Information governance and data retention have been important topics in the corporate world for years. As an executive, it’s crucial to ensure effective management, storage, and secure disposal of your company’s data. Having well-defined information governance and data retention policies helps maintain compliance with legal requirements and safeguards against data breaches and cyber-attacks. In this
Data Privacy + Security Insider
Blog Authors
Latest from Data Privacy + Security Insider
FTC and CA AG Settle with DNA Testing Firm for Allegations of Misrepresentation
The Federal Trade Commission (FTC) and the California Attorney General teamed up against California company CRI Genetics, LLC, filing a joint complaint against the company alleging that it engaged in deceptive practices when it “deceived consumers about the accuracy of its test reports compared with those of other DNA testing companies, falsely claimed to have…
Privacy Tip #381 – Research Risks of Smart Toys This Holiday Season
The holidays are upon us, including “cyber week” filled with deals for shopping for the holidays. The U.S. Public Interest Research Group (PIRG) is warning shoppers about smart toys this holiday season. In its article, “Consumer watchdog: ‘Smart toys’ put kids’ privacy at risk,” PIRG outlines the privacy risks associated with smart toys. The…
FTC and CPPA Release Rules to Address AI Risks and Protect Consumer Rights
The rise of AI technology has prompted regulatory agencies to take action and protect consumers’ rights, as evidenced by the recent efforts of the Federal Trade Commission (FTC) and the California Privacy Protection Agency (CPPA).
On November 16, 2023, the FTC approved a resolution that authorizes its staff to issue civil investigative demands (CIDs) in…
CISA Issues Mitigation Guide for Healthcare + Public Health Sector
On November 17, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released a supplemental mitigation guide for the healthcare and public health sector to the Cyber Risk Summary for those sectors published on July 19, 2023.
“This guide provides defensive mitigation strategy recommendations and best practices to combat pervasive cyber threats affecting this critical infrastructure…
Iranian-Linked Hackers Attack Water Facility in Pennsylvania
It is being reported that U.S. officials are investigating an attack by hackers “linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), also known as the “Cyber Av3ngers,” that allowed them to gain control of a device at the Municipal Water Authority of Aliquippa, PA. The water authority has stated that once the intrusion was detected,…
CISA Issues Roadmap for Artificial Intelligence
Following the White House’s Executive Order on AI, the Cybersecurity & Infrastructure Security Agency (CISA) issued its Roadmap for Artificial Intelligence this week “which is a whole-of-agency plan aligned with national AI strategy to address our efforts to: promote the beneficial uses of AI to enhance cybersecurity capabilities, ensure AI systems are protected from cyber-based…
New York Governor Proposes Cybersecurity Regulations for NY Hospitals
On November 13, 2023, Governor Kathy Hochul released proposed cybersecurity regulations applicable to all hospitals located within the state of New York. The Governor has included $500 million in grant funding in her FY24 budget to assist health care facilities with upgrading their systems to comply with the new requirements.
According to the Governor’s press…
Privacy Tip #380 – Tips + Tools for Protecting Online Privacy
During the last Privacy Law class of the semester, we discuss Privacy and Emerging Technology. My students continue to learn about the collection, use, disclosure, and monetization of consumers’ data, and continue to be amazed at how their data is used without their knowledge. They often ask for tips on how to protect their data…
State Consumer Privacy Laws in M&A Deals: What to Know
Data privacy and cybersecurity risks are critical components of M&A transactions due to the potential exposure for legal liability for non-compliance, as well as the financial and reputational harm and the material impact that lax or failed data privacy compliance and cybersecurity safeguards can have on an entity’s ability to conduct its operations.
Therefore, part…