As we embark on a new decade, Krugliak, Wilkins, Griffiths & Dougherty, Co., L.P.A. (KWGD) is looking forward to helping clients update their privacy and cybersecurity compliance plans. Here are a few legal highlights from 2019 driving those updates that will likely affect your business in 2020.
Ohio Senate Bill 220: Effective January 1, 2019, Ohio provides a legal "safe harbor" defense to companies that experience a security incident if they have certain cybersecurity compliance standards in place. Do you have a cybersecurity compliance program in place?
California Consumer Privacy Act (CCPA): The CCPA came into effect on January 1, 2020, and requires companies to explain their privacy protections and their uses and sale of consumer information. Consumer rights, such as to know how personal information has been collected, used, and sold, and to control their personal information signifies a major change in how companies will need to manage personal information, including your third-party vendors. Do you know what data you collect from website visitors? Are any of your website's visitors residents of California?
Nevada Online Privacy Law: On October 1, 2019, Nevada enacted a law to require companies to implement an online mechanism or toll-free phone number that permits consumers to opt-out of the sale of their personal information. Do you sell consumer information that you collect? Do you have a way to exclude a consumer from being part of a sale of data?
New York SHIELD Act: New York also strengthened its privacy and cybersecurity protection laws by expanding the categories of information that are now considered "personal information" as well as expanding what is considered a "breach." Effective March 21, 2020, companies will be required to implement reasonable safeguards to protect personal information such as conducting risk assessments and employee training, updating vendor contracts, among other requirements. Have you thought about these types of compliance measures? Not sure where to begin?
Enforcement: Enforcement of privacy laws have continued to grow on the state, Federal, and international levels as more financial resources are being allocated to investigation and enforcement actions. Do you know what regulations apply to your privacy practices?
It is time to invest in compliance to keep up with the quickly evolving landscape of privacy and cybersecurity laws and to reduce your risk of a breach in the future.
Please contact your personal KWGD counsel or the author Attorney Allison E. Cole, (330.497.0700) to learn more about implementing a privacy and cybersecurity compliance program. Ms. Cole is a member of the International Association of Privacy Professionals and the Society of Corporate Compliance and Ethics and holds professional certifications with both of these leading industry organizations.
NOTE: This general summary of the law should not be used to solve individual problems since slight changes in the fact situation may require a material variance in the applicable legal advice.