On January 28, following the European Commission’s June 4, 2021 issuance of modified standard contractual clauses (SCCs), the United Kingdom’s (U.K.) secretary of state for digital, culture, media, and sport, presented the U.K. Parliament with two new mechanisms to effectuate cross-border transfers of data: (1) the International Data Transfer Agreement (the IDTA) and (2)
On February 3, a New York magistrate judge recommended dismissing a class action against medical management company, Professional Business System d/b/a Practicefirst Medical Management Solutions in Tassmer v. Professional Business Systems. Judge Michael J. Roemer recommended dismissal because plaintiffs’ allegations failed to constitute an injury under the Supreme Court’s ruling in TransUnion v. Ramirez
On January 13, Him Das, the acting head of the Financial Crimes Enforcement Network (FinCEN), highlighted ransomware as a chief national security risk. At the Financial Crimes Enforcement Conference, Das suggested that the current anti-money laundering regulations are insufficient to protect against tech-driven threats, from cyberattacks to digital asset schemes. FinCEN therefore is currently
Q. Does the Workers’ Compensation Act bar a claim for damages under Illinois’ Biometric Privacy Act (BIPA)?
A. The Illinois Supreme Court recently issued an opinion, finding that the Workers’ Compensation Act does not bar a claim for damages under BIPA.
As a refresher, BIPA regulates the collection, use, safeguarding, and storage of
On January 20, President Biden signed a memorandum aimed at improving the cybersecurity of the National Security, Department of Defense, and Intelligence Community Systems (together, the “National Security Systems).
A National Security System (NSS) is an information system used or operated by an agency or on its behalf, the function, operation, or use of which
Ruling on several motions to dismiss on January 14, the U.S. District Court for the Eastern District of Virginia denied an effort to dismiss Courthouse News Service’s (CNS) First Amendment challenge to Virginia’s restrictions on public access to electronic court records. This clears the way for the lawsuit to proceed on the merits. Although this
On January 10, the Federal Trade Commission’s final rule, amending the Standards for Safeguarding Customer Information (Safeguards Rule) under the Gramm-Leach-Bliley Act (GLBA), became effective. We wrote about the final rule when it first published in October 2021 (see here). As a practical matter, the amendments will likely require many financial institutions to
Q. My company uses dash-cams to monitor driver conduct, but the company is not located in Illinois. Do I still have to comply with the Biometric Information Privacy Act?
A. Yes, as long as the company has drivers who are Illinois residents, you must comply with BIPA. The good news, however, is that as long
Introduction
On November 18, federal banking agencies[1] issued the long-awaited final rule,[2] establishing data security incident response notification requirements for “banking organizations” and “bank service providers” (terms defined below). Included in this rule is a headline-grabbing 36-hour regulatory notification requirement for banking organizations. This final rule is set to take effect on April
Entities that collect Wisconsin residents’ personal information and are licensed, registered, or authorized (licensee) with the Office of the Commissioner of Insurance (commissioner) will have to abide by a new data security law (Wisconsin’s Insurance Data Security Law), which came into force on November 1. This bill had previously been introduced in the 2019-2020 legislative