Proposed Rulemaking to COPPA **Attorney Advertising: Prior results do not guarantee future outcomes** “On December 20, 2023, the Federal Trade Commission (“FTC”) issued a Notice of Proposed Rulemaking to the Children’s Online Privacy Protection Rule (“COPPA”) to place new restrictions on the use and disclosure of children’s personal information, attempting to shift the burden from … Continued

By: Juliana Cipolla The Payment Card Industry (PCI) Data Security Standards (DSS) is a global card brand requirement designed to prevent fraud through the increased control of credit card data. While the PCI DSS has no legal authority to compel compliance, it becomes binding when inserted into merchant card processing contracts used by Visa, Mastercard, … Continued

By: Juliana Cipolla On May 1, 2023, Indiana became the seventh state to enact a comprehensive data privacy law. Indiana Governor Eric Holcomb signed Senate Bill 5, known as the Indiana Consumer Data Protection Act (“INCDPA”), following the footsteps of previous state privacy laws, going into effect January 1, 2026. The law applies to entities … Continued

By: Scott M. Lupiani, EQ.,Member It is well known that the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy and Security regulations have limitations on their reach. One such limitation is that HIPAA only applies to covered entities and their business associates, not health data in general. To address this issue, Washington’s legislature passed House … Continued

Proposed Second Amendment to 23 NYCRR Part 500 **Attorney Advertising** The Department of Financial Services released their Proposed Second Amendment to the Cybersecurity Regulation, 23 NYCRR Part 500. This amendment requires Class A Companies to implement additional cybersecurity controls, such as independent audits or their cybersecurity programs at least annually, monitoring privileged access activity, and … Continued

**Attorney Advertisement** On February 1, 2023, the Federal Trade Commission (“FTC”) announced an enforcement action for the first time under its Health Breach Notification Rule against the telehealth ad prescription drug discount provider GoodRx Holdings Inc. (“GoodRx”). The FTC’s Health Breach Notification Rule requires vendors of personal health records and related entities not covered by … Continued

*The complaint filed contains alleged conduct. Admissible evidence is required to prove allegations. Written By: Scott Michael Lupiani, Esq. **Attorney Advertisement** Jaqueline Husky, on behalf of herself and all others similarly situated filed suit against State Farm Fire & Casualty Company, U.S. District Court, Northern District of Illinois, Case No. 22-cv-7014, dated December 14, 2022, … Continued

Post Dobbs, organizations are taking a closer look at their geolocation practices, data that they receive from third parties, including data brokers, and their operational practices. To further complicate this review, the FTC has shined a light on the issue with its recently filed suit against Kochava, who is in the data broker industry. This … Continued

NEW YORK, September 22, 2022 The Beckage Firm PLLC, a women-owned, boutique data security and privacy law firm has partnered with the Spencer Educational Foundation to provide a scholarship to undergraduate students pursuing a career in risk management who self -identify with a traditionally underrepresented race/ethnicity or as female. “At The Beckage Firm our missions … Continued