China’s internet regulatory authority and top prosecutors have recently released a series of enforcement actions and cases, aimed at highlighting enforcement priorities in the data security realm over the last year. In 2025,...more
1/30/2026
/ China ,
Compliance ,
Cross-Border Transactions ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Enforcement Priorities ,
International Data Transfers ,
Personal Information ,
Personal Information Protection Act ,
Privacy Laws ,
Regulatory Oversight ,
Regulatory Requirements
A recent executive order (EO) launches the “Genesis Mission,” a national AI initiative the White House likens to the Manhattan Project in scale and ambition, aimed at unifying federal supercomputing, data, and research assets...more
12/15/2025
/ Artificial Intelligence ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Security ,
Department of Energy (DOE) ,
Executive Orders ,
Government Agencies ,
Innovation ,
Machine Learning ,
Research and Development ,
Risk Management
The quality of the CFPB’s information security program “has decreased since last year, leading us to conclude the program no longer is effective,” the bureau’s Inspector General (IG), said in a report.
The bureau’s overall...more
11/11/2025
/ Audits ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Data Protection ,
Data Security ,
Federal Contractors ,
Government Agencies ,
Information Security ,
Information Systems Security Program (ISSP) ,
OIG ,
Personally Identifiable Information ,
Ransomware ,
Risk Assessment ,
Risk Management ,
Third-Party Risk ,
Vulnerability Assessments
The Regulatory and Enforcement Landscape. Colorado Attorney General Phil Weiser participated in a Fireside Chat with Greg Szewczyk, the Chair of Ballard Spahr’s Privacy and Data Security Group. They discussed significant...more
On September 23, 2025, the California Privacy Protection Agency (CPPA) announced the approval of final regulations under the California Consumer Privacy Act (CCPA) covering cybersecurity audits, risk assessments, and...more
10/15/2025
/ Audits ,
Automated Decision Systems (ADS) ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Final Rules ,
New Regulations ,
Regulatory Requirements ,
Risk Assessment ,
State Privacy Laws
The Food and Drug Administration (FDA) issued final guidance Monday that explains how medical device manufacturers can use a Predetermined Change Control Plan (PCCP) to update AI-enabled device software functions (AI-DSFs)...more
8/22/2025
/ 510(k) RTA ,
Artificial Intelligence ,
Cybersecurity ,
Digital Health ,
Final Guidance ,
Food and Drug Administration (FDA) ,
Healthcare ,
Life Sciences ,
Machine Learning ,
Manufacturers ,
Marketing Authorization Application ,
Medical Devices ,
Pharmaceutical Industry ,
Premarket Approval Applications ,
Regulatory Oversight ,
Regulatory Requirements ,
Software
This episode is part of our “Bridging Campuses: Legal Insights on Education Industry Consolidation” series, where we discuss trends in higher education consolidation and closures, and outline common characteristics of at-risk...more
On January 6, 2025, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) published a Notice of Proposed Rulemaking (“NPRM”) to amend the Health Insurance Portability and Accountability Act...more
1/14/2025
/ Comment Period ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
NPRM ,
OCR ,
Patient Privacy Rights ,
Public Comment ,
Regulatory Agenda ,
Regulatory Reform ,
Risk Management
On December 5, 2024, the Colorado Department of Law adopted amended rules to the Colorado Privacy Act (CPA)....more
On November 12, 2024, the Consumer Financial Protection Bureau (CFPB) released a report examining the carve outs and limitations contained in comprehensive state privacy laws relating to financial institutions. In an...more
11/21/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Open Banking ,
Personal Information ,
Regulatory Oversight ,
State Privacy Laws
On November 14, 2024, the California Privacy Protection Agency (“CPPA”), which is tasked with enforcing the California Consumer Privacy Act (the “CCPA”), announced it settled with two data brokers, Growbots, Inc. and UpLead...more
11/18/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Brokers ,
Data Management ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Personal Information ,
Registration Requirement ,
Regulatory Requirements ,
Settlement ,
State Privacy Laws ,
Statutory Violations
The State of Texas and Meta Platforms Inc. (“Meta”) have agreed to a $1.4 billion settlement, to be paid out over five years, to resolve claims relating to Meta’s alleged use of facial recognition technology without user...more
8/1/2024
/ Biometric Information ,
Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Facial Recognition Technology ,
Personal Data ,
Personally Identifiable Information ,
Settlement
This episode is part of our Cyber Adviser series, where we discuss emerging issues in the world of privacy and data security.
Today, we’re joined by Paolo Sbuttoni, a partner at Foot Anstey with years of experience...more
The California Privacy Protection Agency (“CPPA”) discussed at its July 16 meeting new enforcement focuses in addition to current goals. While the new focuses are largely in line with general trends, they also serve as a...more
In a reminder that open source products can carry significant risks beyond intellectual property, a vulnerability in a compression tool commonly used by developers has triggered widespread concerns....more
The UN General Assembly has adopted a landmark resolution focusing on the safe, secure, and trustworthy use of Artificial Intelligence (AI). This resolution, led by the United States and supported by over 120 Member States,...more
3/28/2024
/ Algorithms ,
Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Intellectual Property Litigation ,
Intellectual Property Protection ,
International Data Transfers ,
Machine Learning ,
Member State ,
Personal Data ,
Risk Management ,
United Nations
This episode is part of our Cyber Adviser series, where we discuss emerging issues in the world of privacy and data security.
Today, our lawyers discuss new state consumer health data laws in Connecticut, Nevada, and...more
On March 7, 2024, the California Privacy Protection Agency (CPPA) released new materials for review and discussion at the agency’s board meeting on March 8, 2024. Among the materials released were draft risk assessment and...more
On February 9, 2024, California’s Third District Court of Appeals reinstated the California Privacy Protection Agency’s (“CPPA”) ability to enforce the California Privacy Rights Act of 2020 (“CPRA”) regulations. The CPRA...more
2/13/2024
/ California ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Personal Information ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Requirements ,
State Privacy Laws
This episode is part of our Cyber Adviser series, where we discuss emerging issues in the world of privacy and data security.
The privacy and cybersecurity landscape is evolving in the financial sector, from more specific...more
On November 21, the Federal Trade Commission (“FTC”) approved in a 3-0 vote a resolution authorizing the use of compulsory process in nonpublic investigations involving products and services that involve or claim to involve...more
11/29/2023
/ Algorithms ,
Artificial Intelligence ,
Civil Investigation Demand ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Federal Trade Commission (FTC) ,
Innovative Technology ,
Investigations ,
Machine Learning ,
Regulatory Authority ,
Regulatory Oversight
The California Privacy Protection Agency (CPPA) recently published two new sets of draft regulations addressing a range of cutting-edge data protection issues. Although the CPPA has not officially started the formal...more
9/8/2023
/ Algorithms ,
Artificial Intelligence ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Financial Products ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Draft Guidance ,
Financial Services Industry ,
Machine Learning ,
Personal Information ,
Regulatory Agenda ,
Risk Assessment
The California Privacy Protection Agency (CPPA) recently published two new sets of draft regulations addressing a range of cutting-edge data protection issues. Although the Agency has not officially started the formal...more
9/6/2023
/ Algorithms ,
Artificial Intelligence ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Financial Products ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Draft Guidance ,
Machine Learning ,
Personal Information ,
Regulatory Agenda ,
Risk Assessment
Following recent Senate testimony in which OpenAI CEO Sam Altman proposed additional Congressional oversight for the development of artificial intelligence (AI), Colorado Senator Michael Bennet has re-introduced the Digital...more
As we have previously posted, it has been an active year on the state privacy law front. Indeed, the number of states with privacy laws is about to nearly double in a matter of months, with Iowa, Indiana, Montana, and...more