Privacy & Cybersecurity Newsletter

December 2022

Locke Lord's Privacy & Cybersecurity Newsletter provides topical snapshots of recent developments in the fast-changing world of privacy, data protection and cyber risk management. For further information on any of the subjects covered in the newsletter, please contact one of the members of our privacy and cybersecurity team.

In This Issue

U.S. State Privacy Laws in 2023: ‎California, Colorado, Connecticut, Utah and Virginia
In 2023, new consumer privacy laws will be effective in California, Colorado, Connecticut, Utah, and Virginia. read more

Office of Civil Rights Guidance on Recognized Security Practices Under the 2021 HITECH ‎Act Amendment
Last year, Congress enacted an amendment to the HITECH Act in January 2021 (“HITECH Amendment”) to require that the Department of Health and Human Services (“HHS”) consider whether a covered entity or business associate has “adequately demonstrated” it had, for not less than the previous 12 months, “recognized security practices” in place when making certain determinations under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Security Rule (e.g. mitigation of fines, early termination of an audit, or other remedies). read more

New York DFS Cybersecurity Regulation Update: ‎Amendments Proposed November 2022
Licensees of the New York Department of Financial Services (“DFS”) should be tracking the proposed amendments to the DFS Cybersecurity Regulation.  All covered entities under the Regulation will need to revisit their cybersecurity preparedness to satisfy the enhanced regulatory requirements, particularly large entities that meet the definition of “Class A companies” introduced by the proposed amendments. read more

BIPA and Insurance Coverage II – Are You Ready for Some Case Law?‎
With football season in full swing, fans and fantasy football owners alike are busy watching games and tossing around acronyms like passes – Xs and Os, TDs, PATs, PPR, YACs, and many more. And on the gridiron, insurers and their policyholders continue to focus on BIPA. This article provides an update on the score. read more

CCPA Enforcement: The Sephora Settlement Is Just the Start
Flexing considerable enforcement muscle, California Attorney General Rob Bonta (“AG”) recently announced a $1.2 million settlement with beauty retailer Sephora, Inc. (“Sephora”) under the landmark California Consumer Privacy Act (“CCPA”). The Sephora Settlement is the first public enforcement action under the CCPA and dramatically highlights several points: read more

BIPA in Play, Lower Courts Have Their Say
BIPA cases are filed almost daily in Illinois and other courts.  Eye-popping settlements and verdicts grab headlines.  Four key issues await decision by the Illinois Supreme Court.  The Illinois legislature has no guidance in the works.  In the meantime, lower courts, primarily federal district courts, continue to shape and define the scope and reach of this powerful Illinois statute. read more