Follow: Email

The California Attorney General has released both clean and redlined versions of proposed modifications to the draft implementing regulations for the California Consumer Privacy Act (“CCPA”). Below is a high-level overview of some key changes:

  1. Service Providers. The modified draft restricts a service provider from processing the personal information it receives from a business except

In a recent blog post, the Federal Trade Commission highlighted three key changes it made in 2019 in its approach to issuing orders in data security enforcement matters.  As stated by Andrew Smith, the Director of the FTC’s Bureau of Consumer Protection, in the blog post, the agency intends for these changes to strengthen consumer protections while providing companies with more specific and actionable guidance about how to improve their data security practices.  However, the FTC’s shift in approach may also have an impact on how companies view risks associated with FTC enforcement, as the changes could result in additional obligations for a company and members of its senior leadership team.
Continue Reading FTC Summarizes 2019 Changes to Data Security Orders

Last week, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) released a set of cyber readiness recommendations for small businesses.  The recommendations, which CISA developed in collaboration with small businesses and state and local governments, are intended to assist smaller organizations in implementing organizational cybersecurity practices.  While not binding requirements, the recommendations may inform what CISA and U.S. regulators view as “reasonable” cybersecurity practices.

Continue Reading CISA Releases Cyber Readiness Recommendations for Small Business