• Posts by Lauren Godfrey
    Partner

    Lauren advises clients across a variety of business sectors on best practices in data privacy and information security. She guides clients in responding to data security incidents, conducting initial assessments of data security ...

Chile has amended its data privacy law granting significant rights to data subjects, and imposing stricter obligations on data controllers and processors. Published in the Official Gazette (Diario Oficial) on December 13, 2024, Chile’s new Personal Data Protection Law takes effect on December 1, 2026.

Facebook Twitter/X LinkedIn Email

On December 24, New York Gov. Kathy Hochul (D) signed into law an amendment to section 899-aa of the N.Y. General Business Law, also known as The Shield Act, modifying the law’s data breach notification requirements.

Facebook Twitter/X LinkedIn Email

A Written Information Security Plan, or “WISP,” is essential for any organization that handles sensitive personal information. Here’s a quick breakdown of who needs a WISP and why, as well as a checklist to develop one:

Facebook Twitter/X LinkedIn Email

The Commonwealth of Pennsylvania has amended its Breach of Personal Information Notification Act. The amendments, available here 2024 Act 33 - PA General Assembly (state.pa.us), took effect last week, on September 26. The key provisions are as follows:

Facebook Twitter/X LinkedIn Email

On April 24, the Federal Trade Commission announced that it had finalized changes to its Health Breach Notification Rule - to address emerging technologies.

Specifically, the Rule was broadened to (1) apply to entities not currently subject to the Health Insurance Portability and Accountability Act, (2) clarify what a breach of security is, (3) expand notification methods, (4) impose additional requirements for the content of notifications, and (5) amend the timeframe for issuing required notifications to the FTC.

Facebook Twitter/X LinkedIn Email

Effective May 24, 2024, the Office of the Privacy Commissioner of Canada (OPC) has introduced a new online PIPEDA breach reporting form for federal institutions and businesses subject to the Personal Information Protection and Electronic Documents Act (PIPEDA).

Facebook Twitter/X LinkedIn Email

On May 22, 2022, Minnesota Gov. Tim Walz (D) signed the Student Data Privacy Act (the “Act”), H.F. No. 2353, into law which amends Minnesota’s Government Data Practices Act. The Act went into effect beginning with the 2022-2023 school year. 

Facebook Twitter/X LinkedIn Email

Cybersecurity, lock and key, data protection

On March 2, the Biden Administration released a “National Cybersecurity Strategy,” which it says takes a comprehensive approach to securing cyberspace for all and ensuring the United States is in the best position to take advantage of all the benefits that our digital future holds. The Strategy consists of five “pillars”: Infrastructure, threat actors, the market, plans ...

Facebook Twitter/X LinkedIn Email

Recent amendments to Pennsylvania’s data breach law -- the Breach of Personal Information Notification Act – will take effect May 3. The amendments were enacted in November.

Originally enacted in 2006, the Act provides for the security of computerized data and requires notification to Pennsylvania residents whose personal information data was, or may have been, disclosed due to a breach of the security of an entity’s system. 

Facebook Twitter/X LinkedIn Email

The Constangy Cyber Advisor posts regular updates on legislative developments, data privacy, and information security trends. Our blog posts are informed through the Constangy Cyber Team's experience managing thousands of data breaches, providing robust compliance advisory services, and consultation on complex data privacy and security litigation. 

Subscribe

* indicates required
Back to Page