Once upon a time, Larry Page said “you can’t have privacy without security.” California clearly agrees and may test the sincerity of Mr. Page and other tech leaders innovating in the field of connected devices with new legislation signed by Governor Brown in September.

With the ink barely dry on the infamous California Consumer Privacy Act (the CCPA)—a first-of-its-kind data privacy bill in the United States—Brown signed a new Internet of Things cybersecurity bill into law, SB 327. Perhaps not so coincidentally, both laws will take effect on January 1, 2020, marking a substantial compliance deadline for technology companies big and small.

Continue Reading Your Vacuum Cleaner, Your Coffee Maker, and Your Baby Monitor May Be Watching You, So They Better Be Secure: California Passes New Connected Device Cybersecurity Law

On October 25, 2016, the Federal Trade Commission (FTC) issued a guide — Data Breach Response: A Guide for Business — on steps companies should take in responding to a data breach. This latest regulatory guidance at the federal level is only the most recent in a long list of resources with which companies that deal in data (yes, that means every company) are expected to acquaint themselves for purposes of their incident response preparedness efforts. Those resources include, but are not limited to, the 47 state breach notification laws (constantly subject to amendment) and related State Attorney General guidance, the Health Insurance Portability and Accountability Act (HIPAA), and FTC consent decrees entered into with organizations that have been the victims of a data security breach and with respect to which the FTC has brought an enforcement action under its Section 5 authority.

Continue Reading Latest on the FTC Data Security Front