“Cybersecurity” has emerged as one of top risks facing organizations. Considering the steady stream of massive data breaches affecting millions (sometimes billions), the debilitating effects of ransomware on an organization’s information systems, the intrigue of international threat actors, and the mobilization and collaboration of national law enforcement to thwart these
Articles Discussing Privacy And Surveillance In The Workplace.
Multi-factor Authentication (MFA) Bypassed to Permit Data Breach
As organizations continue to take steps to prevent cyberattacks, a near-universal recommendation is that they should implement multi-factor authentication (MFA), and for good reason. Organizations subject to the updated FTC Safeguards Rule, for example, are required to implement MFA. The Cybersecurity & Infrastructure Security Agency (CISA) includes MFA as a
Employers Urged To Revisit Existing Privacy Policies Following Executive Order Mandating Protection Of Sensitive Personal Data
President Biden issued an Executive Order on February 28, 2024 to prevent access to U.S. Citizens’ sensitive personal
Top 10 for 2024 – Happy Data Privacy Day!
To celebrate Data Privacy Day (January 28), we present our top ten data privacy and cybersecurity predictions for 2024.
AI regulations to protect data privacy.
Automated decision-making tools, smart cameras, wearables, and similar applications, powered by technology commonly referred to as “artificial intelligence” or “AI” will continue to
Top 10 Blog Posts for the Workplace Privacy, Data Management & Security Report for 2023
As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our Top 10 most popular topics from 2023.
States Passing Comprehensive Privacy Laws
There was a landslide of comprehensive state privacy laws passed in 2023,
Modified Privacy Regulations May be on the Horizon
By: Modified Privacy Regulations May be on the Horizon
On Friday, December 8, 2024, the California Privacy Protection Agency (Agency) will meet to discuss important items, including drafting proposed regulations for employers. While the Agency has not yet commenced the formal rulemaking process on many of the regulations, the current drafts
Transatlantic Transfers of Personal Data: Transferring a Privacy Shield Certification to the New EU-U.S. Data Privacy Framework
Effective July 10, 2023, the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) replaced the invalidated EU-U.S. Privacy Shield framework (“Privacy Shield”). Participating U.S. organizations can now receive personal data transferred from the European Economic Area in compliance with the EU General Data Protection Regulation and without being subject to further conditions.
Importance of Protecting Employee Information as Privacy and Cybersecurity Laws Proliferate
Most human resources professionals are concerned about the privacy and security of the vast amounts of personal information they manage. This article discusses steps to consider taking against the challenges.
The EU-US Data Privacy Framework: Transferring Personal Data Under the New Privacy Shield
Now that the European Commission has published the new EU-US Data Privacy Framework, it will be easier for organizations to transfer personal data from the EU to the United States.
New SEC Cybersecurity Disclosure Requirements Place Pressure On Public Companies To Investigate Potential Breaches Quickly And Involve Leadership In Data Security Compliance
This summer, the Securities and Exchange Commission (SEC) adopted rules to enhance and standardize disclosures by public companies regarding cybersecurity risk management, strategy, governance, and incidents.
The rules will impose a number of new requirements, including disclosures regarding:
Material cybersecurity incidents, which must be made within four (4)
Cyber Safety Review Board Issues Compelling Report about Lapsus$, MFA Vulnerabilities, and Helpful Recommendations
The Cyber Safety Review Board (Board) issued a report entitled, Review of the Attacks Associates with Lapsus$ and Related Threat Groups (Report), released by the Department of Homeland Security on August 10, 2023. The Report begins with a message from the Board’s Chair and Vice Chair discussing WarGames, a movie
2023 Mid-Year Report: Data Privacy
No matter the month or year, employers can count on one thing, changes in workplace law. Having reached the midway point of the year, 2023 does not look to be an exception.
Increase in In-House Oversight of Privacy
The Association of Corporate Counsel and Major, Lindsey & Africa recently released their 2023 Law Department Management Benchmarking Report (Report) which tracks key trends in law department financial and operational data.
Unsurprising, as there has been an increase in privacy regulation across the country with several states passing comprehensive privacy
Data Protection Update: 2Q 2023
As we round the corner into the second quarter of 2023, the following enforcement dates for new or amended state data protection laws are quickly approaching.
The New York City Local Law 144, Automated Employment Decision Tools: April 15, 2023. California Consumer Privacy Act Regulations: July 1, 2023.
Stolen Databases Obtained In Transaction Leads to $400K Settlement with PA and OH Attorneys General
This post deals with another data breach, yes, hackers were able to compromise the organization’s systems and exfiltrate personal information relating to over 45,000 Pennsylvania and Ohio residents. However, there are several important takeaways from this case, including cybersecurity in corporate transactions, data retention and destruction, and incident response planning.