In our previous blog, we featured the California Privacy Rights Act’s Enhanced Cybersecurity Safeguards.[1] We now highlight significant privacy safeguards under the California Privacy Rights Act (“CPRA”) that will require advance planning in preparation for its January 1, 2023 effective date.[2] These new requirements will impact the collection and use of personal information across each organization. In particular, businesses, at a minimum, will need to assess and plan for:
- the effective implementation of data minimization policies, practices, and ...
The California Privacy Rights Act (“CPRA”) leaps forward on cybersecurity by amending the California Consumer Privacy Act (“CCPA”) to impose enhanced protections. The CPRA enhancements apply to “for profit” companies and other organizations: (a) with more than $25 million in gross revenues in the preceding calendar year, or (b) that annually buy, sell or share the personal information of 100,000 or more consumers or households, or (c) that derive at least 50 percent of their annual revenue from selling or sharing consumer personal information ...
Our colleague Stuart Gerson recently authored an article in the Washington Legal Foundation’s Legal Backgrounder that will be of particular interest to our readers focused on privacy and cybersecurity: “Federal Preemption: An Essential Component of an Effective National Data-Security and Privacy Regime.”
Following is an excerpt:
Significant data breaches at every level of national life have pushed the privacy and security of personally-identifiable information (PII) to the forefront of state and federal policymakers’ agendas. In the interests of efficiency and ...
The European Union’s (“EU’s”) General Data Protection Regulations (“GDPR”) go into effect on May 25, 2018, and they clearly apply to U.S. companies doing business in Europe or offering goods and services online that EU residents can purchase. Given that many U.S. companies, particularly in the health care space, increasingly are establishing operations and commercial relationships outside the United States generally, and in Europe particularly, many may be asking questions akin to the following recent inquiries that I have fielded concerning the reach of the ...
It is highly likely that the National Association of Insurance Commissioners (“NAIC”) will adopt a model data cyber security law premised largely on the New York State Department of Financial Services (“NYSDFS”) cyber security regulations. Recently, we discussed the NYSDFS’ proposed extension of its cyber security regulations to credit reporting agencies in the wake of the Equifax breach. New York Governor Andrew Cuomo has announced, “The Equifax breach was a wakeup call and with this action New York is raising the bar for consumer protections that we hope will be ...
Our colleague of Epstein Becker Green authored an article in Confero, titled “Managing Employee Benefits in the Face of Technological Change.”
Following is an excerpt - click here to download the full article in PDF format:
There are many employee benefits challenges facing employers today, from determining the scope and scale of traditional benefits programs to offer that will attract, motivate and retain multigenerational employees, to embracing new models for defining and providing benefits, while simultaneously managing costs. In the midst of ...
New York State has issued proposed regulations extending existing regulations requiring banks and other financial institutions to have in place a comprehensive cybersecurity program to credit reporting agencies. Governor Mario Cuomo announced that “The Equifax breach was a wakeup call and with this action New York is raising the bar for consumer protections that we hope will be replicated across the nation.”
Under the proposed regulations, every consumer reporting agency that assembles, evaluates or maintains a consumer credit report on NYS consumers must register with ...
Employers across all industries are deep in the midst of exciting but unchartered and fluid times. Rapid and unforeseen technological advancements are largely responsible for this dynamic. And while there is a natural tendency to embrace their novelty and potential, the reality is that these advancements are often outpacing our regulatory environment, our bedrock legal constructs, and, in some cases, challenging the traditional notions of work itself.
For employers, this presents numerous challenges and opportunities—from the proper design of the portfolio of the modern ...
In a decision emphasizing the need for employers to focus on data security, on June 15, 2015, the U.S. District Court for the Central District of California refused to dismiss a lawsuit filed by nine former employees of Sony Pictures Entertainment who allege the company’s negligence caused a massive data breach. Corona v. Sony Pictures Entm’t, Inc., Case No. 2:14-cv-09600 (C.D. Ca. June 15, 2015).
In November 2014, Sony was the victim of a cyber-attack, which has widely been reported as perpetrated by North Korean hackers in relation for “The Interview,” a Sony comedy ...
Blog Editors
Recent Updates
- Video: Biden’s Final Labor Moves - Employment Law This Week
- Video: Workplace Investigation Protocols - One-on-One with Greg Keating
- Differing Approaches to Earned Wage Access Programs Lead to Regulatory Conflict
- Podcast: Beyond Non-Competes - IP and Trade Secret Assessment Strategies for Employers – Employment Law This Week
- On Trend: New Jersey Hops on the Pay Transparency Bandwagon