what we’ve been saying for a while: expectations of increased regulatory enforcement, and privacy and cybersecurity are driving organizations to dedicate more efforts to compliance. In fact, 64 percent of those surveyed responded that they expected