Constangy Cyber Advisor 

Another type of cyber attack. Continue Reading ›

October is National Cybersecurity Awareness Month, which is celebrating its 21st year. Spearheaded, organized and led by the Cybersecurity and Infrastructure Security Agency and the National Cybersecurity Alliance, the campaign educates individuals and organizations on staying secure in an increasingly complex digital world. Continue Reading ›

The recent shutdown of the federal government has left many critical services in limbo, including the nation’s primary cybersecurity agency. Amid the ongoing budget standoff in Congress, funding for the Cybersecurity and Infrastructure Security Agency lapsed, coinciding with the expiration of the Cybersecurity Information Sharing Act of 2015. Continue Reading ›

Health care remains one of the most targeted and vulnerable sectors when it comes to cyberattacks.  Continue Reading ›

New York ‘s Child Data Protection Act, available here, took effect on June 20. This is a landmark piece of legislation designed to enhance the online privacy and safety of minors. As concerns over children’s digital footprints grow, New York’s approach is drawing national attention for its distinctive legal standards. Continue Reading ›

As cyberattacks and cybercriminals are becoming increasingly sophisticated, safeguarding employee benefit plans, including health and welfare plans, is crucial. Continue Reading ›

Chile has amended its data privacy law granting significant rights to data subjects, and imposing stricter obligations on data controllers and processors. Published in the Official Gazette (Diario Oficial) on December 13, 2024, Chile’s new Personal Data Protection Law takes effect on December 1, 2026. Continue Reading ›

On December 24, New York Gov. Kathy Hochul (D) signed into law an amendment to section 899-aa of the N.Y. General Business Law, also known as The Shield Act, modifying the law’s data breach notification requirements. Continue Reading ›

A Written Information Security Plan, or “WISP,” is essential for any organization that handles sensitive personal information. Here’s a quick breakdown of who needs a WISP and why, as well as a checklist to develop one: Continue Reading ›

The Commonwealth of Pennsylvania has amended its Breach of Personal Information Notification Act. The amendments, available here 2024 Act 33 - PA General Assembly (state.pa.us), took effect last week, on September 26. The key provisions are as follows: Continue Reading ›

On April 24, the Federal Trade Commission announced that it had finalized changes to its Health Breach Notification Rule - to address emerging technologies.

Specifically, the Rule was broadened to (1) apply to entities not currently subject to the Health Insurance Portability and Accountability Act, (2) clarify what a breach of security is, (3) expand notification methods, (4) impose additional requirements for the content of notifications, and (5) amend the timeframe for issuing required notifications to the FTC. Continue Reading ›

Effective May 24, 2024, the Office of the Privacy Commissioner of Canada (OPC) has introduced a new online PIPEDA breach reporting form for federal institutions and businesses subject to the Personal Information Protection and Electronic Documents Act (PIPEDA). Continue Reading ›

On May 22, 2022, Minnesota Gov. Tim Walz (D) signed the Student Data Privacy Act (the “Act”), H.F. No. 2353, into law which amends Minnesota’s Government Data Practices Act. The Act went into effect beginning with the 2022-2023 school year.  Continue Reading ›

Recent amendments to Pennsylvania’s data breach law -- the Breach of Personal Information Notification Act – will take effect May 3. The amendments were enacted in November.

Originally enacted in 2006, the Act provides for the security of computerized data and requires notification to Pennsylvania residents whose personal information data was, or may have been, disclosed due to a breach of the security of an entity’s system.  Continue Reading ›