SHARE:  

NOVEMBER 2024

DATA ROUNDUP

As breach litigations increase, understanding how to protect attorney-client privilege has become critical for companies facing cybersecurity incidents. Courts continue to debate whether plaintiffs in data breach cases meet the standard of proving “actual or imminent” harm directly tied to a company’s actions, with some defendants successfully challenging standing to secure early dismissals. However, with the ongoing rise in ransomware attacks, companies now face an additional challenge: defending against litigation filed by impacted individuals and class-action lawsuits seeking substantial damages.


Read the Blog

On October 23, 2024, the U.K. Department for Science, Innovation and Technology introduced the Data Use and Access Bill (“DUA Bill”) to Parliament. The legislation seeks to modernize the U.K. General Data Protection Regulation by reforming the way the country uses data for the public’s interest. The Department estimates that doing so will boost the U.K.’s economy by £10 billion GBP.



Read the Blog

Microsoft’s latest Digital Defense Report 2024 provides insights into the evolving global cybersecurity landscape and the role of artificial intelligence.


This report is critical as Microsoft has a tremendous global vantage point that allows others to gain visibility into the attack activity it sees. For example, the report provides that Microsoft processes more than 78 trillion security signals per day, from billions of Windows endpoints, the cloud, and a broad spectrum of products and services.

Read the Blog

After a long wait, on September 30, 2024, China released the “Network Data Security Management Regulations” (“Regulations”). These

regulations help clarify requirements under China’s Cyber Security Law (“CSL”), the Data Security Law (“DSL”), and the Personal Information Protection Law (“PIPL”). These three (3) laws make up China’s data privacy and security framework under which the regulations fall. The regulations present a somewhat less restrictive approach toward data privacy and security.

Read the Blog

LEGISLATIVE & REGULATORY UPDATE

New Data Privacy Protections Lead List of New Laws Taking Effect Today

CTNewsJunkie

"A raft of changes to how Connecticut law protects sensitive medical information, minors from online threats, and misuse of social media lead a group of dozens of new laws that take effect today."

Read Full Article

Long-overdue Australian privacy law reform is here - and it's still not fit for the digital era

The Conversation

"Almost four years since the Privacy Act reciew commenced, the Australian government has introduced a reform bill that fails to make most of the fundamental changes needed to modernise our privacy laws."

Read Full Article

A new law in California protects consumers' brain data. Some think it doesn't go far enough.

MIT Technology Review

"Tech companies collect brain data that could be used to infer our thoughts -- so it's vital we get legal protection rights."

Read Full Article

ENFORCEMENT ACTIONS

Irish Data Protection Commission fines LinkedIn Ireland €310 million

The Data Protection Commission

Read Full Article

Delta, CrowdStrike sue each other over widespread IT outage that caused thousands of cancellations

CNBC

Read Full Article

SEC Fines 4 Companies $7M for Downplaying Breaches Tied to Massive SolarWinds Hack

ALM Law.com

Read Full Article

Commission opens formal proceedings against Temu under the Digital Services Act

European Commission

Read Full Article

Garante Fines Tech Firm Over Cybersecurity Failures

Wolters Kluwer

Read Full Article

Penn State pays DoJ $1.25M to settle cybersecurity compliance case

The Register

Read Full Article

FTC Takes Action Against Marriott and Starwood Over Multiple Data Breaches

Federal Trade Commission

Read Full Article

OCR Announces First Financial Penalty Under HIPAA Risk Analysis Enforcement Initiative

The HIPAA Journal

Read Full Article

PODCAST PORTAL

In this episode of PrivacyCafé, Richard and Jade dive into the background and significance of the Becerra case, which challenges the HHS guidance on the usage of tracking technologies by medical providers. Throughout the episode, they provide practical advice for hospitals on using tracking technologies responsibly, discuss the potential impact on ongoing and future class action lawsuits, and offer actionable tips for medical providers to ensure compliance with data privacy regulations.

Listen Now

MEET OUR TEAM

Richard Sheinis


Rich is a Certified Information Privacy Professional (CIPP-US) and a Certified Information Privacy Technologist (CIPT) through the International Association of Privacy Professionals (IAPP). He works with companies to investigate and respond to HIPAA and other data breaches, advises on regulatory compliance including HIPAA, COPPA, PCI DSS, cross-border data transfer, the EU-US Privacy Shield, and other global privacy regulations.

Jade Davis


Jade provides strategic privacy and cyber-preparedness compliance advice, and defends, counsels, and represents companies on privacy, global data security compliance, data breaches, and investigations. She advises companies on best practices in privacy, cybersecurity, data, mobile, cloud storage, Ad Tech privacy, Internet of Things, and other areas of regulatory compliance.

Joseph Stepina


Joseph is an Attorney in our Little Rock office where he focuses his practice on general liability, premises liability, products liability and data privacy and cybersecurity matters.



Lea McBryde


Lea is an Attorney in our Charlotte office, where she focuses her practice on data privacy and cybersecurity matters.


Savannah Avera


Savannah is an Attorney in our Atlanta office, where she protects the rights of clients in health care and cyberspace.

Web      LinkedIn      Instagram      Facebook