Cyber Security, Information Governance & Privacy

Privacy and cybersecurity should be considered as organizations think about how to tackle the effects of the coronavirus (“COVID-19”) outbreak. Questions to consider include: (1) What is considered “reasonable security procedures” when businesses are forced to abruptly shift to a remote workforce? (2) How should businesses balance employees’ privacy rights against the need to keep

In the wake of many cities issuing tighter restrictions to slow the spread of the coronavirus (“COVID-19”), the Cybersecurity and Infrastructure Security Agency (“CISA”) has issued guidance on the identification of “essential critical infrastructure workers.” It is important to ensure continuity of functions that are critical to public health and safety, as well as economic

As the coronavirus (“COVID-19”) continues to spread, businesses are pushed to make swift decisions that impact not only business operations, but also the privacy and security of employees’ personal information. In times like these, the Fair Information Practice Principles (“FIPPs”) should be every organization’s guiding light.

The FIPPs are principles that address the privacy of

Many privacy and data protection statutes require businesses to implement “reasonable security procedures” to protect personal information. See, e.g., Cal. Civ. Code § 1798.81.5 (requiring businesses that own, license, or maintain personal information about a California resident to implement and maintain reasonable security procedures and practices appropriate to the nature of the information).

In efforts to address the spread of the coronavirus in the European Union, employers and public health authorities, among others, have been processing an increased volume of personal data. In response to this, data regulators from some member states have released guidance on how to collect, share, and use personal data, especially health data, in

The Safeguards Rule of the Gramm-Leach-Bliley Act of 1999 requires financial institutions to implement security programs in order to keep customer information secure. The Safeguards Rule also extends contractually to affiliates and/or service providers of those financial institutions, including possibly “finders” (i.e., entities charging a fee to connect consumers looking for loans to lenders).


On February 25, the Federal Trade Commission – the nation’s primary privacy and data security enforcer – released its latest Privacy and Data Security Update, which summarizes the agency’s privacy and data security activities over the last year and provides a preview of what’s to come in 2020. Here are our top five takeaways

In many of the settlement agreements and stipulated orders in the FTC’s recently released 2019 Privacy and Data Security Update, the FTC repeatedly imposed a set of uniform mandates for businesses to implement following a data breach. Businesses subject to the new California Consumer Privacy Act may be able to use this mandate to

Sen. Kristen Gillibrand (D-N.Y.) recently introduced a 41-page bill that would transfer the authority to create and enforce data protection rules from the Federal Trade Commission to a new independent federal agency. This proposal comes on the heels of a similar proposal from Sen. Josh Hawley (R-Mo.). Both of these proposals have emerged due to

On January 16, the National Institute of Standards and Technology released Version 1.0 of its Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management. NIST’s Privacy Framework is a tool meant to aid organizations of all sizes in managing privacy risks without regard to any particular technology, sector, law, or jurisdiction.