Latham & Watkins Discusses Virginia Consumer Data Protection Act

On March 2, 2021, Virginia Governor Ralph Northam signed comprehensive state privacy legislation titled the Consumer Data Protection Act (CDPA). Previously, the Virginia Senate unanimously passed the bill on February 5, 2021, and the Virginia House of Delegates followed suit in a special legislative session on February 18, 2021. The law will take effect on January 1, 2023. This post addresses some key provisions.CDPA


The CDPA will apply to businesses that conduct or process personal data of at least 100,000 consumers or businesses that control or process personal data of at least 25,000 consumers and derive over 50% of … Read more

Latham & Watkins Discusses How Healthcare Firms Can Prepare for the Next Cyberattack

On June 2, 2017, in the wake of the widespread cyberattack caused by the WannaCry ransomware cryptoworm, the US Department of Health & Human Services (HHS), Office for Civil Rights (OCR) added to its arsenal of cybersecurity guidance a checklist to assist HIPAA Covered Entities and Business Associates in responding to cyber-related security incidents (the Cybersecurity Checklist).1 The Cybersecurity Checklist focuses on entities’ execution of their incident response plans as well as external reporting obligations, and encourages entities to perform certain mitigating efforts, including sharing information with private-sector information-sharing and analysis organizations (ISAOs). In addition, recent OCR enforcement matters … Read more