Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

CCPA Enforcement Will Not Be Delayed Due to COVID-19: Is Your Business in Compliance?

Enforcement of the California Consumer Privacy Act (CCPA) is set to begin on July 1, 2020. The global pandemic has many companies urging the California Attorney General (AG) to delay enforcement until 2021, since testing CCPA-compliant platforms can be much more difficult when IT teams cannot work on site. The California AG, however, has declined … Continue Reading

Washington State Legislature Passes Bill With Major Revisions to Data Breach Notification Statute

Shortly after the proposed Washington Privacy Act (SB 5367) failed to pass the legislature, Washington is now set to revise its existing data breach law. HB 1071, which passed the legislature on April 22, 2019 and is awaiting the Governor’s signature, would substantially expand the definition of personal information, impose new breach notification requirements such … Continue Reading

California Enacts First Law Regulating Internet Of Things Devices

California has enacted the nation’s first law regulating Internet of Things (IoT) devices, which was signed by Governor Jerry Brown on September 28, 2018. IoT refers to the rapidly-expanding world of internet-connected objects such as home security systems, video monitors, enterprise devices that track packages and vehicles, health monitors, connected cars, smart city devices that … Continue Reading

California Enacts New Privacy Law: How Will It Impact You?

by Leila Javanshir, Miller Nash Graham & Dunn 2018 Summer Associate On June 28, 2018, yet another new law hit the data privacy world that will impact the ways companies around the world will handle their data. The implementation of the California Consumer Privacy Act (CCPA) is a landmark moment for consumers and businesses alike. … Continue Reading

California Attorney General Explains “Requirement” to Comply with the 20 Controls Identified in the Center for Internet Security’s Critical Security Controls

In February, the California Attorney General issued the “California Data Breach Report.” That report contained several recommendations, the most controversial of which related to the Center for Internet Security’s Critical Security Controls (the “CCS”). The report stated that “failure to implement all the Controls that apply to an organization’s environment constitutes a lack of reasonable … Continue Reading

Implications for Businesses as Oregon Attorney General Fights for More Detailed Data Breach Notifications, and Increased Involvement in Data Breach Situations

As reported in an interview with The Privacy Advisor, Oregon Attorney General Ellen Rosenblum is seeking the following three changes to Oregon’s data breach notification law: Mandatory reporting of data breaches to the AG’s office; Enhanced enforcement authority in the event of data breaches; and An expanded definition of personal information required to be reported. Rosenblum … Continue Reading

Don’t Be a Data Breach Casualty: Read the Government’s Cybersecurity Framework and Then Put Appropriate Safeguards in Place

The National Institute of Standards and Technology released its “Framework for Improving Critical Infrastructure Cybersecurity” in February. Yet a recent survey by Today’s General Counsel magazine (a discussion of which can be found here) indicated that roughly two-thirds of its respondents had failed to either read or take any action in response to the “Framework.” The Framework will … Continue Reading