With the number of data breaches increasing each year, it’s becoming more important to know what personal data you have and where you have it. On personal or even work devices, you may be surprised at how much of your data is just waiting to be taken advantage of by a bad actor. Continue Reading ›
Just in time for setting a new year’s resolution, the New York Senate passed health privacy bill S-929. This bill was first introduced during the 2024 legislative session but failed to pass. Now in the early weeks of 2025, S-929 has passed without any changes since 2024. The bill will now move to the Assembly Codes and Science & Technology Committees for further consideration. Continue Reading ›
Some FAQs about the law and the litigation that has ensued. Continue Reading ›
Happy Cyber Monday!
In honor of Computer Security Day (which was Saturday), we have a quiz designed to test your grasp of key laws, regulations, and best practices that keep your personal, financial, and sensitive information safe. Continue Reading ›
Joseph Sullivan, Uber’s beleaguered former Chief Information Security Officer, was back in the news last month when he appealed his 2023 conviction for his role in concealing a 2016 breach of Uber’s network and customer data. Continue Reading ›
Data breaches have become a serious issue for businesses, leading to numerous putative class action lawsuits alleging that the defendants failed to prevent the unauthorized disclosure of personally identifiable information or protected health information of their employees or customers. Continue Reading ›
On October 1, Montana became the newest state with a comprehensive data privacy law, the Montana Consumer Data Privacy Act. Continue Reading ›
The Commonwealth of Pennsylvania has amended its Breach of Personal Information Notification Act. The amendments, available here 2024 Act 33 - PA General Assembly (state.pa.us), took effect last week, on September 26. The key provisions are as follows: Continue Reading ›
The State of Utah recently amended its general data breach notification statute to update the content that must be reported to the Utah Attorney General or the Utah Cyber Center. The amendments also clarify when notifications can be considered confidential or classified under the state’s public records law. Continue Reading ›
On April 17, Colorado Gov. Jared Polis (D) signed into law a bill that will extend privacy rights to individuals’ neural data. Although certain states have enacted privacy laws that include protection of sensitive and biometric data, Colorado’s law is the first that explicitly addresses neural data. Continue Reading ›
On April 6, the Maryland legislature passed the Maryland Online Data Privacy Act of 2024, sending the bill to the state’s governor for signing. The bill comes on the heels of the Kentucky Consumer Data Protection Act, which was signed into law on April 4. If the Act is signed into law, it will bring the number of states with comprehensive privacy laws to 16. Continue Reading ›
Data processing agreements are a standard part of business arrangements involving personal data due to the European Union’s General Data Protection Regulation as well as the ever-expanding number of U.S. consumer privacy statutes. Continue Reading ›
The Constangy Cyber Advisor posts regular updates on legislative developments, data privacy, and information security trends. Our blog posts are informed through the Constangy Cyber Team's experience managing thousands of data breaches, providing robust compliance advisory services, and consultation on complex data privacy and security litigation.
