On September 11, 2023, Delaware Governor John Carney signed into law House Bill No. 154 ("Delaware Personal Data Privacy Act"), Delaware's new state consumer privacy law, which will become effective January 1, 2025. Delaware...more
9/18/2023
/ Consumer Privacy Rights ,
Delaware ,
Enforcement ,
FERPA ,
Governor Carney ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Investigations ,
Opt-Outs ,
Personal Data ,
State Privacy Laws
The California Attorney General's (the "Cal AG") office appears to be moving forward with enforcement activities, despite a recent court ruling delaying enforcement of CPRA regulations. In the past month, since the amendments...more
8/16/2023
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Employees ,
Employer Liability Issues ,
Employment Policies ,
Enforcement Actions ,
Hiring & Firing ,
Mobile Apps ,
New Regulations ,
Personal Information ,
Privacy Laws ,
Regulatory Agenda ,
State Privacy Laws
The United States ("U.S.") and the European Union ("EU") have settled on a framework for transfers of personal data for the first time since the European Court of Justice ("CJEU") effectively invalidate the EU-U.S. Privacy...more
8/2/2023
/ Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
International Data Transfers ,
National Security ,
Personal Data ,
U.S. Commerce Department
On June 18, 2023, Governor Greg Abbott signed the Texas Data Privacy and Security Act (TDPSA) into law. Texas now joins the rapidly increasing group of states, California, Utah, Colorado, Connecticut, Virginia, Iowa, Indiana,...more
7/20/2023
/ Data Privacy ,
Data Protection ,
Data Protection Acts ,
Data Security ,
Legislative Agendas ,
New Legislation ,
New Regulations ,
Regulatory Agenda ,
Regulatory Reform ,
State and Local Government ,
State Data Privacy Laws ,
State Privacy Laws ,
Texas
On May 11, 2023, Governor Bill Lee signed the Tennessee Information Protection Act (TIPA) into law. Tennessee now joins the rapidly increasing group of states, California, Utah, Colorado, Connecticut, Virginia, Iowa and...more
6/26/2023
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Gramm-Leach-Blilely Act ,
NIST ,
Personal Information ,
Privacy Laws ,
State Privacy Laws
On May 19, 2023, Montana Governor Greg Gianforte signed into law Senate Bill 384 ("Montana Consumer Data Privacy Act"), Montana's new state consumer privacy law, which will become effective October 1, 2024. Montana now joins...more
6/26/2023
/ Consumer Privacy Rights ,
Data Controller ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
Montana ,
New Legislation ,
New Regulations ,
Privacy Laws ,
Regulatory Agenda ,
State and Local Government ,
State Legislatures ,
State Privacy Laws
As of this morning, several US federal agencies and the personal information of 3.5 million Oregon and Louisiana residents has been compromised in a cyberattack affecting companies and government agencies across the globe...more
On May 18, 2023, in Twitter, Inc. v. Taamneh, the Supreme Court issued a unanimous opinion declining to impose secondary liability on tech companies for allegedly failing to prevent ISIS from using their platforms for...more
After a delay of eight months, the California Privacy Rights Act Regulations (CPRA) (the "Regulations") were finalized in late March of this year. The Regulations remain unchanged from the final modified version of the draft...more
On May 1, 2023, Indiana Governor Eric Holcomb signed into law Senate Enrolled Act No. 5 ("Indiana Data Privacy Law"), Indiana's new state consumer privacy law, which will become effective January 1, 2026. Indiana now joins...more
On March 28, 2023, Iowa Governor Kim Reynolds signed into law Senate File 262 ("Iowa Data Privacy Law"), Iowa's new state consumer privacy law, which will go into effect on January 1, 2025. By passing this law, Iowa joins...more
The Colorado Attorney General's Office recently finalized rules for the Colorado Privacy Act ("CPA Rules") which was signed into law in July 2021. The Colorado Privacy Act ("CPA") will soon join the California Consumer...more
4/18/2023
/ California ,
Colorado ,
Consumer Privacy Rights ,
Corporate Counsel ,
Corporate Governance ,
Data Privacy ,
Data Protection ,
Data Security ,
Legislative Agendas ,
New Legislation ,
Privacy Laws ,
State and Local Government ,
State Privacy Laws ,
Virginia
For most large companies, a frictionless flow of information and the ability to transfer customer data, employee files, financial records and other information around the world quickly and cost-effectively is a critical...more
3/22/2023
/ Biometric Information ,
Board of Directors ,
Corporate Governance ,
Corporate Officers ,
Cybersecurity ,
Data Protection ,
Data Security ,
Data Transfers ,
Disclosure Requirements ,
Environmental Social & Governance (ESG) ,
EU ,
International Data Transfers ,
Personal Data ,
Popular ,
Risk Assessment ,
Risk Management ,
Technology ,
UK
On January 27, 2023 California Attorney General Rob Bonta ("Cal AG") announced a new enforcement sweep, aimed at businesses with mobile apps that do not comply with the California Consumer Privacy Act ("CCPA"). The...more
After a two year absence of a legal framework for transferring personal data from the EU to the U.S., President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (the...more
10/20/2022
/ Biden Administration ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Privacy Laws
California employers' reprieve from obligations to employees to disclose data privacy practices and provide access rights to employees appears to be coming to an end as the California Privacy Rights Act (CPRA) becomes...more
10/12/2022
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Confidential Communications ,
Data Collection ,
Data Privacy ,
Disclosure Requirements ,
Notice Requirements ,
Opt-Outs ,
Personal Information ,
Policies and Procedures ,
Privacy Laws
In a long anticipated development, on August 24 California Attorney General Rob Bonta ("Cal AG") announced the state's first monetary penalty under the California Consumer Privacy Act ("CCPA"), in a settlement with the beauty...more
On August 2, in its first ever cryptocurrency enforcement action, the New York State Department of Financial Services ("NYDFS") announced it had imposed a $30 million fine on Robinhood Crypto, LLC ("RHC") for failures in its...more
8/15/2022
/ Bank Secrecy Act ,
BSA/AML ,
Business Licenses ,
Consent Order ,
Cryptocurrency ,
Enforcement Actions ,
New York ,
Noncompliance ,
Notice Requirements ,
NYDFS ,
Regulatory Violations ,
State and Local Government ,
Virtual Currency
This week, on Tuesday May 10, 2022, Connecticut Gov. Ned Lamont approved Connecticut Senate Bill 6, an Act Concerning Personal Data Privacy and Online Monitoring (the "Connecticut Privacy Act"). Governor Lamont’s approval...more
5/19/2022
/ Connecticut ,
Consent ,
Consumer Privacy Rights ,
Data Collection ,
Data Protection ,
Enforcement ,
GLBA Privacy ,
Governor Lamont ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
Opt-Outs ,
Personal Data ,
State Privacy Laws
Continuing efforts at the state level to establish a data privacy framework in the US, a fourth state has passed a comprehensive consumer privacy law. Utah has joined the ranks of Colorado, California and Virginia after...more
On March 9, 2022, the Securities and Exchange Commission ("SEC") proposed rules that would require public companies to make prescribed cybersecurity disclosures. The proposed rules would "strengthen investors' ability to...more
3/15/2022
/ Broker-Dealer ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Investment Adviser ,
Investment Companies ,
Investors ,
Proposed Rules ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC)
With data privacy laws tightening and cyberattacks on the rise, due diligence of technology networks and data processes should be a top priority for dealmakers -
May 2021 saw one of the most high-profile cyberattacks in US...more
As state and federal legislatures across the United States continue to contemplate comprehensive data protection legislation, two pending laws—the California Privacy Rights Act (CPRA) and the Virginia Consumer Data Protection...more
Ninth Circuit Decision Highlights Importance of Updating Risk Factors to Address Material Developments, including those relating to Cybersecurity Risks.
As companies prepare their periodic reports with the SEC, a recent...more
Colorado has joined California and Virginia in enacting comprehensive data privacy legislation after Governor Jared Polis signed the Colorado Privacy Act into effect yesterday. The enactment of the Colorado Privacy Act...more