KMK Law Cybersecurity & Privacy Blog

The Year 2023 is shaping up to be the next big year in data privacy. With the enactment of the Consumer Data Protection Act (“CDPA”) on March 2, 2021, Virginia joined California as the second U.S. state to enact comprehensive data privacy rights legislation. Virginia’s CDPA comes on the heels of California’s passage of its California Privacy Rights Act (“CPRA”), which amends the infamous California Consumer Privacy Act (“CCPA”). Both Virginia’s CDPA and California’s CPRA take effect January 1, 2023.

In response to this news, you might first consider whether ...

Cybersecurity remains one of the top concerns of companies across the country, especially as companies continue to operate, or plan to operate again, in a remote work environment.  KMK Law is a proud sponsor of the NKU Cybersecurity Workshop Series, a premier event in the region.

Every month, we see a new set of privacy best practices or a new set of regulations proposed or adopted by a state, Congress, the White House, or countries around the globe. The versions of best practices continue to multiply and the layers of regulation continue to expand. Every new group or political entity wants to out-perform the last – but has this one-upmanship gone too far?

On November 2, 2018 Ohio’s new Data Protection Act went into effect.  The Ohio DPA creates a new statutory affirmative defense against data breach tort claims and identifies specific cybersecurity frameworks that are now presumptively reasonable.  KMK Law  and Gratia, Inc. partnered together to discuss the impact of Ohio DPA on businesses, the steps companies need to take as a result, and what this “safe harbor” really means. 

September 2018 was a busy month for data privacy. We expect the next several months to be extremely active as well, especially with the number of new complaints and data breach notices filed in Europe since May. We will continue to monitor and update developments as the data privacy framework continues to evolve.

Two decisions last week further widened the divide among the Courts of Appeals in applying Spokeo in cybersecurity litigation.

The U.S. Computer Emergency Readiness Team (US-CERT) is implementing new reporting requirements beginning April 1, 2017, and just released new guidelines to help federal departments and agencies; state, local, tribal, and territorial government entities; information sharing and analysis organizations; and foreign, commercial and private-sector organizations submit incident notifications to the federal government.