The Colorado Attorney General's Office released the final version of its rules implementing the Colorado Privacy Act (CPA) on March 15. The CPA was enacted on July 7, 2021 and the first draft of the implementing rules were...more
The U.S. Securities and Exchange Commission ("SEC" or the "Commission") has ordered Blackbaud, Inc. ("Blackbaud") to pay $3 million to resolve claims that it made materially misleading statements about a 2020 ransomware...more
3/16/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Disclosure Requirements ,
Enforcement Actions ,
Hackers ,
Misleading Statements ,
Popular ,
Ransomware ,
Securities and Exchange Commission (SEC) ,
Securities Violations
On December 21, 2023, the Colorado Attorney General released a second draft of the Colorado Privacy Act Rules, revising the previous draft of the proposed rules. Our analysis of the first draft of the rules can be found here....more
In a significant move toward replacing the invalidated Privacy Shield, the European Commission (EC) released a draft Adequacy Decision on December 13, 2022, concluding that the U.S. legal framework provides an adequate level...more
The New York Department of Financial Services (NYDFS) continues to be a major player in data security enforcement. On Oct. 18, 2022, NYDFS announced that it had entered into a consent order with EyeMed Vision Care LLC...more
The New York Department of Financial Services (NYDFS) continues to be a major player in data security enforcement. On Oct. 18, 2022, NYDFS announced that it had entered into a consent order with EyeMed Vision Care LLC...more
October was a busy month in New York for cybersecurity enforcement. In addition to a $4.5 million settlement between the New York Department of Financial Services and EyeMed Vision Care (discussed in a forthcoming blog post),...more
In March 2022, the US and EU announced they had agreed in principle to a new Trans-Atlantic Data Privacy Framework (Framework) intended to simplify transfers of personal information. After months of waiting for the final...more
The Colorado Attorney General's Office has published its much-anticipated proposed rules (Proposed Rules) implementing the Colorado Privacy Act (CPA), which, as we discussed in an earlier blog post, was enacted on July 7,...more
The Federal Trade Commission has formally launched a rulemaking proceeding that nominally is focused on consumer privacy issues, but actually raises significant questions about the impact of artificial intelligence/machine...more
On May 25, 2022, the European Commission announced the release of a new guidance document relating to standard contractual clauses (SCCs) and international data transfers. The guidance is included in a series of questions and...more
The California Privacy Protection Agency Board (the "CPPA Board") announced on May 27, 2022, that it would hold a public meeting on June 8 to discuss, among other things, a set of detailed proposed regulations to "Implement,...more
6/6/2022
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Proposed Regulation ,
State Privacy Laws