Infographic: The Do's & Don'ts of Data Breach Response/Management
Today's data breach landscape is unprecedented and complex. Every organization is facing potential enforcement of many interconnected and overlapping laws in multiple jurisdictions. Requirements for what constitutes a privacy breach or legal privilege, or what thresholds regulators are setting to hold organizations to account vary significantly.What needs to be done? Should we call law enforcement? What about the General Data Protection Regulation's (GDPR) requirement to notify within 3 days? Should we notify consumers? Although there is no one-size-fits-all approach, here are some of the key do’s and don’ts when responding to... Read More
On January 12, 2021, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) published a Notice of Proposed Rulemaking (NPRM) titled "Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers (Proposed Rule)," which would create accelerated notification obligations for banking organizations and bank service providers in the event of a security incident.This would require a banking organization to notify its primary regulator no later than 36 hours after reasonably determining that a... 
Overview: Originally approved in 2018, The Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais or LGPD) was expected to take effect on August 14, 2020. In April, however, President of Brazil, Jair Bolsonaro issued a Provisional Measure that provided COVID-19 emergency aid and the postponement of the LGPD law to May 2021. After a Senate vote on August 26th, the LGPD will now come into effect immediately, also requiring that the National Data Protection Authority (ANPD), responsible for applying the sanctions of the new law be created soon... 
Why This Privacy Law is Important: On September 1, 2018, the Colorado Protections for Consumer Data Privacy law went into effect. The new Privacy Law provisions are part of the Colorado Consumer Protection Act (“CCPA”), in a continued effort to protect personal data. Overview/Status of Bill: This bill went into effect September 1, 2018 Need to Know Information: Who it Applies To: Any person, commercial entity, or governmental entity that maintains, owns, or licenses personal identifying information (“PII”) of Colorado residents in the course of its business, vocation, or occupation. What is...