One year ago this week, we posted a blog explaining that the New York Department of Financial Services (NYDFS) issued a framework of seven best practices that insurers should adopt, including a recommendation that insurers stop paying ransom payments in response to ransomware. Now, North Carolina has enacted a statute that not only forbids its public entities from paying ransoms, but also prohibits public entities from communicating with ransomware threat actors. Instead, North Carolina public entities, including public schools and universities, are required to consult with the North Carolina Department of Information Technology (NCDIT). Continue Reading To Pay the Ransom or Not to Pay the Ransom? North Carolina Tells its Public Entities the Answer is an Emphatic NO

Recently, multiple states have enacted and passed new data privacy laws and bills (Colorado, Virginia, Utah, California Privacy Rights Act, Connecticut, Indiana, and Ohio). Rightfully so, these laws and bills have garnered much of the media attention. However, in the midst of all the new state data privacy laws, new bills regulating “data brokers” have begun to emerge. To no surprise, California is leading the way with its Data Broker Registration Law, which was enacted in 2019. Continue Reading Am I A Data Broker?: A Quick Primer on State Laws Regulating a Growing Industry

This week Meta, formerly known as Facebook, announced that it has disabled augmented reality effects, including filters and avatars, for its users in Texas and Illinois, citing state facial recognition laws.  Meta says that users in those states will see a “temporarily unavailable” message when accessing such features across Facebook, Messenger, Instagram, and Portal.  This decision comes at a time when the Illinois Biometric Information Privacy Act (BIPA) continues to wreak havoc on Illinois businesses, and just months after Texas Attorney General Ken Patton filed a lawsuit against Meta claiming the company misused facial recognition technology.  Denying any wrongdoing, Meta released a statement justifying the decision as a measure to avoid “meritless and distracting litigation”:

The technology we use to power augmented reality effects like avatars and filters is not facial recognition or any technology covered by the Texas and Illinois laws, and is not used to identify anyone.  Nevertheless, we are taking this step to prevent meritless and distracting litigation under laws in these two states based on a mischaracterization of how our features work. We remain committed to delivering AR experiences that people love, and that a diverse roster of creators use to grow their businesses, without needless friction or confusion.

Continue Reading A Social Media Influencer’s Nightmare – Fun Filters on Instagram and Facebook Disabled in Illinois and Texas

1, 2, 3, 4, 5 … you know how the song goes! Connecticut recently became the fifth state to adopt a comprehensive data privacy law. The new act titled “An Act Concerning Personal Data Privacy and Online Monitoring,”(the “Act”) takes effect July 1, 2023. As we expected, more and more states are continuing to join the ever-growing Privacy Party. Before getting on the privacy dance floor, here is what you need to know about Connecticut’s new privacy law. Continue Reading Mambo No. 5: Connecticut Becomes the Fifth State to Join the Privacy Party

You may have heard of a security vulnerability from December 2021 called Log4j that allows attackers to remotely gain control of a vulnerable device. You may also think this is old news and no longer an issue.  Wrong. According to an April 26, 2022 report from researchers at the cybersecurity company Rezilion, there are currently over 90,000 vulnerable internet-facing applications and more than 68,000 servers that are still publicly exposed. That’s right – four months after the vulnerability was disclosed, a majority of affected open-source components remain unpatched and companies continue to use vulnerable versions of this tool. So, what is it anyways and do you need to take any action to mitigate the risk? Continue Reading Apache Log4j Security Vulnerability Is STILL a Problem – What is it, Who Does it Impact, and Should I do Anything About It?

The Colorado Privacy Act (“CPA”) takes effect July 1, 2023, and will provide express consumer rights, as well as controller and processor obligations, relating to personally identifiable information of Colorado consumers. This month, the Office of the Colorado Attorney General (the “Office”) outlined the pre-rulemaking considerations for the CPA (“Pre-Rulemaking Considerations”), in an effort to educate regulated entities on the trajectory of this new law, and how such entities may address the upcoming requirements. The Pre-Rulemaking Considerations were also forecasted in Colorado AG Phil Weiser’s address to the International Association of Privacy Professionals 2022 Global Privacy Summit. Continue Reading Colorado AG Explains Rocky Mountain Way for Data Privacy Law

I recently got back from the IAPP Global Privacy Summit (the “Summit”), the world’s largest meeting of privacy professionals from around the world.  The Summit always serves as a great opportunity to network and learn from colleagues, thought leaders, and regulators working in this important area of business, technology, and law.  With that in mind, I want to share some reflections and themes from this year’s Summit. Continue Reading 2022 Global Privacy Summit: Reflections and Take-Aways

The CCPA has been up and running for a couple of years now, with changes coming in 2023 with the amendments from the Consumer Privacy Rights Act (CPRA).  While a federal law is always being teased and
other states coming online in 2023
, California remains the state privacy law by which to assess and manage compliance when processing personal data.

So, as you might imagine, loads of questions and anxiety over the country’s most comprehensive state privacy regulation continue to keep us busy.  This prompted us to provide a simple 3-step process to determine if the law applies to your business (now, in 2023, or beyond), what you need to do to meet the law’s requirements, and how to begin considering a national approach to data privacy governance.  While no summary can capture every aspect of developing a compliance plan, we hope the following resources are helpful in getting your arms around managing privacy and meeting the (applicable) requirements of the California laws. Continue Reading Breaking Down the California Consumer Privacy Act (CCPA)

Whether you are an attorney advising clients, a medical professional treating patients via telemedicine, or anyone else working remotely, your second workplace or office might be providing more than just convenience. If you have a smart home device, such as one of the many varieties now available from companies like Google (Home/Nest), Amazon (Alexa), Microsoft (Cortana), or Apple (Siri), your remote work discussions (and conversations in general) may be less private than you realize. While convenient and sometimes helpful, these devices might be creating a record of more than your favorite songs and compromising your patient’s, client’s, or company’s confidential information. Continue Reading Smart Devices: Convenient, Helpful, Fun. Oh Yeah, and Possibly Breaching Confidentiality.

Taft’s Privacy and Data Security Practice is pleased to
announce our mobile application is now live and available for download.  As we shared on International Privacy Day, (I am sure we are all still recovering from that celebration), we wanted to make available an easy-to-use app for you to quickly:

  • Stay up-to-date on data security and privacy news, developments, and events.
  • Get daily tips on privacy and security compliance and best practices.
  • Access content from Taft’s Privacy and Data Security attorneys, including helpful checklists and other resources.
  • Search for Taft Privacy and Data Security attorneys and easily contact our team.

Our free app is available for both iOS (Apple) and Android (Samsung), select the one you need below:

Download our app today and stay up to speed. And, of course, we always welcome feedback or suggestions on ways to make the app better and find more ways to share relevant and timely information in this quickly evolving area of law and technology