On December 19, 2025, New York Governor Kathy Hochul vetoed the New York Health Information Privacy Act (NY HIPA), a health data privacy bill that would have afforded consumer protections to non-HIPAA health data....more
A recent executive order (EO) launches the “Genesis Mission,” a national AI initiative the White House likens to the Manhattan Project in scale and ambition, aimed at unifying federal supercomputing, data, and research assets...more
12/15/2025
/ Artificial Intelligence ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Security ,
Department of Energy (DOE) ,
Executive Orders ,
Government Agencies ,
Innovation ,
Machine Learning ,
Research and Development ,
Risk Management
The quality of the CFPB’s information security program “has decreased since last year, leading us to conclude the program no longer is effective,” the bureau’s Inspector General (IG), said in a report.
The bureau’s overall...more
11/11/2025
/ Audits ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Data Protection ,
Data Security ,
Federal Contractors ,
Government Agencies ,
Information Security ,
Information Systems Security Program (ISSP) ,
OIG ,
Personally Identifiable Information ,
Ransomware ,
Risk Assessment ,
Risk Management ,
Third-Party Risk ,
Vulnerability Assessments
On October 13, 2025, California Governor Gavin Newsom vetoed S.B. 7, which would have required human oversight in certain types of employment decisions made solely by automated decision systems (“ADS”). If Gov. Newsom signed...more
The Regulatory and Enforcement Landscape. Colorado Attorney General Phil Weiser participated in a Fireside Chat with Greg Szewczyk, the Chair of Ballard Spahr’s Privacy and Data Security Group. They discussed significant...more
On September 23, 2025, the California Privacy Protection Agency (CPPA) announced the approval of final regulations under the California Consumer Privacy Act (CCPA) covering cybersecurity audits, risk assessments, and...more
10/15/2025
/ Audits ,
Automated Decision Systems (ADS) ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Final Rules ,
New Regulations ,
Regulatory Requirements ,
Risk Assessment ,
State Privacy Laws
On September 30, 2025, the California Privacy Protection Agency (CPPA) issued a $1.35 million fine, the largest in the CPPA’s history, against Tractor Supply Company, the nation’s largest rural lifestyle retailer. The fine...more
10/15/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Employer Liability Issues ,
Enforcement Actions ,
Hiring & Firing ,
Job Applicants ,
Penalties ,
Personal Data ,
Retailers ,
State Privacy Laws ,
Statutory Violations
In a reminder that the FTC’s new enforcement priorities will likely drive additional litigation risks, days after the settlement was announced, Disney Worldwide Services and Disney Entertainment Operations, LLC (together,...more
9/10/2025
/ COPPA ,
Data Collection ,
Data Privacy ,
Department of Justice (DOJ) ,
Disney ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Internet Streaming ,
Minors ,
Online Safety for Children ,
Privacy Laws ,
Putative Class Actions ,
Settlement Agreements ,
Statutory Violations ,
YouTube
The Food and Drug Administration (FDA) issued final guidance Monday that explains how medical device manufacturers can use a Predetermined Change Control Plan (PCCP) to update AI-enabled device software functions (AI-DSFs)...more
8/22/2025
/ 510(k) RTA ,
Artificial Intelligence ,
Cybersecurity ,
Digital Health ,
Final Guidance ,
Food and Drug Administration (FDA) ,
Healthcare ,
Life Sciences ,
Machine Learning ,
Manufacturers ,
Marketing Authorization Application ,
Medical Devices ,
Pharmaceutical Industry ,
Premarket Approval Applications ,
Regulatory Oversight ,
Regulatory Requirements ,
Software
The federal government recently unveiled America’s AI Action Plan (the Plan), a sweeping policy roadmap aimed at clearing away regulatory barriers, supercharging U.S. investment in infrastructure and talent surrounding AI,...more
8/11/2025
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California ,
Colorado ,
Employment Discrimination ,
Federal v State Law Application ,
Hiring & Firing ,
Illinois ,
New Legislation ,
Regulatory Requirements ,
State Labor Laws ,
Texas
On June 11, 2025, Connecticut passed Senate Bill 01295 (SB 01295). If signed by the governor, SB 01295 will amend the existing Connecticut Data Privacy Act (CTDPA) in several important ways, with the amendments going into...more
6/19/2025
/ Connecticut ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Minors ,
New Amendments ,
Proposed Amendments ,
Regulatory Agenda ,
Sensitive Personal Information ,
Social Media ,
State Privacy Laws
On June 4, 2025, the Digital Advertising Alliance (“DAA”), the self-regulatory body that sets and enforces privacy standards for digital advertising, announced it is launching a process to determine if it is necessary to...more
This episode is part of our “Bridging Campuses: Legal Insights on Education Industry Consolidation” series, where we discuss trends in higher education consolidation and closures, and outline common characteristics of at-risk...more
On February 21, 2025, representatives in the California legislature introduced California Assembly Bill 1355, also known as the California Location Privacy Act (“AB 1355”). AB 1355 seeks to amend the California Consumer...more
3/13/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Enforcement ,
Location Data ,
Location Privacy ,
Prior Express Consent ,
Proposed Legislation ,
Regulatory Agenda ,
State Attorneys General ,
State Privacy Laws
On February 12, 2025, the House Energy and Commerce Committee Chair Brett Guthrie (R-Ky) and Vice Chair John Joyce (R-Pa) announced the formation of 12-member working group tasked with developing comprehensive data privacy...more
2/20/2025
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Federal Data Privacy ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Personal Data ,
Proposed Legislation ,
Regulatory Agenda ,
State Privacy Laws ,
Working Groups
On January 6, 2025, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) published a Notice of Proposed Rulemaking (“NPRM”) to amend the Health Insurance Portability and Accountability Act...more
1/14/2025
/ Comment Period ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
NPRM ,
OCR ,
Patient Privacy Rights ,
Public Comment ,
Regulatory Agenda ,
Regulatory Reform ,
Risk Management
In today’s podcast episode, we’re joined by Alex Johnson, Founder of Fintech Takes, and Paige Paridon, Senior Vice President, Senior Associate General Counsel & Co-Head of Regulatory Affairs at Bank Policy Institute, to take...more
The Dutch Data Protection Authority (the “Dutch DPA”) issued a €4.75 million (approximately $5 million USD) fine on Netflix in connection with a data access investigation that started in 2019. The investigation arose out of...more
On December 3, 2024, the Consumer Financial Protection Bureau (CFPB) published its long anticipated proposed rule aimed at regulating data brokers under the Fair Credit Reporting Act (FCRA). Although the CFPB’s future is...more
On December 5, 2024, the Colorado Department of Law adopted amended rules to the Colorado Privacy Act (CPA)....more
On November 7, 2024, Michigan lawmakers in the Senate introduced the Reproductive Data Privacy Act (“RDPA”), also known as Senate Bill 1082 (SB 1082). The bill aims to strengthen privacy protections for sensitive...more
On November 12, 2024, the Consumer Financial Protection Bureau (CFPB) released a report examining the carve outs and limitations contained in comprehensive state privacy laws relating to financial institutions. In an...more
11/21/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Open Banking ,
Personal Information ,
Regulatory Oversight ,
State Privacy Laws
On November 14, 2024, the California Privacy Protection Agency (“CPPA”), which is tasked with enforcing the California Consumer Privacy Act (the “CCPA”), announced it settled with two data brokers, Growbots, Inc. and UpLead...more
11/18/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Brokers ,
Data Management ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Personal Information ,
Registration Requirement ,
Regulatory Requirements ,
Settlement ,
State Privacy Laws ,
Statutory Violations
On October 22, 2024, the Consumer Financial Protection Bureau (“CFPB”) issued its final rule implementing Section 1033 of the Dodd-Frank Act (the “Final Rule” or the “Open Banking Rule”), granting consumers greater access...more
10/25/2024
/ Banks ,
Consumer Data Requests ,
Consumer Financial Products ,
Consumer Financial Protection Bureau (CFPB) ,
Data Management ,
Depository Institutions ,
Dodd-Frank ,
Final Rules ,
Financial Regulatory Reform ,
Financial Services Industry ,
Open Banking ,
Regulation E ,
Regulation Z ,
Right of Access
On October 22, 2024, the Consumer Financial Protection Bureau (“CFPB”) issued its final rule implementing Section 1033 of the Dodd-Frank Act (the “Final Rule” or the “Open Banking Rule”), granting consumers greater access...more
10/24/2024
/ Consumer Data Requests ,
Consumer Financial Products ,
Consumer Financial Protection Bureau (CFPB) ,
Data Management ,
Dodd-Frank ,
Final Rules ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
Open Banking ,
Popular