On January 6, 2025, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) published a Notice of Proposed Rulemaking (“NPRM”) to amend the Health Insurance Portability and Accountability Act...more
1/14/2025
/ Comment Period ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
NPRM ,
OCR ,
Patient Privacy Rights ,
Public Comment ,
Regulatory Agenda ,
Regulatory Reform ,
Risk Management
On December 5, 2024, the Colorado Department of Law adopted amended rules to the Colorado Privacy Act (CPA)....more
On November 12, 2024, the Consumer Financial Protection Bureau (CFPB) released a report examining the carve outs and limitations contained in comprehensive state privacy laws relating to financial institutions. In an...more
11/21/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Open Banking ,
Personal Information ,
Regulatory Oversight ,
State Privacy Laws
On November 14, 2024, the California Privacy Protection Agency (“CPPA”), which is tasked with enforcing the California Consumer Privacy Act (the “CCPA”), announced it settled with two data brokers, Growbots, Inc. and UpLead...more
11/18/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Brokers ,
Data Management ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Personal Information ,
Registration Requirement ,
Regulatory Requirements ,
Settlement ,
State Privacy Laws ,
Statutory Violations
The State of Texas and Meta Platforms Inc. (“Meta”) have agreed to a $1.4 billion settlement, to be paid out over five years, to resolve claims relating to Meta’s alleged use of facial recognition technology without user...more
8/1/2024
/ Biometric Information ,
Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Facial Recognition Technology ,
Personal Data ,
Personally Identifiable Information ,
Settlement
This episode is part of our Cyber Adviser series, where we discuss emerging issues in the world of privacy and data security.
Today, we’re joined by Paolo Sbuttoni, a partner at Foot Anstey with years of experience...more
The California Privacy Protection Agency (“CPPA”) discussed at its July 16 meeting new enforcement focuses in addition to current goals. While the new focuses are largely in line with general trends, they also serve as a...more
In a reminder that open source products can carry significant risks beyond intellectual property, a vulnerability in a compression tool commonly used by developers has triggered widespread concerns....more
The UN General Assembly has adopted a landmark resolution focusing on the safe, secure, and trustworthy use of Artificial Intelligence (AI). This resolution, led by the United States and supported by over 120 Member States,...more
3/28/2024
/ Algorithms ,
Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Intellectual Property Litigation ,
Intellectual Property Protection ,
International Data Transfers ,
Machine Learning ,
Member State ,
Personal Data ,
Risk Management ,
United Nations
This episode is part of our Cyber Adviser series, where we discuss emerging issues in the world of privacy and data security.
Today, our lawyers discuss new state consumer health data laws in Connecticut, Nevada, and...more
On March 7, 2024, the California Privacy Protection Agency (CPPA) released new materials for review and discussion at the agency’s board meeting on March 8, 2024. Among the materials released were draft risk assessment and...more
On February 9, 2024, California’s Third District Court of Appeals reinstated the California Privacy Protection Agency’s (“CPPA”) ability to enforce the California Privacy Rights Act of 2020 (“CPRA”) regulations. The CPRA...more
2/13/2024
/ California ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Personal Information ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Requirements ,
State Privacy Laws
This episode is part of our Cyber Adviser series, where we discuss emerging issues in the world of privacy and data security.
The privacy and cybersecurity landscape is evolving in the financial sector, from more specific...more
On November 21, the Federal Trade Commission (“FTC”) approved in a 3-0 vote a resolution authorizing the use of compulsory process in nonpublic investigations involving products and services that involve or claim to involve...more
11/29/2023
/ Algorithms ,
Artificial Intelligence ,
Civil Investigation Demand ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Federal Trade Commission (FTC) ,
Innovative Technology ,
Investigations ,
Machine Learning ,
Regulatory Authority ,
Regulatory Oversight
The California Privacy Protection Agency (CPPA) recently published two new sets of draft regulations addressing a range of cutting-edge data protection issues. Although the CPPA has not officially started the formal...more
9/8/2023
/ Algorithms ,
Artificial Intelligence ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Financial Products ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Draft Guidance ,
Financial Services Industry ,
Machine Learning ,
Personal Information ,
Regulatory Agenda ,
Risk Assessment
The California Privacy Protection Agency (CPPA) recently published two new sets of draft regulations addressing a range of cutting-edge data protection issues. Although the Agency has not officially started the formal...more
9/6/2023
/ Algorithms ,
Artificial Intelligence ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Financial Products ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Draft Guidance ,
Machine Learning ,
Personal Information ,
Regulatory Agenda ,
Risk Assessment
Following recent Senate testimony in which OpenAI CEO Sam Altman proposed additional Congressional oversight for the development of artificial intelligence (AI), Colorado Senator Michael Bennet has re-introduced the Digital...more
As we have previously posted, it has been an active year on the state privacy law front. Indeed, the number of states with privacy laws is about to nearly double in a matter of months, with Iowa, Indiana, Montana, and...more
On March 15, the Colorado Attorney General’s Office finalized the Colorado Privacy Act regulations. ...more
On March 8, 2023, the U.K. Secretary of State for Science for Innovation and Technology announced the publication of the Data Protection and Digital Information (No.2) Bill. This new version of the Data Protection and Digital...more
On Friday, January 27, California Attorney General Rob Bonta announced an investigative sweep of businesses that provide mobile apps, issuing warning letters to those that AG Banta alleges failed to comply with the California...more
With Colorado joining California as the only other state with rules implementing a comprehensive privacy law, businesses and practitioners have been anxiously watching to see whether a California-compliant privacy policy...more
2022 proved to be an historic year for privacy and data security. Connecticut and Utah joined the list of states that have now passed comprehensive data privacy laws, bringing the total to five (5) states. For the first...more
On December 22, 2022, France’s National Commission for Technology and Freedoms (“CNIL”) fined Microsoft’s Irish subsidiary 60 million euro for failure to comply with Article 82 of the French Data Protection Law (known as the...more
On December 21, the Colorado Attorney General released a revised draft of the Colorado Privacy Act Rules....more