Businesses with automatic renewal contracts—including subscriptions—should take note of Colorado’s new law that went into effect earlier this year on January 1, 2022. While companies subject to other state’s auto-renewal laws and the Restore Online Shoppers’ Confidence Act (“ROSCA”) will be familiar with the three-prong approach of upfront clear disclosure, simple cancellation, and ongoing reminders,
Uncategorized
Financial Institutions Face Increasingly Stringent Federal Breach Reporting Requirements
The last few months have seen a flurry of new federal cybersecurity incident reporting requirements and proposals impacting private entities in the financial sector. As the number and frequency of cyber attacks continue to grow, regulators have attempted to enhance cybersecurity protections via increased and more rigid incident reporting obligations, leading to a constantly shifting…
Webinar — Ballard Partner Phil Yannella to Join Discussion of New Proposed SEC Cyber Rules for Investment Advisors
Since the beginning of the year, the SEC has issued several sets of proposed rules governing cybersecurity. In an upcoming webinar, Ballard Privacy & Data Security partner Phil Yannella will join a panel discussion hosted by SEI Investments concerning the impact of these new rules on registered investment advisors and funds. You can register…
California Passes Suite of New Privacy Laws
California continues to be at the vanguard of privacy protection. On October 11, 2021 California’s Governor Newsom signed several bills addressing privacy and data security. These new laws go into effect January 1, 2022 and include:
- AB 335, which adds an exemption to the California Consumer Privacy Act (CCPA) consumer personal information sales opt-out
…
Ballard PDS Partner to Join Ankura For Cybersecurity Webinar
On February 10, 2021, Phil Yannella, Chair of Ballard’s Privacy & Data Security Group, will join Ankura for a webinar, “2020 Cyber Year in Review”, which will recap cybersecurity events for 2020. Panel members will also offer their predictions for what cybersecurity issues will dominate headlines in 2021. You can register for the event here.
Washington’s Latest Effort at Passing a Comprehensive Privacy Act
On September 9, 2020, Washington Senator Reuven Carlyle, D-Seattle, announced via Twitter that the third version of the draft Washington Privacy Act 2021 (“WPA”) was available for public review and comment. The recently released version of the WPA is the latest attempt by the Washington legislature to pass a comprehensive privacy bill. An earlier 2020…
HHS Issues HIPAA Guidance on Contacting Survivors of COVID-19 About Plasma Donation
The Office of Civil Rights of the U.S. Department of Health and Human Services has issued guidance clarifying how HIPAA’s Privacy Rule permits covered entities (in particular, health care providers and health plans) or their business associates to contact former COVID-19 patients about plasma donation to treat or potentially treat patients. The guidance follows the…
CPRA Poised to Go On November 2020 Ballot
While businesses are busy finalizing CCPA preparations, a new privacy initiative in California called the California Privacy Rights Act (CPRA) may be headed to the November 2020 ballot. …
Continue Reading CPRA Poised to Go On November 2020 Ballot
2019 Year in Review
Happy (belated) New Year! 2020 marks the second anniversary of CyberAdviser. In the word of data privacy and cybersecurity, a great deal has happened over that span of time, including the enactment of the GDPR, BDLC (Brazil’s new privacy law), and the CCPA, the continued expansion of data breach and biometrics litigation, important US federal…
Listen to Our Webinar on “The SEC’s Special Report on Business Email Compromises: What It Means and What You Should Do”
On November 13, 2018, Ballard Spahr lawyers presented a webinar on the SEC’s recent “Report of Investigation” into “business email compromises” affecting public companies.
As noted in our prior blog post, the Report was prompted by the SEC’s investigation into whether nine public companies violated U.S. securities laws “by failing to have sufficient accounting controls” to prevent approximately $100 million in losses as a result of business email compromises targeting their personnel. The SEC investigated whether these companies violated Sections 13(b)(2)(B)(i) and (iii) of the Securities and Exchange Act of 1934. Although declining to pursue enforcement actions against the companies, the SEC emphasized its recent cybersecurity guidance, advising public companies that “[c]ybersecurity risk management policies and procedures are key elements of enterprise-wide risk management, including as it relates to compliance with federal securities laws.” (See our prior alert and blog post regarding the Interpretive Guidance).
Continue Reading Listen to Our Webinar on “The SEC’s Special Report on Business Email Compromises: What It Means and What You Should Do”