Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Florida’s Digital Bill of Rights Joins the Regulatory Framework
The proliferation of data breaches and increased sophistication of criminal attack vectors has led more states to enact their own reasonable security provisions as part of the patchwork quilt of privacy laws. Nineteen of the U.S. states which have enacted comprehensive privacy laws along with Florida’s Digital Bill of Rights (which took effect summer 2024) have provisions requiring controllers and businesses to establish, implement and maintain reasonable administrative, technical and physical data security practices to protect the confidentiality, integrity and accessibility of personal data. Adding to the risk post data breach of the enforcement of reasonable security provisions on the state level is also increased federal enforcement actions in an attempt to apply pressure companies to take more care on how they secure and disseminate consumer data. Companies should be aware of the varying applicable regulatory frameworks required to protect consumer data and avoid additional penalties and liabilities under the growing number of data security enforcers.
The Federal Trade Commission 2023 Privacy and Data Security Update publication released on March 28, 2024, demonstrated that the FTC filed 89 data security cases through 2023. In one of its enforcement actions for 2024, the FTC required a smaller company to reimburse consumers more than $370,000 stemming from inadequate data security measures that led to multiple data breaches over the course of several years. The corresponding orders for data security breaches levied by the FTC uniformly require organizations to perform data minimization, delete personal data that is no longer has a business justification to maintain; and develop a comprehensive information security program while certifying compliance to the agency for a set period of time, along with ongoing compliance review. The FTC’s data minimization requirements dictate companies must implement policies to retain personal information for only as long as is reasonably necessary to fulfill the business purpose for which the information was collected and specify the specific business need for retaining it. In addition, many of states with comprehensive privacy laws going into effect in 2025 have similar data minimization processes that should be in place.
The obligations companies have for data security was best expressed by the FTC’s Bureau of Consumer Protection, “ … shoddy security and data retention practices allowed a hacker to obtain sensitive personal data about millions of consumers,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “Companies have a responsibility to secure data they maintain and to delete data they no longer need.”
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
Strategy vs. Tactics: Two Sides of a Difficult Coin
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
The Article 8 Opt In
The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.
Major Differences In UK, U.S. Copyright Laws
This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.
Role and Responsibilities of Practice Group Leaders
Ideally, the objective of defining the role and responsibilities of Practice Group Leaders should be to establish just enough structure and accountability within their respective practice group to maximize the economic potential of the firm, while institutionalizing the principles of leadership and teamwork.
Removing Restrictive Covenants In New York
In Rockwell v. Despart, the New York Supreme Court, Third Department, recently revisited a recurring question: When may a landowner seek judicial removal of a covenant restricting use of her land?