by Lori E.Lesser, Nicholas S. Goldin, Jessica N. Cohen, Melanie D. Jolson, Corina McIntyre, Alysha J. Sekhon, Bobbie Burrows, and Kate E. Mirino
On May 10, 2022, Connecticut’s Senate Bill 6 titled “An Act Concerning Personal Data Privacy and Online Monitoring” (CTDPA) was signed by Governor Ned Lamont, making Connecticut the fifth state to enact its own comprehensive consumer privacy law, after California, Colorado, Utah and Virginia.[1]
by Nicholas S. Goldin, Lori E. Lesser, Melanie D. Jolson, and Shanice D. Hinckson
Tucked into the recently enacted 2022 Consolidated Appropriations Act is the Cyber Incident Reporting for Critical Infrastructure Act (the “Act”), which will—once effective—significantly expand the obligation of[1] companies in the energy, communications, financial services and other critical infrastructure sectors to report a range of cyberattacks and ransomware payments. This broad-based federal cyber incident reporting requirement comes on the heels of cyber disclosure rules recently proposed by the Securities and Exchange Commission for public companies.[2]
by Lori E. Lesser, Nicholas S. Goldin, Vanessa K. Burrows, and Andrew M. Kofsky
Most companies must collect and use information about their employees’ travel plans and health conditions to protect their workforce from the spread of coronavirus disease 2019 (“COVID-19”). This memorandum addresses strategies for U.S. companies to comply with various privacy laws in connection with these activities.[1] Continue reading