Ross Broudy Earns CIPP/US Designation

Ross Broudy, a member of the firm’s Cybersecurity & Data Privacy team, is now a Certified Information Privacy Professional with a U.S. designation (CIPP/US). Administered by the International Association of Privacy Professionals, CIPP has been recognized as the global preeminent… Read more

April 24, 2023 | News

Beth Waller Offers ‘Buyer Beware’ on Incident Response Coverage, Mandiant Cyber Snapshot, Issue 3

In Issue 3 of Mandiant’s Cyber Snapshot, WRVB Cybersecurity and Data Privacy Practice Group Leader Beth Waller explains the nuances of incident response (IR) coverage and urges careful examination of specimen policies before you buy. “A careful read of your… Read more

March 16, 2023 | Cybersecurity & Data Privacy

Beth Waller Highlights Uniqueness of Virginia Consumer Data Protection Act (VCDP)

In an article published on March 3 on Law.com, Beth Waller discusses the similarities and differences between California and Virginia data privacy laws. Virginia’s Consumer Data Protection Act (VCDPA), which went into effect on January 1, 2023, provides Virginia residents… Read more

March 14, 2023 | Cybersecurity & Data Privacy

Reviewing Online Tracking Technologies Could Keep HIPAA-Regulated Entities Out of Hot Water

By Elizabeth Barry Heddleston

A patient surfs a hospital system’s website and reads an article about depression and anxiety. The patient then searches the hospital’s website for mental health providers in the area. A few hours later, the patient logs into her social media… Read more

March 8, 2023 | Cybersecurity & Data Privacy | Health Law

HIPAA Security Rule: What are “Recognized Security Practices” and why are they important?

By Elizabeth Barry Heddleston

A strong cybersecurity program can help defend against cyber attacks and protect sensitive patient data. Thanks to a 2021 amendment of the HITECH Act, when a breach occurs, it can also reduce enforcement penalties. The amendment affords regulatory protection to… Read more

November 10, 2022 | Cybersecurity & Data Privacy | Health Law

Biometric Privacy Trial Is a Milestone in Privacy Law

By Elizabeth Burgin Waller

Generally, biometric privacy laws seek to protect the unique attributes of human beings that could be leveraged to access sensitive information about them, such as fingerprints and the measurements utilized for facial recognition technologies. Illinois has emerged as a… Read more

October 25, 2022 | Cybersecurity & Data Privacy

A New Day for Data Privacy: California Privacy Act Exemptions Will Expire

By Elizabeth Burgin Waller, Elaine D. McCafferty

January 1, 2023, is now a more ominous deadline in the data privacy compliance world. Privacy professionals have been watching California’s 2022 legislative session to see whether California Consumer Privacy Act (CCPA) exemptions for employee data and business-to-business communications would… Read more

September 1, 2022 | Cybersecurity & Data Privacy

Internal Inferences Must Be Disclosed to Consumers Under CCPA

By Elizabeth Burgin Waller

In an opinion released on March 10, 2022, California Attorney General Rob Bonta addressed the applicability of the “right to know” under the California Consumer Privacy Act (CCPA) (pdf) to internal inferences that organizations develop about individuals. The opinion clarified… Read more

April 15, 2022 | Cybersecurity & Data Privacy

Proposed SEC Cybersecurity Rules Require Public Companies to Act Now

By Elizabeth Burgin Waller

This month, the Securities and Exchange Commission (SEC) proposed new cybersecurity disclosure rules for publicly traded companies. The comment period is ongoing, but the take-away for public companies is immediate: a public company (no matter how large or small) needs… Read more

March 24, 2022 | Cybersecurity & Data Privacy

New Notification Requirements for Critical Infrastructure

By Elizabeth Burgin Waller

President Joe Biden recently signed into law the Cyber Incident Reporting For Critical Infrastructure Act of 2022. This new law updates the Federal Information Security Modernization Act (FISMA). The act adds responsibilities for federal agencies and the Cybersecurity & Infrastructure… Read more

March 18, 2022 | Cybersecurity & Data Privacy

Cybersecurity & Data Privacy