Stacey A. Shadden

McGrath North is honored to announce that 20 of its lawyers have been recognized as Great Plains Super Lawyers and Rising Stars in the 2022 Super Lawyers Ranking list. These lawyers practice in the core specialty areas critical to serving the firm’s clients across the country and help fulfill our commitment to focus first and always on client success.  

On December 6, 2022, McGrath North held its Privacy & Data Protection Summit at the Scott Conference Center in Omaha, Nebraska. The over 100 attendees from almost 70 companies at the half-day event had the opportunity to hear speakers and panelists, including guest experts from the industry, share insights on key topics including:  

The California Privacy Protection Agency (Agency) has released its long-awaited draft rules on automated decision-making technologies. The draft rules outline how businesses using these systems must provide notice to consumers, provide an opt-out option to consumers, and give consumers access to details on the outputs of the automated decision-making technologies.  

On November 1, 2023, New York Governor Hochul announced updates to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation. These updates follow the NYDFS’s proposed Second Amendment to its Cybersecurity Regulation to strengthen the initial regulations and to protect cybersecurity programs from potential threats.  

2023 has already become a landmark year for data privacy developments. On January 1 of this year, the California Privacy Rights Act and the Virginia Consumer Data Protection Act entered into force. Additionally, the Human Resources (HR) and Business-to-Business (B2B) exemptions under California law expired on January 1, which has drastically shifted businesses’ obligations in the state. Other states have also gotten in on the action, with Iowa passing a comprehensive privacy law, set to go into effect in 2025. Before that, however, the Colorado Privacy Act, the Connecticut Data Privacy Act, and the Utah Consumer Privacy Act will all enter into force before the end of this calendar year.  

On March 28, 2023, Iowa Governor Kim Reynolds signed the sixth state comprehensive privacy statute into law. Iowa now joins California, Connecticut, Virginia, Utah and Colorado in the group of ever-expanding states that have enacted such laws. Iowa’s law is similar to both the California Privacy Rights Act (“CPRA”) and the Utah Consumer Privacy Act (“UCPA”), although CPRA continues to have a broader reach than that of Iowa’s new law.  

Data protection certifications are a great way to give your organization an edge against your competitors when it comes to scoring new clients and proving up your data privacy and security compliance. However, understanding all the different certifications available and which certifications will provide the most value for organization can be tricky. This month, Stacey Shadden and Caroline Pieper discuss the most common types of certifications and how they can be beneficial for your organization as you consider getting certified!  

This month’s episode of Privacy is Power focuses on the importance of employee privacy and security training. Reports show that as many as 90% of breaches start from social engineering or phishing attacks that an organization’s technical security solutions can’t protect against. Training an organization’s workforce who handle sensitive data will have an immediate impact on an organization’s level of data security, and not properly training the workforce can be costly and detrimental. Don’t trust that employees know how to properly protect data or implement proper procedure, reach out to McGrath North’s Privacy and Cybersecurity team today to create a tailored training guide to efficiently ensure employees know proper protocol.