On July 29, 2022, the New York Department of Financial Services (“NYDFS”) released Draft Amendments to its Cyber Security Regulations.  The Amendments, if adopted, would further regulatory trends and impose important new requirements on covered entities.

The Amendments contain three significant changes relating to ransomware.  First, the Amendment specifically adds “the deployment of ransomware

The FTC recently reported that over $650 mm worth of cryptocurrency was stolen by hackers last year.  Thus far, over $320 mm in cryptocurrency has been stolen by hackers this year.  Not surprisingly, this surge in crypto breaches has led to litigation.  In our monthly webcast series, Ballard partners Phil Yannella, Greg Szewczyk and

Since the beginning of the year, the SEC has issued several sets of proposed rules governing cybersecurity.  In an upcoming webinar, Ballard Privacy & Data Security partner Phil Yannella will join a panel discussion hosted by SEI Investments concerning the impact of these new rules on registered investment advisors and funds.  You can register

On the latest episode of our podcast, Business Better, our Ballard lawyers discuss emerging trends in privacy litigation. Issues we discuss include companies sharing and selling consumer data, plaintiffs’ liability theories, including the right of publicity, and best business practices to consider in anticipation of privacy claims.

Leading this discussion is Aliza Karetnick, a Partner

On January 28, 2022 the Consumer Protection Section of the Colorado Attorney General’s Office issued guidance regarding data security best practices.  Businesses subject to the Colorado Privacy Act can look to these best practices as a roadmap for the technical and organizational data security safeguards the law requires businesses to implement.

The guidance instructs covered

California continues to be at the vanguard of privacy protection.  On October 11, 2021 California’s Governor Newsom signed several bills addressing privacy and data security. These new laws go into effect January 1, 2022 and include:

  • AB 335, which adds an exemption to the California Consumer Privacy Act (CCPA) consumer personal information sales opt-out

With a little over a year of enforcing the California Consumer Privacy Act (CCPA) under its belt, the Office of the California Attorney General (OAG) recently held a press conference to announce updates on its CCPA enforcement efforts and promote new tools relating to California consumers’ right to opt out of the sale of their personal information.
Continue Reading  California Enforcement Updates and Privacy Tools Highlight Regulatory Scrutiny of Right to Opt Out

On July 9, 2021, New York City’s biometric identifier information law became effective. The law, which was enacted in January 2021, addresses the collection and use of biometric identifier information (BII) by commercial establishments—meaning places of entertainment, retail stores, or food and drink establishments—to track customer activity. It creates a private right of action and subjects violators to statutory damages.

Continue Reading  New York City’s Biometric Identifier Information Law Takes Effect

Phil Yannella, Ballard Spahr litigation partner and Practice Leader of Ballard’s Privacy & Data Security Group, recently authored a treatise on data breach and privacy litigation. The book, Cyber Litigation: Data Brach, Data Privacy & Digital Rights, is published by Thomson Reuters and is available now for purchase.
Continue Reading  Ballard Spahr Partner, Phil Yannella, Authors Book on Data Breach and Privacy Litigation

Ballard Privacy & Data Security partners Phil Yannella, Kim Phan and Greg Szewczyk recently wrote an article on managing compliance with the growing patchwork of state privacy laws for the Media Law Resource Center (MLRC).  The article was made available at last week’s  Legal Frontiers in Digital Media virtual conference sponsored by the MLRC and will appear in an upcoming edition of “Legal Frontiers in Digital Media,” MLRC Bulletin (June 2021).  A copy of the article is available here:
Continue Reading  Managing Compliance with a Patchwork of State Privacy Laws