Virginia is for Privacy Lovers: Comparing Virginia’s CDPA to California’s CCPA

In the absence of comprehensive federal legislation on the topic, states have taken it upon themselves to protect consumer’s information in our increasingly data driven world. On February 5, 2021, the Virginia Senate passed the Virginia Consumer Data Protection Act (“CDPA”). If signed by Governor Northam, CDPA would be the second comprehensive state-level consumer data…

Storage Wars: The Pros and Cons of Data Localization

Storage Wars: The Pros and Cons of Data Localization/Nationalization

Countries are pushing towards data localization to protect their citizens’ data in the connected world. Also known as data nationalization, the interest stems from countries wanting to ensure the cybersecurity and privacy of their citizens’ personal information from global companies and foreign governments, especially adversaries. Nations seek to establish virtual borders and retain legal control…

Staying in the Clear: Employee and B2B Data Obligations in CCPA

Focus and Context The California Consumer Privacy Act (“CCPA”) and the potential amendment California Privacy Rights Act (“CPRA”) are consumer-focused legislations. CCPA provides for two exemptions, one for employee personal information and another for business-to-business organizations (“B2B exemption”) thus, leaving holes to be filled by a future employee and B2B focused legislation. The exemptions were…

NYCRR 500: New York’s Cybersecurity Requirements for Financial Services

  Introduction In the aftermath of the multiple data breaches, the New York Department of Financial Services (DFS) created 23 NYCRR 500 establishing cybersecurity requirements for financial services companies. Effective March 1, 2017, this regulation is designed to promote the protection of customer information as well as the information technology systems of regulated entities. The…

Delaware Insurance Data Security Act Summary

Delaware’s Insurance Data Security Act (the “Act”) requires all regulated insurance companies licensed in Delaware to follow new data security and notification requirements. This article summarizes Delaware’s adaptation of the NAIC Insurance Data Security Model Law. Mission: To protect Delaware residents and insurance companies licensed to do business in Delaware from data breaches. The law requires…

Indiana Insurance Data Security Amendment to State Insurance Code

Effective July 1, Indiana added a new section to the Indiana Insurance Code (the “Act”) that covers Insurance Data Security. The changes require all regulated insurance companies licensed in Indiana to follow new data security and notification requirements. This article summarizes Indiana’s adaptation of the NAIC Insurance Data Security Model Law into the state insurance code.…

Virginia Insurance Data Security Act Summary

  Effective July 1, Virginia’s Insurance Data Security Act (the “Act”) requires all regulated insurance companies licensed in Virginia to follow new data security and notification requirements. This article summarizes Virginia’s adaptation of the NAIC Insurance Data Security Model Law. Basic Requirements: Maintain the security of information systems and non-public information Promptly Investigate cybersecurity events Notify Individuals of cybersecurity events Notify the Commissioner of…

CPRA is not Bearish on Data Privacy

  The California Privacy Rights and Enforcement Act of 2020 (“CPRA”) has qualified for the November ballot in California and is likely to pass. The comprehensive update to the California Consumer Privacy Act (“CCPA”) comes from Californians for Consumer Privacy, the group behind CCPA, feeling that the political process weakened CCPA. Thus, CPRA seeks to amend…