The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) has released a new report, entitled Cybersecurity and Resiliency Observations, which stands as their most detailed and comprehensive information security guidance to date....

Washington state may be leading the charge on privacy legislation in 2020. The state legislature introduced several privacy bills during the first week of its 2020 legislative session, including an updated version of the Washington...

On October 10, 2019, the California Attorney General issued its notice of proposed rulemaking containing its proposed CCPA Regulations. In many instances, the draft Regulations go beyond simply clarifying existing CCPA provisions and instead set forth new...

Key Takeaways: Subject data rights for employee data and business-to-business data were narrowed (for a year). The definition of personal information was clarified; the toll-free number requirement has an exception. The definition of sale remains...

Following a breach affecting 145 million consumers, the Federal Trade Commission has announced a settlement with Equifax for up to $700 million, the largest ever for a data breach. In the same action, Equifax also settled with...

New York has updated its breach notification and data security law, expanding the definition of a data breach and imposing detailed reasonable security requirements, among other changes. The amendment also adds a number of new...