Get updates by email

Select Specific Blog Updates

Paul Zimmerman
pzimmerman@mrllp.com
310.299.5500

Showing 13 posts by Scott T. Lyon.

Photo of M&R Blog

Madelyn M. Polzin ©

Amendments Bring New Clarity to CCPA Scope in Advance of 2020 Deadline

In the rush to pass AB-375 (the California Consumer Privacy Act (CCPA)) before the 2018 deadline to withdraw the looming ballot initiative, it was clear that amendments would be necessary.  Mere months after its passage, SB-1121 was passed to clean up technical and grammatical errors, but the more substantial revisions were anticipated this year.  In tracking those amendments, businesses have gained clarity on their 2020 compliance obligations. (Read More)

Photo of M&R Blog

Madelyn M. Polzin ©

Oh, Say Can You CCPA


Does your company collect personal information on California residents and meet ANY of the following criteria?

1. Annual gross revenue in excess of $25 million.

2. Individually, or combined with affiliates, buys, sells, or shares the personal information of 50,000 or more consumers, households, or devices.

3. Derives 50% or more of its annual revenue from the sale of consumers’ personal information.

If so, say hello to the California Consumer Privacy Act – considered to be the strictest data privacy law in the United States – which you will be subject to beginning on January 1, 2020. (Read More)

Photo of M&R Blog

Illia Uriadnikov © 123RF.com

California's Consumer Privacy Act: The Public Has Spoken

Last June, the California Consumer Privacy Act – which is considered to be the strictest data privacy law in the United States – was signed into law. Among other things, the CCPA gives Californians the right to know what personal information (PI) is being collected about them, whether their PI is being sold and to whom, the right to access their PI, the right to delete PI collected from them, and the right to opt-out to the sale of their PI. (Read More)

Photo of M&R Blog

tswedensky © pixabay.com

Denial of a NotPetya-Related Claim Shakes the Cyber Insurance World

In late June 2017, a cyber worm dubbed “NotPetya" successfully locked up networks across the globe. Infected computers displayed onscreen messages demanding $300 in Bitcoin (digital ransom) in exchange for a decryption key allowing owners to regain access. The scale of the cyber attack was enormous. From the Ukraine to the U.S., banking, oil, electric, shipping and pharmaceutical operations, among many others, were impacted. One of the companies hit by the malware – food giant Mondelez International. The incident reportedly cost it upwards of $100 million to clean up. (Read More)

Photo of M&R Blog

loops7 © istockphoto.com

Cybersecurity in Health Care: The DHHS Has Spoken

We live in an age of cyber threats and crime, and no industry is immune to data breach. Unfortunately, based on the volume of personal information collected and processed in order to provide health care and insurance benefits, the medical profession is one of those most frequently targeted by cybercriminals. And while the HIPPA (Health Insurance Portability and Accountability Act of 1996) Security Rule requires appropriate safeguards to ensure the confidentiality, integrity and security of individuals’ electronic personal health information, some health care providers struggle to implement and comply with its requirements. The Department of Health and Human Services has partnered with leaders in the health care space to help with that. (Read More)

Photo of M&R Blog

xresch © pixabay

New Year's (Cybersecurity) Resolutions

With 2018 now in the rear view mirror, many of us approach the new year looking to reassess and focus on ways to improve ourselves. The same can be said for businesses, which could certainly benefit by bolstering their cybersecurity and data privacy practices. With that said, here are a few cybersecurity tips to focus on in 2019. (Read More)

Photo of M&R Blog

Wavebreak Media Ltd © 123RF.com

The GDPR Comes to the Golden State

California has hopped on the General Data Protection Regulation (GDPR) bandwagon with the California Consumer Privacy Act just signed into law by Governor Jerry Brown. The new data privacy law – which was unanimously approved by the state legislature and is the strictest in the U.S. – is GDPR-like to the extent it allows consumers to control how their personal data is collected, processed and shared. (Read More)

Photo of M&R Blog

rawpixel © 123RF.com

Cybersecurity Rules May Be Coming to a State Near You: South Carolina Enacts NAIC’s Model Law

In the wake of cybersecurity requirements for financial services companies that were issued by the New York Department of Financial Services and went into effect on March 1, 2017 (codified at 23 NYCRR §500), the National Association of Insurance Commissioners (NAIC) adopted a similar Insurance Data Security Model Law.

Because the NAIC rules are simply a template for legislation, for now only insurance and insurance-related companies as well as brokers, agents and adjusters licensed to transact business in New York are bound by cyber regulations earmarked for the insurance industry – regulations that require the assessment of specific cyber risk profiles and design of cybersecurity programs that address such risk in a robust fashion. But New York’s membership in this exclusive club will be short-lived. And that is because on May 14, 2018, South Carolina became the first state in the nation to enact the model law promulgated by the NAIC. (Read More)

Photo of M&R Blog

Günter Menzl © 123RF.com

Digital Switzerland

Microsoft President Brad Smith is the force behind an admirable initiative – the Cybersecurity Tech Accord. By way of the Accord, participants seek to create a “digital Switzerland” made up of some of the leading tech companies in the world. Signatories to the Accord – to date, there are 34 in all, including ABB Group, Arm, Cisco, Facebook, Hewlett Packard, Microsoft, Nokia, Oracle, and Trend Micro – promise, among other things, not to aid or abet any government in committing cyberattacks against innocent civilians or enterprises and, at the same time, to protect victims of cyber crime. (Read More)

Photo of M&R Blog

Ivan Trifonenko © 123RF

Forecast for Overseas Data: Partly Cloudy

The CLOUD Act was passed as part of the omnibus budget bill signed into law on March 23, 2018, in an attempt to resolve an impediment to law enforcement’s ability to enforce warrants against tech companies based in the U.S. but storing data overseas. (Read More)