While it is important for every company to limit access to its data and network with strong passwords, for some sensitive data, traditional passwords aren’t secure enough anymore. Hackers have developed countless tried and tested methods of stealing credentials and gaining unauthorized access to private accounts. But strong passwords are not the only readily available security option. In a report published by Microsoft this year, it revealed that 99.9% of the account compromise incidents they deal with could have been blocked by a multi-factor authentication (MFA) solution. For this reason, your business should adopt MFA solutions to protect its most sensitive data.

On September 21, 2021, U.S. Federal Trade Commissioner Christine Wilson provided keynote remarks at the Duke University Sanford School of Public Policy’s Robert R. Wilson Distinguished Lecture Series regarding some of the major issues lawmakers must confront to pass federal privacy legislation. Commissioner Wilson, a Trump-appointee, argued that comprehensive federal privacy legislation is the right approach because there is an information asymmetry between consumers and businesses that results in a market failure and because federal legislation will create a more consistent legal landscape for businesses.

This month, the Biden Administration announced that it has directed the Department of Labor’s Occupational Safety and Health Administration (OSHA) to issue Emergency Temporary Standards requiring that employers with 100 or more employees mandate that employees be fully vaccinated for COVID-19 or test on a weekly basis for COVID. OSHA has not yet released these Temporary Standards, but the news has already raised important questions for employers, including how to handle employee medical information. This article reviews the state of the law with respect to employee health information and makes recommendations regarding what every employer should do now to prepare for the new Temporary Standards.

On September 10, 2021, the last day of the 2021 legislative session, the California State Assembly unanimously passed Senate Bill 41, titled the Genetic Information Privacy Act. The bill will go before Governor Gavin Newsom and must receive his approval over the next 30 days to become law.

Passwords are ubiquitous. We use them to access everything from our bank accounts and sensitive business documents, to our social media and online memberships. The most secure passwords are a series of random numbers, letters, and characters. Using these types of passwords can present practical challenges, though, because they are easily forgotten and difficult to enter correctly. Further, because passwords are such a common part of our lives, we can too easily fall into bad habits that put business or personal information at risk.

If you’ve ever felt uneasy about providing so much personal information to your phone apps, a $58 million settlement by Plaid Inc. this month makes clear those concerns are well founded.

The California Consumer Privacy Act (CCPA) is in a state of flux, with a new Attorney General enforcing its provisions and a new agency created by proposition, the California Privacy Protection Agency (CPPA) setting up to take over and implement substantive changes also passed by proposition. With these circumstances, observers may see 2020, the first year of CCPA enforcement as relatively unimportant. However, the new California Attorney General, Rob Bonta, held a press conference in July to tout the effectiveness of the law and unveil a reporting tool for consumers. This article looks at some of his more important comments and predicts what this could mean for the future of consumer privacy in California.

The Biden administration is eager to see a bill passed that deters the payout of ransoms to cybercriminals, and while the ultimate goal is to disincentivize these attacks, it could have serious implications for companies likely to be targeted.

Recent announcements from Apple and Google are forcing companies that advertise using third-party cookies to reconsider their plans. This year Apple banned the use of unauthorized third-party cookies on Safari, its internet browser. Google announced this year that it will follow suit, banning these cookies from its web browser Chrome, by 2022.

There are many reasons why employers may want or need to know whether their employees have been vaccinated against COVID-19: the safety of staff and customers, a desire to modify mask rules, or even legal mandates. As a general rule, employers may ask employees for proof that they have received a COVID vaccination, but there are several factors that should be considered if and when doing so. These include ensuring the questions are asked correctly, that privacy measures are in place, and that employee information is safeguarded.