Viewpoint Home Viewpoint Home SAI Global Compliance

Lisa J. Sotto
Hunton & Williams

Ms. Sotto is a partner in the New York City office of Hunton & Williams. She concentrates her practice on privacy and information management issues. She assists clients in identifying, evaluating and managing risks associated with privacy and information security practices of companies and third parties and conducts all phases of privacy and data protection assessments and information security audits. She further advises clients on the Gramm-Leach-Bliley Act, HIPAA, COPPA, CAN-SPAM and other U.S. state and federal privacy requirements (including HR requirements); the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA); and global data protection laws (including those in the EU and Latin America).
Learn more about other SAI Global advisors »

SAI Global Compliance

Lisa J. Sotto's Archive



« Older Entries


Nevada and New Hampshire Data Security and Privacy Laws Take Effect

Jan 29, 2010

On January 1, 2010, two important state data security and privacy laws took effect in Nevada and New Hampshire. The laws create new obligations for most companies that do business in Nevada and for health care providers and business associates in New Hampshire.

Nevada’s law requires “data collectors,” including government agencies and businesses, that accept payment cards and are “doing business” in Nevada to comply with the Payment Card Industry Data Security Standard (“PCI DSS”). Nevada now becomes the only state to require compliance with PCI DSS in its entirety.

Read the rest of this entry »

read comment (1)

Massachusetts Revises Information Security Regulations and Extends Compliance Deadline

Mar 27, 2009

Several states now require businesses that maintain personal information to implement data security measures. Massachusetts has been especially active in this area. Last fall, that state issued regulations requiring any person who holds personal information about Massachusetts residents to develop and implement a comprehensive, written information security program to protect the data. The compliance deadline, originally January 1, 2009, was later extended to May 1, 2009 and has now been pushed back further to January 1, 2010 in consideration of the economic climate.

In addition to extending the compliance deadline, Massachusetts has made substantive changes to the requirements.

Read the rest of this entry »

no comments (0)

Economic Stimulus Law’s Far-Reaching Data Breach Notification Obligations Amend HIPAA

Feb 06, 2009

The economic stimulus legislation, known as the American Recovery and Reinvestment Act (“ARRA”), is set to have a significant impact on organizations’ handling of personal data security breach notifications in the health care context – and beyond.

Provisions of ARRA require certain entities to notify affected individuals, government agencies and the media of breaches of “unsecured protected health information.”

Read the rest of this entry »

no comments (0)

« Older Entries