Cybersecurity, Information Governance + Privacy

Thursday, May 26 • 12:00 – 1:00 p.m. ET

California was the first state to enact a comprehensive state privacy bill with the California Consumer Privacy Act of 2018 (CCPA). Although the CCPA went into effect on January 1, 2020, it was significantly overhauled during California’s November 2020 General Election, when the California Privacy

On May 3, Judge Grimm of the U.S. District Court for the District of Maryland issued a class certification decision in a consumer data breach multidistrict litigation case against an international hotel and resort management company, becoming one of the few district courts to certify Rule 23(b)(3) classes in this type of case. The litigation

On April 28, the Connecticut House passed Senate Bill 6, an act concerning personal data privacy and online monitoring (SB 6 or Connecticut Act). The Senate unanimously passed SB 6 on April 20, and is now currently under consideration by Governor Ned Lamont. If the bill becomes law, it will go into effect on

On March 15, Congress passed the Cyber Incident Reporting for Critical Infrastructure Act (Act). Many outlets reporting on the Act focused on its 72-hour breach notification requirement. But such reports created uncertainty over the Act’s application and requirements, as well as the steps an organization should take in response to the Act.

To help resolve

On February 28, the U.S. Department of Justice (DOJ) agreed to a $930,000 settlement with Comprehensive Health Services (CHS) to resolve False Claims Act allegations. The resolution represents the department’s first settlement under the False Claims Act since instituting its Civil Cyber Fraud Initiative in October 2021.[1] This is a watershed moment in the

On April 5, the Securities and Exchange Commission (SEC) announced that two employees improperly accessed adjudicatory materials for cases being litigated in the agency’s in-house court system. The access occurred in 2017, and the SEC stated the breach “did not impact the actions taken by the staff investigating and prosecuting the cases or the commission’s

On March 25, a huge sigh of relief was heard from businesses and organizations located throughout the United States and Europe after the U.S. and European Commission announced their agreement in principle on a new Trans-Atlantic Data Privacy Framework (Framework) to effectuate the cross-border transfer of personal data from the European Union (EU) to the

On March 24, Governor Spencer J. Cox signed the Utah Consumer Privacy Act (UCPA), making Utah the fourth state in the country to adopt a comprehensive privacy law. The UCPA is set to take effect on December 31, 2023, and this law’s substantive requirements closely mirror the Virginia Consumer Data Protection Act (VCDPA). The UCPA


As of March 22, 11 states have wrapped up their 2022 legislative sessions. In these early sessions, privacy legislation was considered in seven of the 11 states that have completed their 2022 sessions, namely Florida, Washington, Indiana, Virginia (amendments to enacted regime), West Virginia, Wisconsin, and Utah. Privacy bills passed out of at least

California Privacy Protection Agency Director Ashkan Soltani recently announced that long-awaited regulations related to the California Privacy Rights Act (CPRA) would be delayed. The agency initially scheduled a July 1 deadline to promulgate regulations and allow companies time to comply with the CPRA, which is set to be enforced beginning July 1, 2023. However, Director