Posts Categorized: Data Protection

California Consumer Privacy Act to Go Into Effect January 1, 2020

On January 1, 2020, the California Consumer Privacy Act (the “CCPA”) will go into effect as previously reported.  The law will largely set the standard for data privacy in the United States as it will apply not just to California businesses over certain thresholds but to all businesses that do business in California, including internet… Read more »

EU GDPR Shows Teeth

In case one got the impression that the EU’s General Data Protection Regulation (the “GDPR”) was toothless, the U.K.’s Information Commissioner’s Office (the “ICO”) announced on July 9, 2019 that it would fine Marriott International over 99 million pounds ($124 million).  The fine is in relation to a 2018 breach for failing to examine and… Read more »

California Adopts New Data Privacy Law

In late June, the California legislature adopted, and Governor Jerry Brown later signed into law, the California Consumer Privacy Act of 2018.  See website.  The new law was adopted shortly after the effectiveness of the EU’s General Data Protection Regulation (the “GDPR”), and in the wake of public outcry over data protection violations.  While it… Read more »

EU General Data Protection Regulation To Go Into Force

The EU General Data Protection Regulation (the “GDPR”) is scheduled to go into force on May 25, 2018.  The GDPR replaces existing data protection laws throughout the EU, and tightens the requirements that apply to businesses that collect and use personal data.  While a full understanding of the GDPR is beyond the scope of this… Read more »

NY Department of Financial Services Publishes Revised Cybersecurity Rules

As reported previously, the NY Department of Financial Services (the “NYDFS”) published proposed comprehensive cybersecurity rules that would apply to financial institutions holding a state license.  On December 28, 2016, the NYDFS published revised rules, taking into account some, but not all, of the objections to the original rules.  The new rules have a 30… Read more »

NY Department of Financial Services Proposes New Cybersecurity Rules

In September of 2016, the NY Department of Financial Services (the “DFS”) proposed rules to require anyone operating under the NY banking law, insurance law or financial services law (a “Covered Entity”) to adopt a cybersecurity program and a cybersecurity policy, to appoint a chief information officer (a “CIO”), to do penetration and vulnerability testing,… Read more »