Catch up on state student privacy laws when you explore the Student Privacy Requirements topic in our Data Security & Privacy State Law Comparison Tool . Coverage includes entities and students covered, key definitions, notice and consent requirements, service...
Covered organizations can adapt this notice to comply with the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), Cal Civ Code § 1798.100 et seq., by providing consumers with notice describing the personal information...
Review types of threat actors, how they gain access to your network, special types of intrusions (such as insider threats, email compromise, and supply chain compromise), and the steps you should take in responding to a data security incident. Read now »...
Make sure you’re aware of the popular techniques used by threat actors to obtain access to a network or execute these compromises. This practice note reviews the major types of end user attacks that may be executed against your network, ways to detect attacks...
Version 4.0 of the Payment Card Industry Data Security Standards (PCI DSS) was introduced in March 2022 subject to a 24–month transitional period from PCI DSS v3.2.1, that ended on March 31, 2024. Learn about the key changes here. Read now » Related...
Several states have proposed bills, enacted health data privacy laws, or amended existing privacy laws to protect "consumer health data." Some characteristics of these new state health privacy laws raise interesting questions and could create difficult...
Under the Corporate Transparency Act (CTA), U.S. and foreign companies authorized to do business in the United States are responsible for compliance with state, federal, or foreign data privacy and cybersecurity laws—and for ensuring that their service providers...
It is more important than ever for businesses to have a clear understanding of whether their current policies cover cyber incidents and, if so, to what extent. Find out what your organization can do to make it more attractive to insurers. Read now » Related...
There are new developments impacting the settlement of data breach class actions, including recent class certification decisions, claims rates and notices, aggregators and artificial intelligence, attorneys’ fees, and residual settlement funds. Find out more...
The California Privacy Protection Agency (CPPA) launched the formal rulemaking process on July 5, 2024, by seeking public comment on proposed regulations for data broker registration mandated by Senate Bill 362, also known as the Delete Act. The CPPA’s proposed...
To get ahead of the compliance curve, companies must take proactive measures to establish adaptable biometrics compliance programs. This newly updated practice note discusses the legal issues regarding biometric data including the major types of biometric technologies...
In the absence of federal rules for artificial intelligence (AI), U.S. states are stepping in to fill the void, much as they did with data breach and consumer privacy regulation. Once again, state lawmakers are turning to the EU for guidance, and EU officials say...
This template is an external, customer-facing data privacy policy intended for entities covered by the disclosure and transparency requirements of the Oregon Consumer Privacy Act (OCPA), ORS § 646A.570 through ORS § 646A.589, effective on July 1, 2024...
The Vermont legislature’s passage of the strictest consumer data privacy law yet provides hope to consumer advocacy groups that state lawmakers will shift from punting enforcement to state attorneys general. While a veto remains possible as of this writing...
U.S. state comprehensive consumer privacy laws include requirements for contracts involving data processing with third-party vendors. Save time by adapting this data processing agreement (DPA) for the processing of personal data between a controller and processor...