In 2024, privacy laws adopted by Montana, Oregon, Texas and Utah will become effective. While the laws have much in common (and are similar to the laws already in effect), they each have special characteristics, and companies will need to evaluate how they impact operations, disclosures and policies. What do…
Companies that are subject to the registration and disclosure requirements of the United States Securities Act and Securities Exchange Act face the challenge of complying with a broad variety of detailed regulations addressing their disclosure and reporting obligations. The Securities Exchange Commission recently adopted regulations which will have an impact…
Congress has managed not to adopt a federal privacy law, leaving it to the Securities Exchange Commission, the Federal Trade Commission, and other regulators to fill the void – something that will take years to implement and will be subject to challenges. We now have, however, ten state privacy laws…
Website analytics are a key part of understanding whether a website “works,” and how to improve it; they arose almost at the same time that companies began using websites to transact business. For the most part, and for a long time, website analytics were seen as benign – a way…
On Monday, October 17, 2022, the California Privacy Protection Agency Board issued revised regulations to the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020). The revised regulations propose dozens of changes that were intended to address business concerns that some of the…
In 2018, the California Legislature adopted the California Consumer Privacy Act (CCPA) and became the first state to enact a comprehensive law designed to protect the privacy of consumers’ personal information. Businesses that are subject to the CCPA are required, among other things, to respond to consumers who wish to…
Online privacy policies are ubiquitous. Sometimes they are mandated by law – that’s been the case in California for years – and a variety of other states and federal agencies (like the Securities and Exchange Commission) require them as well. As a practical matter, almost every firm that has an…
Addressing privacy compliance and cybersecurity is becoming more and more challenging for companies. At least 26 states are considering various kinds of data privacy laws. At the same time the rate, depth, and impact of ransomware, wiperware and data breaches has become more intense and more expensive, and there is…
A New Year, A New Challenge The last two years were busy ones for privacy advocates. In 2020, California voters passed the California Privacy Rights Act (CCPA), a major revision of the California Consumer Privacy Act of 2018; Virginia adopted the Consumer Data Protection Act; and Colorado approved the Colorado…
Current information security and risk mitigation approaches are ineffective, and this failure is nowhere more apparent than in critical supply chains – defense, energy, health services, and other key industries. The source of much of the persistent failure to secure supply chains and the success of hackers compromising these vital arteries of…