On December 7, 2021, the New York Department of Financial Services (“DFS”) released new guidance on multifactor authentication (“MFA”), indicating that it is increasing its review of MFA during examinations,…
Almost everyone working in cybersecurity compliance is aware that each U.S. state has its own set of breach notification requirements. What is less known is that many of these states…
Colorado has just adopted a brand-new data privacy law and Nevada has just significantly amended its law. These changes add rights for consumers, and compliance obligations for businesses, that take…
Since the implementation of the California Consumer Privacy Act (“CCPA”) 18 months ago, more than 75 lawsuits have been filed seeking damages using the Act’s private cause of action. The CCPA…
On March 15, 2021, California’s Attorney General announced the adoption of updates to the regulations implementing the California Consumer Protection Act (“CCPA”). The final (for now) regulations are available here.…
Virginia has just become the second U.S. state with a comprehensive privacy law, with Governor Ralph Northam’s signing of the Virginia Consumer Data Protection Act (“VCDPA”) on March 2, 2021.…
On December 10, 2020, California’s Attorney General formally announced a fourth round of proposed modifications to the AG’s regulations regarding the California Consumer Privacy Act (“CCPA”). These modifications include the…
It looks like the California Attorney General’s implementing regulations for the California Consumer Privacy Act (“CCPA”) are, finally, final. On June 1, 2020, the California Attorney General submitted for publication…