OCCFDIC Final Rule for Banking Organizations Notification RequirementsOCC/FDIC Board Final Rule for Bank Organizations Notification Requirements
OCC/FDIC Board Final Rule for Bank Organizations Notification Requirements

OCC/FDIC Board Final Rule for Bank Organizations Notification Requirements

On November 18, 2021, the three primary banking regulatory agencies -- the Office of the Comptroller of the Currency (OCC), Treasury; the Board of Governors of the Federal Reserve System (Board); and the Federal Deposit Insurance Corporation (FDIC) – jointly approved a final rule with two distinct notification requirements
Florida Changes its Telemarketing LawsFlorida Imposes Stricter Restrictions for Telemarketers – Changes to the TCPA Landscape
Florida Imposes Stricter Restrictions for Telemarketers – Changes to the TCPA Landscape

Florida Imposes Stricter Restrictions for Telemarketers – Changes to the TCPA Landscape

Recently, the State of Florida amended its laws governing telemarketing that have a strong impact on telemarketing and text message marketing targeting Florida residents (and to Florida area codes). These include the amended Florida Do-Not-Call Act (Fla. Stat. Ann. § 501.059) and the Florida Telemarketing Act a/k/a Florida’s “Mini-TCPA” (Fla. Stat. Ann. 502.601, et seq.) (collectively “Florida Laws”).
What's next for UK Data Privacy?UK Decision Further Restricts Potential Class Privacy Actions and Sheds Light on Required Damages for Data Protection Claims
UK Decision Further Restricts Potential Class Privacy Actions and Sheds Light on Required Damages for Data Protection Claims

UK Decision Further Restricts Potential Class Privacy Actions and Sheds Light on Required Damages for Data Protection Claims

On November 10, 2021, a unanimous decision by the UK’s Supreme Court in Lloyd v. Google in favor of Google rejects an attempt to bring opt-out class action cases for data privacy claims in the UK.
New Federal COVID-19 Vaccination Policies Trigger Data Privacy ConsiderationsNew Federal COVID-19 Vaccination Policies Trigger Data Privacy Considerations
New Federal COVID-19 Vaccination Policies Trigger Data Privacy Considerations

New Federal COVID-19 Vaccination Policies Trigger Data Privacy Considerations

UPDATE:  On November 6th, the U.S. Court of Appeals for the Fifth Circuit issued a temporary stay of OSHA's latest vaccine rules in BST Holdings, L.L.C., et al. v. OSHA, noting that "there are grave statutory and constitutional issues with the Mandate." On November 12th, the Fifth Circuit issued an order in continuance of its November 6th stay, stating that enforcement of OSHA's latest vaccine rules "remains STAYED pending adequate judicial review of the petitioners' underlying motions for a permanent injunction." The Fifth Circuit further ordered "that OSHA take no steps to implement or enforce the Mandate until further court order."
Illinois Cannabis Compassionate Care ActIllinois Cannabis Dispensaries and Their Vendors Should Pay Close Attention to Upcoming Compliance Deadlines
Illinois Cannabis Dispensaries and Their Vendors Should Pay Close Attention to Upcoming Compliance Deadlines

Illinois Cannabis Dispensaries and Their Vendors Should Pay Close Attention to Upcoming Compliance Deadlines

The Illinois Department of Financial and Professional Regulation (IDFPR) recently provided guidance interpreting data privacy and security requirements in Illinois’ Compassionate Use of Medical Cannabis Program Act (A280). Specifically, IDFPR recently published an FAQ outlining its interpretation of, and deadlines associated with, the Act’s requirement that Illinois cannabis dispensaries comply with certain sections of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules.
DOJ Cyber-Fraud InitiativeUnder New Cyber-Fraud Initiative, DOJ Will Sue Federal Contractors For Failure to Maintain Cybersecurity Standards and Report Incidents
Under New Cyber-Fraud Initiative, DOJ Will Sue Federal Contractors For Failure to Maintain Cybersecurity Standards and Report Incidents

Under New Cyber-Fraud Initiative, DOJ Will Sue Federal Contractors For Failure to Maintain Cybersecurity Standards and Report Incidents

The Department of Justice has announced a new “Civil Cyber-Fraud Initiative” in which the Department will pursue civil actions for damages against federal contractors that fail to maintain cybersecurity standards and fail to report cybersecurity incidents and breaches.
Québec's Bill 64Québec’s Bill 64 – What Businesses Need to Know Now
Québec’s Bill 64 – What Businesses Need to Know Now

Québec’s Bill 64 – What Businesses Need to Know Now

In Canada, recent efforts to enact federal reforms to private-sector data privacy laws have failed. However, businesses with ties to Canada should still be keeping a close eye on what is happening at the provincial level. On September 22, 2021, Québec’s An Act to modernize legislative provisions as regards the protection of personal information (Bill 64) received royal assent in the National Assembly of Québec. With broad implications and substantive provisions becoming effective in 2022, 2023, and 2024, private-sector businesses should take proactive steps to prepare for Québec’s new privacy law starting now.
Data Security and Privacy Due DiligenceData Security and Privacy Must Play a Part in M&A Due Diligence
Data Security and Privacy Must Play a Part in M&A Due Diligence

Data Security and Privacy Must Play a Part in M&A Due Diligence

In the past, entities engaged in M&A activity paid little attention to a target company’s data security & privacy (DSP) posture during due diligence. The acquiring companies learned that their failure to fully evaluate the target company’s DSP posture led to the target company inheriting more work than ever anticipated.
CaliforniaCalifornia Privacy Protection Agency: Updates on Rulemaking Timeline, Agency Staffing, and What Privacy Practitioners Can Expect in the Months to Come
California Privacy Protection Agency: Updates on Rulemaking Timeline, Agency Staffing, and What Privacy Practitioners Can Expect in the Months to Come

California Privacy Protection Agency: Updates on Rulemaking Timeline, Agency Staffing, and What Privacy Practitioners Can Expect in the Months to Come

On Tuesday, October 5th, Jennifer M. Urban, Board Chair of the newly formed California Privacy Protection Agency (CPPA), joined the Privacy Law Section of the California Lawyers Association for a fireside chat about CPRA rulemaking, agency staffing, and what privacy practitioners can expect in the months to come.
Cybersecurity AwarenessCybersecurity Awareness Month – 10 Tips for Improving Your Organization’s Cyber Hygiene
Cybersecurity Awareness Month – 10 Tips for Improving Your Organization’s Cyber Hygiene

Cybersecurity Awareness Month – 10 Tips for Improving Your Organization’s Cyber Hygiene

October is Cybersecurity Awareness Month - a month-long event with the goal of raising awareness of good cybersecurity practices.

As a law firm focused only on technology, data security, and privacy, Beckage is dedicated to helping organizations create robust cybersecurity programs that help prevent or lessen the impact of potential cyber attacks. This starts with helping organizations, and their employees understand the important role they play in protecting their systems and safeguarding data.

In recognition of this important educational opportunity, we have compiled some of our top cybersecurity tips to help your organization improve your cyber hygiene. Do your part, #BeCyberSmart!
BiometricsIllinois Appellate Court Finds that Statute of Limitations for BIPA Claims Could be as Much as Five Years, Adding to Already Considerable Class Action Exposure
Illinois Appellate Court Finds that Statute of Limitations for BIPA Claims Could be as Much as Five Years, Adding to Already Considerable Class Action Exposure

Illinois Appellate Court Finds that Statute of Limitations for BIPA Claims Could be as Much as Five Years, Adding to Already Considerable Class Action Exposure

On September 17, 2021, the First District of the Illinois Appellate Court issued the first appellate opinion regarding the applicable statute of limitations for claims arising under Illinois’ Biometric Information Privacy Act (“BIPA”).  In a mixed decision, the First District found that the limitations period could range from 1 year to as much as 5 years depending on the nature of the alleged violation at issue.