Privacy & Cybersecurity Newsletter

Locke Lord’s Privacy & Cybersecurity Newsletter provides topical snapshots of recent developments in the fast-changing world of privacy, data protection and cyber risk management. For further information on any of the subjects covered in the newsletter, please contact one of the members of our privacy and cybersecurity team.

In This Issue

Data Minimization Under the CCPA
The California Consumer Privacy Act of 2018 as initially adopted (or subsequently amended until 2020) did not contain the principle of data minimization. A requirement to minimize data collection was, however, added by the amendments effected by the California Privacy Rights Act of 2020 (the “CPRA”). read more

Texas and Oregon Data Privacy Laws: Applicability Concerns and Enforcement
Two state privacy laws that pose unique applicability concerns went into effect July 1, 2024: the Oregon Consumer Privacy Act (the “OCPA”) and the Texas Data Privacy and Security Act (the “TDPSA”). Generally following the Virginia model, both the Texas and Oregon laws include important nuances that businesses will have to comply with. read more

HIPAA Data Management Requirements for Electronic Protected Health Information
While all companies must take measures to safeguard the privacy and integrity of their electronic data, covered entities and their business associates subject to the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”) must take specialized care to comply with HIPAA’s data management rules found in the HIPAA Privacy and Security Rules. read more

Cybersecurity Safe Harbors – One Step Forward and Two Steps Back
Cyberattacks continue to increase in number and severity. This increase has amplified the need for legislation to protect both businesses and consumers. In previous articles, we discussed the few states that enacted “safe harbor” laws companies can leverage to reduce litigation exposure. The trend continues, but with some recent and notable pushback. read more

Spoliation: When the Duty to Preserve Data Outweighs the Obligation to Delete
Implementing and enforcing appropriate legal holds is essential to preventing the destruction of data related to current or anticipated litigation and avoiding inadvertent spoliation claims. Depending on the nature of the lawsuit, this typically involves issuing systematic and individual custodial holds and ensuring that relevant data across multiple platforms is preserved. read more 

Welcome New Privacy & Cybersecurity Partner Jim Shreve
Resident in Locke Lord’s Chicago office, Jim Shreve is a trusted adviser to clients facing complex cybersecurity and privacy issues, particularly those in the country’s most highly regulated industries. His experience guiding clients through challenging privacy and cybersecurity issues and thousands of data security incidents, coupled with his deep understanding of the regulatory environment for privacy and security specific to financial services and fintech, securities and other industries, make Jim an invaluable addition to the team.