Robinson+Cole's Data Privacy + Cybersecurity Team

Kentucky Governor Andy Beshear recently signed House Bill 474 to become the latest state to enact data insurance security legislation. The new law is modeled after the data security law of the National Association of  Insurance Commissioners (NAIC). Licensees with more than 50 employees who are authorized to operate, or are registered under the insurance

Governor Glenn Youngkin of Virginia recently approved legislation to amend the Virginia Consumer Data Protection Act (VCDPA). In a time when data privacy bills creep through state legislatures only to die in committee, Virginia has not only passed a privacy law, but has also now amended that law. Three bills were recently signed by the

This week we learned that the email and social media marketing company Mailchimp suffered a data breach that allowed an intruder to view 319 Mailchimp accounts. According to multiple sources, audience data were accessed from 102 of those accounts.

It was reported that the threat actor was able to breach Mailchimp’s systems through social engineering

Private employers in New Jersey need to be aware of the latest employee privacy law that will take effect on April 18, 2022. A3950 prohibits employers from knowingly using a “tracking device” in a vehicle used by an employee without providing written notice to the employee.

Employers that violate this new law can be subject

The National Institute of Standards and Technology (NIST) recently released a Request for Information (RFI) that seeks to gather information to help evaluate and improve cybersecurity resources for the cybersecurity framework and cybersecurity supply chain risk management.

NIST indicated in its FAQs about the RFI that it is seeking feedback on the following objectives:

  • Evaluate

We all know businesses collect our data. But did you know that businesses can draw inferences from those data to determine whether a consumer is married, or is a homeowner, or is a likely voter? Recently, the question arose whether those inferences constitute personal information under the California Consumer Privacy Act of 2018 (CCPA or

New York recently passed legislation to amend the definition of elder abuse to include identity theft. This is important as an acknowledgement of the seriousness of the problem of identity theft involving the elderly, and the legislation will also allow victims of identity theft to be eligible for resources that provide support services and programs

Do you use 123456 as a password? We hope not, as it was the number one most common leaked password on the dark web according to a recent article from cnbc.com. Other common passwords were 111111, ABC123, and, of course, Password. The list of 20 common passwords was identified by the company, Lookout, from passwords

California is the gold standard for state privacy laws, having recently enacted the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Virginia and Colorado also have enacted comprehensive privacy laws, which will take effect in 2023. Recently, the International Association of Privacy Professionals (IAPP) released its state privacy legislation tracker.

In a recent report by the Association of Corporate Counsel, a survey of chief legal counsels provided confirmation of what we’ve been saying for a while: expectations of increased regulatory enforcement, and privacy and cybersecurity are driving organizations to dedicate more efforts to compliance. In fact, 64 percent of those surveyed responded that they expected