Kentucky Governor Andy Beshear recently signed House Bill 474 to become the latest state to enact data insurance security legislation. The new law is modeled after the data security law of the National Association of  Insurance Commissioners (NAIC). Licensees with more than 50 employees who are authorized to operate, or are registered under the insurance

Governor Glenn Youngkin of Virginia recently approved legislation to amend the Virginia Consumer Data Protection Act (VCDPA). In a time when data privacy bills creep through state legislatures only to die in committee, Virginia has not only passed a privacy law, but has also now amended that law. Three bills were recently signed by the

At the International Association of Privacy Professionals Global Privacy Summit earlier this week, Federal Trade Commission Chair Lina Khan rounded out her first year on the job by calling out “overwhelming” consumer privacy policies. While nearly every company online must post a privacy policy, many of these policies are written in dense legal jargon that

This week we learned that the email and social media marketing company Mailchimp suffered a data breach that allowed an intruder to view 319 Mailchimp accounts. According to multiple sources, audience data were accessed from 102 of those accounts.

It was reported that the threat actor was able to breach Mailchimp’s systems through social engineering

Private employers in New Jersey need to be aware of the latest employee privacy law that will take effect on April 18, 2022. A3950 prohibits employers from knowingly using a “tracking device” in a vehicle used by an employee without providing written notice to the employee.

Employers that violate this new law can be subject

Indiana has amended its breach notification law to require entities to notify individuals “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” It clarifies that a delay is “reasonable” if it is: “(1) necessary to restore the integrity of the computer system; (2) necessary to discover the scope

We all know businesses collect our data. But did you know that businesses can draw inferences from those data to determine whether a consumer is married, or is a homeowner, or is a likely voter? Recently, the question arose whether those inferences constitute personal information under the California Consumer Privacy Act of 2018 (CCPA or

New York recently passed legislation to amend the definition of elder abuse to include identity theft. This is important as an acknowledgement of the seriousness of the problem of identity theft involving the elderly, and the legislation will also allow victims of identity theft to be eligible for resources that provide support services and programs