Cybersecurity and Data Privacy

Subscribe to Cybersecurity and Data Privacy via RSS

On May 17, District of Colombia Attorney General Brian Schwalb announced the settlement of an investigation into Easy Healthcare Corporation, requiring the company to change its privacy practices involving the ovulation tracking app “Premom” to protect the sensitive reproductive data of consumers. Easy Health agreed to several remedial measures intended to prevent the disclosure of sensitive information to third parties and to pay a $100,000 penalty to the states involved with the investigation.

In addition to a night of revelry, the 2023 new year will trigger the many new privacy mandates in the Virginia Consumer Data Protection Act (VCDPA) for businesses operating in Virginia — only the second state with active consumer privacy legislation behind California, with other states’ privacy laws, such as Colorado, Connecticut and Utah, taking effect later this year. Virginia Attorney General Miyares is no doubt eager to flex his new authority under the VCDPA, meaning companies that process, collect, or sell Virginians’ personal information should carefully read the VCDPA to ensure their compliance with the new law.

Virginia’s new Consumer Data Protection Act will take effect on January 1, 2023, adding new consumer privacy rights, a broader interpretation of “personal information,” a separate “sensitive data” category, and data protection assessment obligations into the mix with the commonwealth’s three major pre-existing privacy and data protection laws as Virginia joins the growing ranks of

Critical Infrastructure Must Soon Report Cyber Incidents to CISA Immediately

In March, President Biden signed the “Cyber Incident Reporting for Critical Infrastructure Act” (CIRCIA) into law. CIRCIA applies to the Critical Infrastructure Sector, which includes entities that are “vital to the United States” and whose incapacitation or destruction would have an adverse effect on national

Introduction

On April 29, Aerojet Rocketdyne Holdings Inc. (Aerojet) settled claims by whistleblower Brain Markus for a reported $9 million after the second day of a jury trial.[1] This is the second recent settlement under the False Claims Act (FCA) relating to alleged misrepresentations about a company’s cybersecurity practices and systems in connection with

Creation of CyTech. On May 9, the National Association of Attorneys General (NAAG) announced the creation of the NAAG Center on Cyber and Technology (CyTech), joining a number of other centers focused upon key issues for state attorneys general and the public, including tobacco and public health, ethics and public integrity, and consumer protection.

Purpose:

On April 18, the Ninth Circuit issued its opinion in hiQ Labs, Inc. v. LinkedIn Corporation[1] in which the court clarified its position on an important topic: whether the common practice of data “web scraping” can create criminal liability under the Computer Fraud and Abuse Act (CFAA). To be clear, the Ninth Circuit was

On February 28, the U.S. Department of Justice (DOJ) agreed to a $930,000 settlement with Comprehensive Health Services (CHS) to resolve False Claims Act allegations. The resolution represents the department’s first settlement under the False Claims Act since instituting its Civil Cyber Fraud Initiative in October 2021.[1] This is a watershed moment in the

On February 25, the Utah Senate passed the Utah Consumer Privacy Act (the UCPA), which closely resembles both the Virginia Consumer Data Protection Act (the VCDPA) and the Colorado Privacy Act (the CPA). The House unanimously passed the bill on March 2. The bill now goes to Governor Spencer Cox, who has 20 days to

On January 28, California Attorney General Rob Bonta announced that his office was beginning an “investigative sweep” of businesses operating consumer loyalty programs in California. The California AG’s press release stated that letters were sent to “major corporations in the retail, home improvement, travel, and food service industries” and allege the recipients’ potential noncompliance with