Blog Authors

Latest from Cybersecurity Lawyer Forum

Over the past two years, privacy legislation and regulation has focused on a variety of issues.  How companies can collect and use sensitive information (healthcare data, geolocation, financial data and the like) and how they respond to consumer requests often take top billing.  But “dark patterns” can impact not only a company’s disclosures, but its business operations generally.
What are

The California Invasion of Privacy Act (CIPA) is sparking a surge in lawsuits that could profoundly impact businesses with consumer-facing websites. Once focused on law enforcement’s use of “trap and trace” devices, CIPA is now being applied to website tracking technologies like cookies and pixels, exposing companies to significant legal risks. In the article below, JMBM Partner Stuart K. Tubis

In 2017, when blockchain was the new shiny thing, a little-known micro-cap stock, Long Island Iced Tea Corp., changed its name to Long Blockchain Corp. That day, its stock price jumped 200% on the news, but it was still a beverage maker – it simply announced that it was exploring opportunities in blockchain technology. Simply attaching the word “blockchain” to

Every ransomware attack requires the victims to make a hard decision – whether or not to pay the ransom. The decision is often made on the basis of past mistakes – failure to implement basic security (such as not implementing multi-factor authentication), failure to train personnel in recognizing phishing, or failure to establish and maintain an effective backup protocol. Lack

Time to Update your Privacy Policy
JMBM Cybersecurity and Privacy Group
Robert Braun
Stuart Tubis

In 2024, privacy laws adopted by Montana, Oregon, Texas and Utah will become effective. While the laws have much in common (and are similar to the laws already in effect), they each have special characteristics, and companies will need to evaluate how they impact operations,

Companies that are subject to the registration and disclosure requirements of the United States Securities Act and Securities Exchange Act face the challenge of complying with a broad variety of detailed regulations addressing their disclosure and reporting obligations. The Securities Exchange Commission recently adopted regulations which will have an impact on publicly traded companies that suffer a data breach. Because

Congress has managed not to adopt a federal privacy law, leaving it to the Securities Exchange Commission, the Federal Trade Commission, and other regulators to fill the void – something that will take years to implement and will be subject to challenges.
We now have, however, ten state privacy laws – five adopted in just the past two months. While

Website analytics are a key part of understanding whether a website “works,” and how to improve it; they arose almost at the same time that companies began using websites to transact business. For the most part, and for a long time, website analytics were seen as benign – a way to track information without trampling on an individual’s privacy rights.

On Monday, October 17, 2022, the California Privacy Protection Agency Board issued revised regulations to the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020). The revised regulations propose dozens of changes that were intended to address business concerns that some of the requirements were confusing and costly to implement.
While the proposed

In 2018, the California Legislature adopted the California Consumer Privacy Act (CCPA) and became the first state to enact a comprehensive law designed to protect the privacy of consumers’ personal information. Businesses that are subject to the CCPA are required, among other things, to respond to consumers who wish to view the personal information collected by the business, delete personal