On January 20, 2025, President Donald Trump signed an executive order rescinding the 2023 directive issued by former President Joe Biden on artificial intelligence (AI). Biden’s order outlined extensive measures aimed at...more
1/22/2025
/ Artificial Intelligence ,
Compliance ,
Corporate Governance ,
Data Privacy ,
Data Protection ,
Ethics ,
Executive Orders ,
Policies and Procedures ,
Regulatory Agenda ,
Regulatory Reform ,
Risk Management ,
Technology
Fiduciaries should be aware of recent developments involving AI, including emerging and recent state law changes, increased state and federal government interest in regulating AI, and the role of AI in ERISA litigation. While...more
1/16/2025
/ Anti-Discrimination Policies ,
Artificial Intelligence ,
Compliance ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Employee Training ,
Equal Employment Opportunity Commission (EEOC) ,
Fiduciary Duty ,
Health and Welfare Plans ,
Healthcare ,
OCR ,
Regulatory Requirements ,
Risk Management
Insights for this month’s article are provided by ARDA members Gregory Szewczyk, partner at Ballard Spahr Practice Leader of the firm’s Privacy and Data Security Group, and Aaron Tantleff, partner in Foley & Lardner’s...more
7/24/2024
/ Artificial Intelligence ,
Blockchain ,
California Privacy Rights Act (CPRA) ,
CDPA ,
Compliance ,
COPPA ,
Damages ,
Data Privacy ,
Data Security ,
Documentation ,
Employee Training ,
Environmental Social & Governance (ESG) ,
FTC Act ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Machine Learning ,
Policies and Procedures ,
Popular ,
Private Right of Action ,
State Privacy Laws
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
On March 9, 2022, the U.S. Securities Exchange Commission (the Commission) announced proposed amendments to its rules regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies...more
3/18/2022
/ Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Disclosure Requirements ,
Foreign Private Issuers ,
Investors ,
Popular ,
Proposed Amendments ,
Risk Assessment ,
Risk Factors ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Third-Party Service Provider
While the world anxiously awaited the results of the November 2020 U.S. federal elections, California silently passed California Proposition 24, the California Privacy Rights Act (CPRA). Labeled on the ballot simply as...more
11/13/2020
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Data Mapping ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Policies and Procedures ,
Safe Harbors ,
Sensitive Personal Information
On March 19, 2020, the European Data Protection Board (EDPB) adopted a statement on the processing of personal data in the context of the COVID-19 outbreak. The EDPB made it clear that while the EU’s General Data Protection...more
As industry continues to adapt to the evolving realities of shelter-in-place orders, companies face challenges in supporting an unprecedented remote workforce while balancing compliance with a variety of regulatory agencies....more
4/9/2020
/ Business Interruption ,
California Consumer Privacy Act (CCPA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Regulatory Standards ,
Remote Working ,
Small Business ,
State of Emergency
...On April 4, 2019, California Assembly Member Wicks proposed sweeping changes to bill AB 1760, effectively repealing the California Consumer Privacy Act of 2018 (CCPA) and replacing it with the Privacy for All Act of 2019...more
4/11/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Disclosure Requirements ,
Opt-In ,
Personal Data ,
Private Right of Action ,
Proposed Amendments ,
Regulatory Oversight ,
Right to Be Forgotten ,
Third-Party Service Provider
On January 25, 2019, the Illinois Supreme Court handed down a key ruling that will make it significantly easier for consumers and workers to sue and recover damages for mere non-compliance with the requirements of the state’s...more
Enacted in 2008, Illinois’ Biometric Information Privacy Act (740 ILCS 14/1 or BIPA), generally requires companies to obtain a person’s consent before collecting, capturing, or purchasing a person’s “biometric identifier” or...more
On October 6, 2015, the European Court of Justice — Europe’s highest court — invalidated the Safe Harbor agreement and framework that has permitted more than 4,000 companies to transfer personal data from the EU to the U.S....more
10/7/2015
/ Binding Corporate Rules ,
Data Privacy ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
International Data Transfers ,
National Security Agency (NSA) ,
Personal Data ,
Prior Express Consent ,
PRISM Program ,
SCC ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework