Are fines enough? FTC Disgorgement penalties for privacy violations, explained

On January 11, 2021 the Federal Trade Commission (FTC) issued a Consent Order that has major implications for data privacy enforcement. In the Matter of Everalbum, Inc. involved misrepresentations made by operators of a photo storage application. After an FTC investigation, the agency and Everalbum came to an agreement which would require deletion of misused…

Read more

Virginia is for Privacy Lovers: Comparing Virginia’s CDPA to California’s CCPA

In the absence of comprehensive federal legislation on the topic, states have taken it upon themselves to protect consumer’s information in our increasingly data driven world. On February 5, 2021, the Virginia Senate passed the Virginia Consumer Data Protection Act (“CDPA”). If signed by Governor Northam, CDPA would be the second comprehensive state-level consumer data…

Read more

The Kids Are (Not) Alright in Pandemic: Children’s Online Privacy under COPPA, FERPA, and More

The Kids Are (Not) Alright in Pandemic: Children’s Online Privacy under COPPA, FERPA, and MoreChildren born in the 21st Century have never experienced a world without the internet. The world wide web is ubiquitous in most young people’s lives. Ninety-two percent of US children now have an online presence before they turn 2 years old.…

Read more
Storage Wars: The Pros and Cons of Data Localization

Storage Wars: The Pros and Cons of Data Localization/Nationalization

Countries are pushing towards data localization to protect their citizens’ data in the connected world. Also known as data nationalization, the interest stems from countries wanting to ensure the cybersecurity and privacy of their citizens’ personal information from global companies and foreign governments, especially adversaries. Nations seek to establish virtual borders and retain legal control…

Read more

Staying in the Clear: Employee and B2B Data Obligations in CCPA

Focus and Context The California Consumer Privacy Act (“CCPA”) and the potential amendment California Privacy Rights Act (“CPRA”) are consumer-focused legislations. CCPA provides for two exemptions, one for employee personal information and another for business-to-business organizations (“B2B exemption”) thus, leaving holes to be filled by a future employee and B2B focused legislation. The exemptions were…

Read more

NYCRR 500: New York’s Cybersecurity Requirements for Financial Services

  Introduction In the aftermath of the multiple data breaches, the New York Department of Financial Services (DFS) created 23 NYCRR 500 establishing cybersecurity requirements for financial services companies. Effective March 1, 2017, this regulation is designed to promote the protection of customer information as well as the information technology systems of regulated entities. The…

Read more

Delaware Insurance Data Security Act Summary

Delaware’s Insurance Data Security Act (the “Act”) requires all regulated insurance companies licensed in Delaware to follow new data security and notification requirements. This article summarizes Delaware’s adaptation of the NAIC Insurance Data Security Model Law. Mission: To protect Delaware residents and insurance companies licensed to do business in Delaware from data breaches. The law requires…

Read more

Indiana Insurance Data Security Amendment to State Insurance Code

Effective July 1, Indiana added a new section to the Indiana Insurance Code (the “Act”) that covers Insurance Data Security. The changes require all regulated insurance companies licensed in Indiana to follow new data security and notification requirements. This article summarizes Indiana’s adaptation of the NAIC Insurance Data Security Model Law into the state insurance code.…

Read more

Virginia Insurance Data Security Act Summary

  Effective July 1, Virginia’s Insurance Data Security Act (the “Act”) requires all regulated insurance companies licensed in Virginia to follow new data security and notification requirements. This article summarizes Virginia’s adaptation of the NAIC Insurance Data Security Model Law. Basic Requirements: Maintain the security of information systems and non-public information Promptly Investigate cybersecurity events Notify Individuals of cybersecurity events Notify the Commissioner of…

Read more

Fill out the form below to download our Data Sheet and Data Minimization Article