The Illinois Biometric Information Privacy Act: Aggrieved or Not Aggrieved – That is the Question

The Background of the Law

Of late, the U.S. private sector has been abuzz with the European Union’s new General Data Protection Regulations and the implementation of the same. However, savvy companies cannot forget that state legislatures have been for some time enacting statutes aimed at protecting its residents in how businesses use and disseminate their personal information. In 2008, Illinois became one of the first states to be mindful of the uniqueness of biometrics with the passage of the … Read More

Change is in the California Air as Legislature Amends New Privacy Law

Last week, I had the pleasure of speaking at the 11th Annual Northern Kentucky University Cybersecurity Symposium. This year, over three hundred attendees ranging from IT and security professionals, to corporate executives and attorneys, gathered for workshops and presentations relating to nascent privacy and security issues. During my presentation, “So Goes California, So Goes the Nation,” I discussed the California Consumer Privacy Act (“CCPA”), and the California legislature’s recent amendments to the CCPA (“the Amendments”), which were … Read More

Yet Another Facebook Breach: Use this opportunity to get smart about your online privacy and security

The struggles continue for Facebook. As you hopefully know by now, on Sept. 28, the social media giant announced a security breach affecting 50 million accounts. The breach involved the theft of password tokens that allow a user to stay signed in or to sign into numerous third party applications, such as Spotify, Instagram and Yelp, among thousands of others. We thought to take the opportunity with this most recent breach to remind you about best practices that can help … Read More

Perfect Labor Day Beach Reading: New York’s (Next) Round of Financial Cybersecurity Requirements

I don’t mean to ruin your holiday weekend, but we thought to send out a friendly reminder on the next set of rolling deadlines and requirements from New York’s financial services cybersecurity law (23 NYCRR 500). A regulated organization that must comply with the law, or “covered entity,” is “any person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial … Read More

Proactive Approach to Cybersecurity Pays off in Ohio with New Data Protection Act

Last November, Taft’s Scot Ganow and Bill Wagner wrote on Ohio first-of-its kind state legislation which would provide companies a safe harbor from some litigation resulting from a data breach. This month, Governor John Kasich signed the Ohio Senate Bill 220, also known as the Ohio Data Protection Act, into law. The law goes into effect in November, and is aimed at providing entities conducting business in Ohio with special protection from litigation in the event of a … Read More

Don’t Be Too Big for Your Breaches! Why Encrypted Data Can Be the Best Way to Avoid a Data “Breach”

Taft summer associate Jordan Jennings-Moore contributed to this article.

In today’s world, very few people remain completely unscathed by a data breach somewhere. From Target, to Anthem, Wendy’s or Equifax, individuals across the country have grown accustomed to getting breach notification letters. Most recently, Alabama and South Dakota became the last two jurisdictions in the United States to adopt data breach notification laws. This means that any person or entity conducting business in the U.S. must be … Read More

So Goes California, So Goes the Country?: The Golden State Again Breaks New Privacy Law Ground

Rebekah Mackey, Taft summer associate, contributed to this article.

Just months after the European Union’s General Data Protection Regulation, or “GDPR” changed the landscape of data privacy around the globe, California reaffirmed its position as the United States pioneer of consumer-friendly data privacy protections with the state legislature’s passage of Assembly Bill No. 375.

The California Consumer Privacy Act (“Act”) was originally a ballot initiative to be voted on by California residents in November, but the fate of the … Read More

GDPR Quick Hits: Some Last Minute Thoughts as May 25th draws nigh

As we assist clients with preparing for GDPR compliance before and after this Friday’s effective date, I thought to share some quick thoughts on the law and what we are seeing here at Taft.

  1. “GDPR Compliant.” Be wary of companies making such claims and don’t make such claims, yourselves.  As with HIPAA, there is no such thing as a stamp of “compliance” approval.  And, like bragging about your information security, warranting that you are “compliant” is just asking for that
Read More

Alabama Rolls with Tide as Last State to Adopt Breach Notification Law

On March 28, 2018, over sixteen years after California passed the nation’s first data breach notification law, Alabama became the fiftieth, and final, state to join the club. As a result, any person or entity conducting business in the United States must be prepared to safeguard personal identifying information belonging to customers, clients, and employees, while also being ready to comply with all applicable state and federal laws and regulations.

What Data?
The Alabama Data Breach Notification Act of 2018 Read More

Data Protection: Key Takeaways for Consumers and Businesses After the Facebook and Cambridge Analytica Scandal

In a local news interview, I was recently asked to comment on the Facebook-Cambridge Analytica story involving the unauthorized use of Facebook user profile information by Cambridge Analytica for profiling and targeting purposes. The focus of the interview was what consumers can do to better protect themselves. However, there are learning opportunities for businesses too. Here are some quick points to consider for both parties.

Consumers

  1. Your choices matter most. I beat this drum pretty heavily, but it is
Read More
LexBlog