Since the passage of the California Consumer Privacy Act (CCPA) in 2018, other U.S. states have followed suit by enacting comprehensive consumer data privacy laws in rapid succession. While these state consumer privacy laws...more
Given the inability of the U.S. Congress to pass a comprehensive privacy law (such as the proposed and likely dead-on-arrival APRA), the United States continues to be left with a patchwork of sector-specific laws and a...more
7/19/2024
/ Chevron Deference ,
Chevron v NRDC ,
COPPA ,
FCC ,
Federal Trade Commission (FTC) ,
OCR ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
SCOTUS ,
Securities and Exchange Commission (SEC) ,
Statutory Interpretation ,
TCPA ,
Technology
Danielle Ocampo, a member of the CLA’s Law Section, interviewed Steve Millendorf (Partner, San Diego) to gain a deeper understanding of how California is approaching and implementing the EU AI Act.
How do the principles...more
Whether the game is football, baseball, hockey, or Indy Car racing, no team goes into their major championship matchup without training. Companies need to train as well if they intend to operate on the internet and expect to...more
6/14/2024
/ Breach Notification Rule ,
Critical Infrastructure Sectors ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
EU ,
Gramm-Leach-Blilely Act ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Intellectual Property Protection ,
NIST ,
Personal Information ,
Privacy Laws ,
Reporting Requirements ,
Software ,
Supply Chain ,
Third-Party Risk
On Friday, May 17, 2024 Colorado Governor Jared Polis signed SB205 (Consumer Protections for Interactions with Artificial Intelligence) into law with an effective date of February 1, 2026.
Unlike the artificial...more
5/30/2024
/ Algorithms ,
Anti-Discrimination Policies ,
Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Colorado ,
Consumer Protection Laws ,
Disclosure Requirements ,
Enforcement ,
New Legislation ,
NIST ,
Policies and Procedures ,
Public Information ,
Risk Management
On January 29 the California legislature introduced the California Children’s Data Privacy Act (AB 1949) in what appears to be the first bill proposed to amend the California Consumer Privacy Act (CCPA) since passage of...more
On October 30, 2023, President Biden signed the 53-page Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence that significantly advances the United States' policy framework...more
11/17/2023
/ Algorithms ,
Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Equity ,
Executive Orders ,
Innovative Technology ,
Machine Learning ,
National Security ,
OMB ,
Popular ,
Regulatory Agenda ,
Regulatory Oversight
On September 15, 2022 California Governor Gavin Newsom signed the California Age-Appropriate Design Code Act (CAADCA) into law. The CAADCA takes effect July 1, 2024, and brings vast changes to the online compliance landscape...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
On June 18, 2023, Texas Governor Greg Abbott signed H.B. 4, otherwise known as the Texas Data Privacy and Security Act (TDPSA). Following substantive legislative action in Tennessee, Montana, and Indiana, Texas now becomes...more
7/19/2023
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection Acts ,
Data Security ,
Governor Abbott ,
New Legislation ,
New Regulations ,
Regulatory Agenda ,
Regulatory Reform ,
State and Local Government ,
State Data Privacy Laws ,
State Privacy Laws ,
Texas
Following a California Chamber of Commerce lawsuit, a Superior Court of California judge has delayed enforcement of the California Privacy Rights Act (CPRA) regulations until March 29, 2024. The suit argued that California...more
As we previously discussed, earlier this year the National Institute of Standards and Technology (NIST) launched the Trustworthy and Responsible AI Resource Center. Included in the AI Resource Center is NIST’s AI Risk...more
7/6/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Hardware ,
Information Governance ,
Machine Learning ,
NIST ,
Raw Data Metrics ,
Reliability Standards ,
Risk Management ,
Safety Standards ,
Software ,
Third-Party ,
Transparency ,
Validation and Re-Validation Requirements
On Wednesday, June 21, Senator Chuck Schumer announced a proposal to develop legislation to both regulate and promote work in artificial intelligence. The announcement was made during his speech at the Center for Strategic &...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
On Thursday, March 30, 2023, the National Institute of Standards and Technology (NIST) launched its Trustworthy and Responsible Artificial Intelligence Resource Center (AIRC). This online resource is a one-stop-shop for NIST...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
California’s Consumer Privacy Rights Act of 2020 (CPRA) purports to shield small and not-for-profit organizations from the scope of the act. Indeed, the CPRA’s definition of a “business” under California Civil Code...more
On July 7, 2021, Colorado enacted the Colorado Privacy Act (CPA), becoming the third U.S. state to adopt a comprehensive privacy law. As previously described, the CPA doesn’t apply to everyone. Instead, it only applies to...more
11/11/2022
/ California Privacy Rights Act (CPRA) ,
Colorado ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Opt-Outs ,
Personal Data ,
Privacy Laws ,
Rulemaking Process ,
Shareholders ,
State Attorneys General ,
State Privacy Laws
As the California Privacy Rights Act (CPRA) comes into effect on January 1, 2023, the temporary and partial exceptions for employment and business-to-business information will expire, making California the first and only...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
On August 24, 2022, California Attorney General Rob Bonta announced a settlement with Sephora, Inc. that included a fine of $1.2 million for alleged violations of the California Consumer Privacy Act (CCPA). The settlement is...more
8/26/2022
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Customer-Loyalty Programs ,
Data Collection ,
Data Sellers ,
Do Not Sell ,
Enforcement Actions ,
Opt-Outs ,
Personal Information ,
State Attorneys General
On July 6, 2022, the heads of the U.S. Federal Bureau of Investigation (FBI) and the British MI5 law enforcement agencies issued an unprecedented joint statement warning about espionage and other economic threats from China....more
7/12/2022
/ Audits ,
China ,
Corporate Counsel ,
Cybersecurity ,
Enforcement Actions ,
FBI ,
NIST ,
Policies and Procedures ,
Popular ,
Supply Chain ,
UK
The California Privacy Protection Agency (CPPA) quietly issued the first draft of the California Consumer Privacy Act (CPRA) regulations and an Initial Statement of Reasons by attaching them to the June 8 board meeting...more
On May 4, 2022, the Connecticut legislature passed S.B. 6 entitled the “Connecticut Data Privacy Act” (CDPA) with the bill now moving to Governor Ned Lamont’s desk for signature. Although Governor Lamont is generally expected...more
5/6/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CDPA ,
Connecticut ,
Data Privacy ,
Data Security ,
DPPA ,
Enforcement ,
Fair Credit Reporting Act (FCRA) ,
FERPA ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Personal Data ,
Right-To-Access ,
Securities Exchange Act of 1934 ,
Sensitive Personal Information ,
State Data Privacy Laws
On March 21, 2022, President Biden issued a statement reiterating warnings that Russia is “exploring” options for potential cyberattacks against the United States in retaliation for sanctions against Russia for its invasion...more