Leveraging Knowledge to Manage Your Data Risks
U.S. companies are running out of time to comply with a sweeping new Department of Justice (DOJ) rule that limits sharing sensitive personal data with certain foreign countries—including China, Russia, and Iran. With a hard compliance deadline of July 8, 2025, businesses must act quickly to avoid steep civil or criminal penalties.
The rule…
The California Consumer Privacy Protection Agency (CPPA) Board issued a stipulated final order against Todd Snyder, Inc., a clothing retailer based in New York, requiring the company to pay a $345,178 fine and update its privacy program to settle allegations that it violated the California Consumer Privacy Act (CCPA). Specifically, Todd Snyder must update its methods…
PIH Health, a health care entity located in California, suffered a data breach in June 2019 when 45 employee email accounts were compromised in a targeted phishing campaign. The accounts contained the protected health information (PHI) of 189,763 individuals, including their names, social security numbers, driver’s license numbers, diagnoses, lab tests, medications, treatment, claims, and…
Generative Artificial Intelligence (Gen AI) is transforming industries at an unprecedented pace, unlocking new possibilities in automation, creativity, and problem-solving. However, as we look toward 2025, the success and sustainability of Gen AI will depend on one critical element: information governance. Governance frameworks will provide the foundation for ethical AI development and ensure compliance, accountability…
The California Privacy Rights Act (CPRA) expands the definition of personal information as it currently exists in the California Consumer Privacy Act (CCPA). The CPRA adds “sensitive personal information” as a defined term, which means:
(l) personal information that reveals:
(A) a consumer’s social security, driver’s license, state identification card, or passport number;
(B) a…
Small health care organizations may think they are under the radar of the Office for Civil Rights (OCR), but a settlement the OCR agreed to last week should disabuse small health care providers of that notion.
On July 23, 2020, the OCR issued a press release outlining the terms of its settlement with Metropolitan Community…
This week we continue our series of articles on the California Consumer Privacy Act of 2018 (CCPA). We’ve been discussing the broad nature of this privacy law and answering some general questions, such as what is it? Who does it apply to? What protections are included for consumers? How does it affect businesses? What rights…
It has long been standard practice to include data privacy and security due diligence in mergers and acquisitions for technology companies. Over the last several years, there has been an increase in data breaches which are costly and damaging to a company’s brand, and therefore, we have seen an uptick in companies including detailed requests…
The use of drones use has grown rapidly in recent years, especially in the commercial sector, where the Federal Aviation Administration projects that the number of units in the commercial small drone fleet will exceed 420,000 units by 2021. As businesses continue to incorporate drones into their everyday operations, they also will want to set…
The National Governors Association released a road map report on December 9 entitled, Getting the Right Information to the Right Health Care Providers at the Right Time: A Road Map for States to Improve Health Information Flow Between Providers. The report aims at reducing the legal barriers that prevent the effective and efficient flow of…
