Polsinelli's Privacy & Data Security Blog
29 FOLLOWERS
Stay up on the latest Polsinelli news, policies & best practices, penalties & sanctions, breach response, regulatory, CCPA, GDPR, and compliance. Polsinelli is a nationwide firm, provides value through practical legal counsel infused with business insight.
Polsinelli's Privacy & Data Security Blog
1y ago
By: Matt Todd and Romaine Marshall
Crypto is dead or on life support, waiting for regulation to rid it of ‘crypto contagion.’ Meanwhile, blockchain technology – the virtual, public ledger technology that records crypto transactions – is very much alive, as evidenced by emerging applications in the healthcare, transportation, and real estate industries.1
Even crypto skeptics who mockingly blame “magical thinking” for infecting a generation of investors agree, at a minimum, there is a potential legitimate use of crypto “as part of new payment systems using blockchain technology” for such ..read more
Polsinelli's Privacy & Data Security Blog
1y ago
By: Romaine Marshall and Kurt Erskine
Last week classes for elementary schools, high schools and a community college in Boston were canceled due to a cyberattack.1 Last month an Arkansas school district approved a payment of $250,000 to cybercriminals to retrieve stolen data.2 Similar attacks were reported in at least 90 other schools and universities last year, about the same as in the previous year.3
According to the United States Government Accountability Office, the impact of cyberattacks during 2018-2021 for K-12 schools included loss of learning from three days to three weeks ..read more
Polsinelli's Privacy & Data Security Blog
1y ago
By: Romaine Marshall and Jose Abarca
In the past two weeks, the federal government has released startling reports calling for urgent action to address cybersecurity risks to offshore oil and gas facilities and internet-connected devices. Yesterday, one of the reports acknowledged that federal agencies cannot assess such risks without “a holistic approach.” In 2023, a “public and private sector partnership” will be vital. Click here to download and view the full update ..read more
Polsinelli's Privacy & Data Security Blog
1y ago
By: Romaine C. Marshall, Elizabeth (Liz) Harding, Jordan C. Lee and Jose A. Abarca
“To prosper over time, every company must not only deliver financial performance, but also show how it makes a positive contribution to society,” said the CEO of the world’s largest money manager in 2019. But embedding environmental, social and governance (ESG) factors recently prompted multiple state attorney generals to allege multiple violations of law, including breached duties of care and loyalty, against that same CEO.
Listen to presenters Romaine C. Marshall, Elizabeth (Liz) Harding, Jordan C. Lee and Jo ..read more
Polsinelli's Privacy & Data Security Blog
2y ago
Polsinelli is pleased to share the Tech Transactions & Data Privacy 2022 Report. The articles contained in this report highlight the forward-thinking advice and counsel our attorneys provide our clients throughout the year.
In this report:
Top 5 Privacy Issues of 2022
Discoverability of Forensic Expert Incident Reports
Market Changes in Cyber Liability and Options for Your Business
Ransomware Reporting Requirements: A Look Forward into Evolving Security Incident Notification Rules
The FTC’s Expanding Role in Cybersecurity and Data Privacy Enforcement in 2022
Third-Party D ..read more
Polsinelli's Privacy & Data Security Blog
2y ago
By: Elizabeth (Liz) Harding and L. Hannah Ji-Otto
China has recently joined the list of countries that have adopted the world’s strictest data-privacy laws. Given China’s desirability as both a market for and a source of data, companies worldwide have started making early efforts to mitigate the impact of these new requirements on their businesses. This client alert provides five concrete steps that an organization can take now that China’s new privacy law has become effective.
For background, China’s first attempt to regulate the internet was its Cybersecurity Law (“CSL”) of 2017. The y ..read more
Polsinelli's Privacy & Data Security Blog
2y ago
By: Jennifer Osborn Nix, Steven L. Imber, Zachary R. Dyer, Justin T. Liby, John C. Cleary
The New York Department of Financial Services (“NYDFS”) recently announced that it has entered into a Consent Order with two affiliated life insurers for alleged violations of New York’s Cybersecurity Regulation (the “NY Cybersecurity Regulation”). The NYDFS conducted an investigation and determined that the two life insurers (the “Companies”) had been the subject of two phishing attacks in 2018 and 2019, which compromised the email accounts of several of the Companies’ employees, providing access to a s ..read more
Polsinelli's Privacy & Data Security Blog
2y ago
By: John C. Cleary, Mark A. Olthoff and Michael J. Waters
The Supreme Court in TransUnion LLC v. Ramirez on June 25, 2021 dramatically reorganized and narrowed the Article III landscape for constitutionally cognizable damage suits in federal court. Suits for damages based solely on “risk of future” harm, the Court ruled, are not “Cases” or “Controversies” under the U.S. Constitution and no longer meet what were long thought to be minimal “injury in fact” requirements for a plaintiff to establish standing to sue.
Describing the new standard as “No concrete harm, no standing,” in the 5-4 majori ..read more
Polsinelli's Privacy & Data Security Blog
2y ago
By: Elizabeth (Liz) Harding and Thomas P. Weber
On May 26, 2021, the Colorado State Senate unanimously passed the Colorado Privacy Act bill (CPA) through the state Senate. On June 7, 2021, the Colorado House passed the CPA (by a vote of 57-7). The House amended the Senate version of the CPA, so the bill will now return to the Senate for consideration of the House amendments. Specifically, the House adopted nine total amendments to the CPA. Amendments of note include:
Consumer rights to access, correction, deletion and data portability do not apply to pseudonymous data;
T ..read more
Polsinelli's Privacy & Data Security Blog
2y ago
By: Elizabeth (Liz) Harding, Ephraim T. Hintz and Thomas P. Weber
Like Virginia and Washington before it, on March 19, 2021, Colorado introduced a data privacy bill, the Colorado Privacy Act (CPA). As currently drafted, the CPA would be similar to other U.S. state privacy laws, including California’s CCPA, Virginia’s Consumer Data Protection Act and Washington’s Privacy Act, although it also bears a close resemblance to the GDPR. If passed, the CPA would go into effect on January 1, 2023.
1. Who would be subject to the CPA?
The CPA applies to organizations that conduct business in Colorado or ..read more