Make sure you’re aware of the popular techniques used by threat actors to obtain access to a network or execute these compromises. This practice note reviews the major types of end user attacks that may be executed against your network, ways to detect attacks...
Version 4.0 of the Payment Card Industry Data Security Standards (PCI DSS) was introduced in March 2022 subject to a 24–month transitional period from PCI DSS v3.2.1, that ended on March 31, 2024. Learn about the key changes here. Read now » Related...
Several states have proposed bills, enacted health data privacy laws, or amended existing privacy laws to protect "consumer health data." Some characteristics of these new state health privacy laws raise interesting questions and could create difficult...
Under the Corporate Transparency Act (CTA), U.S. and foreign companies authorized to do business in the United States are responsible for compliance with state, federal, or foreign data privacy and cybersecurity laws—and for ensuring that their service providers...
It is more important than ever for businesses to have a clear understanding of whether their current policies cover cyber incidents and, if so, to what extent. Find out what your organization can do to make it more attractive to insurers. Read now » Related...
There are new developments impacting the settlement of data breach class actions, including recent class certification decisions, claims rates and notices, aggregators and artificial intelligence, attorneys’ fees, and residual settlement funds. Find out more...
The California Privacy Protection Agency (CPPA) launched the formal rulemaking process on July 5, 2024, by seeking public comment on proposed regulations for data broker registration mandated by Senate Bill 362, also known as the Delete Act. The CPPA’s proposed...
To get ahead of the compliance curve, companies must take proactive measures to establish adaptable biometrics compliance programs. This newly updated practice note discusses the legal issues regarding biometric data including the major types of biometric technologies...
In the absence of federal rules for artificial intelligence (AI), U.S. states are stepping in to fill the void, much as they did with data breach and consumer privacy regulation. Once again, state lawmakers are turning to the EU for guidance, and EU officials say...
This template is an external, customer-facing data privacy policy intended for entities covered by the disclosure and transparency requirements of the Oregon Consumer Privacy Act (OCPA), ORS § 646A.570 through ORS § 646A.589, effective on July 1, 2024...
The Vermont legislature’s passage of the strictest consumer data privacy law yet provides hope to consumer advocacy groups that state lawmakers will shift from punting enforcement to state attorneys general. While a veto remains possible as of this writing...
With no action at the federal level, over a dozen states have enacted comprehensive consumer privacy legislation since 2018. Many of these bills, however, have been significantly watered down by the influence of Big Tech. A recent joint report by the Electronic...
U.S. state comprehensive consumer privacy laws include requirements for contracts involving data processing with third-party vendors. Save time by adapting this data processing agreement (DPA) for the processing of personal data between a controller and processor...
Find out what’s new in our recently updated Artificial Intelligence (AI) Legislation State Law Survey covering enacted state and notable local legislation spanning numerous AI-related topics/industries including consumer privacy, consumer protection, government...
With technological gains and public interest in artificial intelligence (AI) at an all-time high, public officials and legislatures have become increasingly focused on the potential risks and benefits of its use. AI bills span several topics/industries, including...