Landmark Decision on Vehicle Data Privacy Issued by Georgia Supreme Court

In a landmark decision on vehicle data privacy, the Georgia Supreme Court on October 21, 2019 overturned a Georgia Court of Appeals decision that could have made it legal for police to take any data as they wished from private vehicles without a warrant. Mobley v. State.[i] The case arose from a fatal vehicle crash in December 2014, when a man named Victor Mobley collided into a Corvette pulling out from a driveway with two people inside, both of whom died from the crash.… Continue Reading

NSA Launches Cybersecurity Directorate to Combat Cyber Attacks on Government and Private Sector Systems

The National Security Agency (NSA) has established a Cybersecurity Directorate that “unifies NSA’s foreign intelligence and cyber defense missions” to more closely align its offensive and defensive operations. The directorate, operating as of October 1, 2019 will help contribute to the NSA’s defensive mission to protect digital systems. It will focus initially on the defense industrial base and weapon security improvement.  The increased focus on cybersecurity comes in the wake of a 56-page report by the National Security Telecommunications Advisory Committee warning that the United… Continue Reading

The Push for a National Data Privacy Law Continues as Tech Giants Write to Congress

On September 10, 2019, 51 companies from the Business Roundtable joined together to send a letter to House and Senate leadership asking them to pass “a comprehensive data privacy law that strengthens protections for consumers and establishes a national privacy framework to enable continued innovation and growth in the digital economy.” The companies included, among others, Amazon, IBM, AT&T, Chubb, and Marriot International, Inc. Signatures from Facebook CEO Mark Zuckerberg and Apple CEO Tim Cook were notably absent, although both have, in the past, supported… Continue Reading

Another Month, Another Major Data Breach – This Time at Capital One

Capital One Financial Corp., the fifth largest United States credit card issuer, announced on July 29, 2019 that a data breach exposed approximately 140,000 Social  Security numbers and about 80,000 linked bank account numbers – impacting nearly 100 million U.S. residents and 6 million Canadian residents. The breach also included other personal information like names, addresses, postal codes, phone numbers, email addresses, dates of birth and self-reported income, credit scores, credit limits, balances, payment history, contact information and fragments of transaction data from a total… Continue Reading

Happy Birthday GDPR! Its Year in Review and the Future for Data Protection

The European Union’s General Data Protection Regulation (GDPR) turned a year old on May 25, 2019 already becoming a benchmark for privacy and data protection compliance.  Undoubtedly, one of the great successes of the GDPR to date has been reminding consumers of their rights surrounding data privacy, and forcing organizations to improve their own data privacy practices. The GDPR gives EU residents the right to request a portable copy of their data, the right to get their data erased, and the right to revoke their consent.… Continue Reading

Ohio Cybersecurity Legislation Applicable to Insurers Now In Effect

Ohio’s new law requiring insurance providers to take steps to protect personal information recently went into effect March 20, 2019. Ohio now follows South Carolina as the second state to adopt legislation modeled after the NAIC’s Insurance Data Security Model Law.             The law, codified at new Ohio Revised Code Chapter 3695, applies to all individuals or non-governmental entities required to be authorized, registered, or licensed under Ohio insurance laws (defined as “licensees”). Only smaller licensees that have fewer than 20 employees, less than $5… Continue Reading

Key Upcoming Deadlines under the New York DFS Cybersecurity Regulation

When New York’s landmark cybersecurity regulation became effective back in March 2017, the Department of Financial Services (DFS) implemented a two-year timeline for implementation of the regulation’s requirements, with a final compliance deadline of March 1, 2019.  Entities covered by the wide-sweeping regulation should remember filing their first certificate of compliance in February of last year.  The two-year implementation period is almost over, and once again, important deadlines are now quickly approaching.  “Covered Entities” (banks, insurance companies, and other financial services institutions and… Continue Reading

Colorado Data Privacy Act a Landmark in Dealing with Protection of Personally Identifiable Information

Colorado’s Protections for Consumers Data Privacy Act, unanimously approved by the state legislature on May 29, imposes heightened data protection and breach notification requirements on businesses of all sizes and government entities. It affects all entities that receive, collect, create or save personally identifiable information (PII) from Colorado residents, customers, employees or even prospective employees.  The law comes in the wake of the Equifax data breach in 2017, and Colorado being rated the second riskiest state for identity theft in a 2017 study, only… Continue Reading

Congress Passes Bill to turn Cybersecurity Wing of Department of Homeland Security into Fully-fledged Agency

On November 13, the U.S. House of Representatives voted unanimously to pass bipartisan legislation creating the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS). The CISA Act (H.R. 3359), first introduced in July, 2017, passed the Senate in October. It will “reorganize DHS’ National Protection and Programs Directorate (NPPD) into a new agency and prioritize its mission as the Federal leader for cyber and physical infrastructure security,” according to a statement released by DHS. The new agency… Continue Reading

In Line with GDPR, Canada Amends its Privacy Protection Regulation to Include Stringent and Mandatory Breach Notification Rules

On November 1, 2018, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) was amended to include stringent, mandatory breach notification rules. These rules are similar to the European Union’s General Data Protection Regulation (GDPR), which took effect in May, 2018. Organizations that conduct business in Canada will be subject to PIPEDA as well as the GDPR, if that organization is accessible in the European market. The new PIPEDA regulations reinforce the image of Canada as an international leader in personal data protection… Continue Reading