Robinson+Cole's Data Privacy + Cybersecurity Team

California is the gold standard for state privacy laws, having recently enacted the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Virginia and Colorado also have enacted comprehensive privacy laws, which will take effect in 2023. Recently, the International Association of Privacy Professionals (IAPP) released its state privacy legislation tracker.

In a recent report by the Association of Corporate Counsel, a survey of chief legal counsels provided confirmation of what we’ve been saying for a while: expectations of increased regulatory enforcement, and privacy and cybersecurity are driving organizations to dedicate more efforts to compliance. In fact, 64 percent of those surveyed responded that they expected

The European Union’s General Data Protection Regulation (GDPR) first launched the concept of data minimization, which states that a data controller should limit the collection of personal information to what is directly relevant and necessary to accomplish a specified purpose. This seems like a simple concept: an entity should only collect personal information that is

The office of the Colorado Attorney General, Phil Weiser, recently issued a data security best practices guidance document as part of his office’s role in “implementing and enforcing data security and data privacy laws.” In recent remarks on Data Privacy Day on January 28, 2022, the Attorney General (the AG) discussed the upcoming rulemaking process

The Federal Energy Regulatory Commission (FERC) is tasked with keeping our electric grid safe and maintaining reliable and secure energy for U.S. consumers. On January 20, FERC issued a Notice of Proposed Rulemaking (NOPR) that proposes to strengthen its Critical Infrastructure Protection Reliability Standards by requiring internal network security monitoring for high and medium impact

Mobile health apps are growing in popularity and their number is increasing every year. Many of us find it convenient to use an app to schedule medical appointments, check medical records, track and store health data, and check symptoms. App developers have always needed to be mindful of protecting the privacy of the information that

This is the time of year for thought pieces reflecting on the past year or so to speculate on the hot topics for next year. I began to wonder about California Consumer Privacy Act (CCPA) enforcement actions over the past year as this was something that we speculated about not that long ago. The California

The Department of Homeland Security (DHS) announced a “bug bounty” program on December 14, 2021,  called “Hack DHS.” Yes, you read that right. DHS is actually going to invite select cybersecurity “hackers” to try to hack into its systems. DHS created the program to “identify potential cybersecurity vulnerabilities within certain DHS systems and increase the

Massachusetts Governor Charlie Baker and Rhode Island Governor Dan McKee recently announced that they are considering implementing vaccine passport programs in their respective states. Baker stated that he is working with other states to use a QR code system that allows users to scan to verify vaccination status. In Rhode Island, the Department of Health