The Washington Post (sub.req.) reported that Virginia Gov. Ralph Northam signed data privacy legislation into law on March 2, making Virginia the second state in the nation to adopt its own data protection rules.
The Consumer Data Protection Act had
Privacy & Data Security
SMARTWATCH Act and AHRQ’s Inquiry
Two recent actions by lawmakers are intended to address certain uses of technology in health. First, two Senators have introduced a bipartisan bill related to the collection and use of identifiable health data from wearable health trackers. Second, following an…
Virginia’s New Consumer Data Protection Act (CDPA)
On March 2, 2021, Governor Northam signed into law Virginia’s own Consumer Data Protection Act (“Virginia CDPA” or the “Act”), a bill that brings together concepts from the EU’s General Data Protection Regulation (GDPR) as well as the California Consumer…
Ransomware with Data Exfiltration and Threatened Leak Extortion
Seyfarth Synopsis: The attorney-client privilege is a bedrock legal principle that protects a client from providing a court or adversary with confidential communications exchanged in the course of providing or receiving legal advice with an attorney. Cybersecurity data breach, often…
What Businesses Need to Know About Consumers’ “Right to Delete” Under the CCPA, CPRA and VCDPA
Just this week Virginia joined California as being one of the few states where consumers have a “right to delete” under applicable state privacy laws. This loosely follows the approach in the EU General Data Protection Regulation (“GDPR”) that also contains…
BIPA And Article III Standing: Where Are We Now?
The Illinois Biometric Information Privacy Act (“BIPA”) continues to attract litigation, and the battle continues as to what allegations of a BIPA violation may proceed in the federal courts. As you will recall, BIPA was enacted in 2008 to protect…
CIPL Submits Response to New Brazilian Data Protection Authority’s First Public Consultation on SMEs
On March 1, 2021, the Centre for Information Policy Leadership at Hunton Andrews Kurth submitted a response to the new Brazilian data protection authority’s call for preliminary inputs on the impact of the Brazilian data protection law on small and…
Less data is more than ever: The FTC and the reasonable data security program
Virginia Enacts Comprehensive Privacy Law
On March 2, Virginia Governor Ralph Northam signed into law the Virginia Consumer Data Protection Act (VCDPA), becoming the second U.S. state to enact a comprehensive privacy law (Nevada has enacted an online privacy law, albeit with a narrower scope). …
Does a company need to treat exfiltration of personal data by a former employee as a data breach under the GDPR?
Possibly. The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government…