The Department of Health and Human Services Issues Guidelines on Cybersecurity
On December 28, 2018, the U.S. Department of Health and Human Services (“HHS”) released the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication (the “Cybersecurity Guidelines”), which provides voluntary cybersecurity practices designed to reduce security risks and improve security for various healthcare organizations. Specifically, the Cybersecurity Guidelines […]
Notes from first CCPA Public Forum in San Francisco
On Tuesday in San Francisco, the California Department of Justice (“DOJ”) held its first of six public forums on the California Consumer Privacy Act of 2018 (“CCPA”) before a packed room of industry representatives and public citizens. The forums are intended to fulfill the Attorney General’s mandate under CCPA to […]
“New” Application to an Old Problem: Pennsylvania Supreme Court’s Ruling Likely to Lead to More Cybersecurity Negligence Lawsuits
Pennsylvania’s Supreme Court (“Court”) cleared a path for employees seeking to hold employers responsible for data breaches affecting their information. The Court found that employers are legally obligated to implement and maintain reasonable security measures to protect employees’ personal data in their possession. The Court’s logic, however, may extend beyond […]
California Attorney General Announces CCPA Workshops
The California State Attorney General’s office announced that it will be holding six rulemaking workshops for the California Consumer Privacy Act of 2018 (“CCPA”). The workshop dates and locations are: January 8 – San Francisco January 14 – San Marcos January 24 – Riverside January 25 – Los Angeles February […]
California Regulates Online Bots
Citing the proliferation of online bots used to deceive consumers and influence voters, the California legislature recently passed the nation’s first law directly regulating online bots. Enacted on September 28, 2018, SB 1001 prohibits use of online bots in a deceptive or misleading manner for certain commercial or political purposes. […]
SEC Poised to Ramp up Cybersecurity Enforcement
On October 16, 2018, the Securities and Exchange Commission (SEC) issued an investigative report signaling its intent to use sections 13(b)(2)(B)(i) and (iii) of the Securities Exchange Act of 1934 (the “Exchange Act”) to pursue enforcement actions against public companies that fail to tailor their internal controls to evolving cyber […]
California Consumer Privacy Act of 2018 – Full Text
For your ease of reference, we reproduce here a formatted, hyperlinked copy of the California Consumer Privacy Act of 2018 (CCPA), current as of February 4, 2020. We’ve included in parentheses the general topic for each section, though this our own interpretation and not set out in the CCPA itself. […]
What the American Bar Association’s Formal Opinion 483 Means for Lawyers
Last week, the American Bar Association’s (“ABA”) Standing Committee on Ethics and Professional Responsibility (the “Committee”) issued Formal Opinion 483 (the “Opinion”) that sets forth the ABA’s opinion concerning the need for lawyers to notify clients of data breaches affecting client confidential data. The opinion outlines certain “reasonable” steps the ABA […]
GDPR DPO University – October 18
On Thursday, October 18, Cooley’s cyber/data/ privacy practice will be holding GDPR DPO University in our New York office. The EU General Data Protection Regulation has required many organizations to appoint Data Protection Officers. With demand for DPOs far outstripping the supply, many newly-minted DPOs need to quickly develop data […]
California’s IoT Security Law – Will this Law Really Improve Security?
California’s legislature recently passed SB-327, which is designed to require Internet of Things (IoT) and other “connected device” manufacturers to implement security features into internet connected devices. California Governor Jerry Brown signed the bill into law on September 28, 2018. While the attempt to improve security of these devices is […]