New York Attorney General Letitia James recently announced two agreements related to data breaches with entities that operate in the education industry. In both instances the entities paid the ransom and received evidence of deletion of the stolen … [Read more] about New York Continues to Focus on Companies’ Data Security Practices
On August 28, 2023, the California Privacy Protection Agency (the “Agency”) released two sets of draft regulations under the California Consumer Privacy Act (the “CCPA”), one for risk assessments and another for cybersecurity audits, as part of the … [Read more] about California Privacy Protection Agency Releases Draft Regulations on Risk Assessments
On September 1, 2023, the U.S. District Court for the Eastern District of Pennsylvania unsealed a qui tam False Claims Act (“FCA”) lawsuit (originally filed on October 5, 2022) alleging Penn State University failed to provide “adequate security” for … [Read more] about Penn State University Hit With False Claims Act Suit for Alleged Cyber Security Deficiencies
On 21 September 2023, the UK Government adopted the Data Protection (Adequacy) Regulations 2023, also referred to as the “UK-U.S. Data Bridge”. The UK-U.S. Data Bridge will allow companies to legitimately transfer personal data from the UK to the … [Read more] about UK Government Makes a Bridge to The EU-U.S. Data Privacy Framework
In late August 2023, the California Privacy Protection Agency (“CPPA” or “Agency”) released a discussion draft of proposed regulations under California’s data privacy law, the California Consumer Privacy Act (“CCPA”). Importantly, the proposed … [Read more] about California Proposes Annual Audits to Assess Sufficiency and Compliance of Company Cybersecurity