Discerning Data

California Attorney General’s Office Gathers Public Opinions Regarding the Implementation of the California Consumer Privacy Act

The California Department of Justice has opened up public forums this month as part of the Attorney General’s rulemaking process to promulgate regulations under the California Consumer Privacy Act of 2018 (CCPA). We previously discussed the Attorney General’s Office’s public statement regarding the CCPA here.

As required by the CCPA, the Attorney General must adopt certain regulations on or before July 1, 2020. In holding these public forums, the Attorney General’s Office hopes to provide an initial opportunity for the public to participate in establishing procedures to facilitate consumers’ rights under the CCPA and to provide guidance for business compliance. Specifically, the following aspects are of high priority: businesses’ obligation to disclose data collection and sharing practices to consumers; consumer rights to request deletion of data; consumer rights to opt out of having their personal information sold to third parties; and restrictions on the sale of personal information of consumers under the age of 16 without explicit consent. The Attorney General’s Office scheduled six public forums across different counties in California and invites in-person attendance or written submissions of public comments through February 2019.

Continue reading “California Attorney General’s Office Gathers Public Opinions Regarding the Implementation of the California Consumer Privacy Act”

Charges Connected to Hack of SEC’s EDGAR System Discussed in SECurities and Law Perspectives

Last week, the Department of Justice (“DOJ”) and the Securities & Exchange Commission (“SEC”) announced charges connected to a large-scale, international conspiracy to hack into the SEC’s Electronic Data Gathering, Analysis and Retrieval (“EDGAR”) system and profit by trading on stolen material, non-public information. The conduct underlying these cases was one of the principal reasons that the SEC created its Division of Enforcement “Cyber Unit” to target cyber-related securities fraud violations.

Continue reading “Charges Connected to Hack of SEC’s EDGAR System Discussed in SECurities and Law Perspectives”

HHS Task Group Releases Cybersecurity Guidelines for the Health Care Industry

Health care is one of the most complex and socially impactful areas of digitalization. Ensuring cybersecurity of health care operations, therefore, is of paramount importance – because potential vulnerabilities may lead not only to financial or technical exposures, but to lapses in life-or-death situations for patients.

To assist practitioners with education and guidelines, and in pursuance of Cybersecurity Act of 2015 (Public Law 114-113), Section 405(d), the Department of Health and Human Services created a “405(d) Task Group” in May 2017, involving, more than 150 health care and cybersecurity experts. The result of their collaborative work became a voluntary guideline entitled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients,” which was released at the end of 2018.

Continue reading “HHS Task Group Releases Cybersecurity Guidelines for the Health Care Industry”

House Committee Staff Report Finds Equifax Data Breach Entirely Preventable, Provides Recommendations for Consumer Reporting Agencies

After a 14-month investigation into the 2017 Equifax data breach, which was one the largest in U.S. history, the House Oversight and Government Reform Committee released a report in December.

Continue reading “House Committee Staff Report Finds Equifax Data Breach Entirely Preventable, Provides Recommendations for Consumer Reporting Agencies”

EU-US Privacy Shield Second Review: Improvements Shown, but More to be Done

The EU Commission published its second annual review of the functioning of the EU-US Privacy Shield, which focused on the commercial issues, human resources and data automated individual decision-making and developments in the U.S. legal framework. This report follows the same general structure as the report on the first annual EU-US Privacy Shield review that we reported on last year.

Continue reading “EU-US Privacy Shield Second Review: Improvements Shown, but More to be Done”