China’s internet regulatory authority and top prosecutors have recently released a series of enforcement actions and cases, aimed at highlighting enforcement priorities in the data security realm over the last year. In 2025,...more
1/30/2026
/ China ,
Compliance ,
Cross-Border Transactions ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Enforcement Priorities ,
International Data Transfers ,
Personal Information ,
Personal Information Protection Act ,
Privacy Laws ,
Regulatory Oversight ,
Regulatory Requirements
A recent executive order (EO) launches the “Genesis Mission,” a national AI initiative the White House likens to the Manhattan Project in scale and ambition, aimed at unifying federal supercomputing, data, and research assets...more
12/15/2025
/ Artificial Intelligence ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Security ,
Department of Energy (DOE) ,
Executive Orders ,
Government Agencies ,
Innovation ,
Machine Learning ,
Research and Development ,
Risk Management
The quality of the CFPB’s information security program “has decreased since last year, leading us to conclude the program no longer is effective,” the bureau’s Inspector General (IG), said in a report.
The bureau’s overall...more
11/11/2025
/ Audits ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Data Protection ,
Data Security ,
Federal Contractors ,
Government Agencies ,
Information Security ,
Information Systems Security Program (ISSP) ,
OIG ,
Personally Identifiable Information ,
Ransomware ,
Risk Assessment ,
Risk Management ,
Third-Party Risk ,
Vulnerability Assessments
The Regulatory and Enforcement Landscape. Colorado Attorney General Phil Weiser participated in a Fireside Chat with Greg Szewczyk, the Chair of Ballard Spahr’s Privacy and Data Security Group. They discussed significant...more
This episode is part of our “Bridging Campuses: Legal Insights on Education Industry Consolidation” series, where we discuss trends in higher education consolidation and closures, and outline common characteristics of at-risk...more
On January 6, 2025, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) published a Notice of Proposed Rulemaking (“NPRM”) to amend the Health Insurance Portability and Accountability Act...more
1/14/2025
/ Comment Period ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
NPRM ,
OCR ,
Patient Privacy Rights ,
Public Comment ,
Regulatory Agenda ,
Regulatory Reform ,
Risk Management
This episode is part of our Cyber Adviser series, where we discuss emerging issues in the world of privacy and data security.
Today, we’re joined by Paolo Sbuttoni, a partner at Foot Anstey with years of experience...more
This episode is part of our Cyber Adviser series, where we discuss emerging issues in the world of privacy and data security.
Today, our lawyers discuss new state consumer health data laws in Connecticut, Nevada, and...more
On February 1, 2024, the Connecticut Office of the Attorney General (“OAG”) submitted to the Connecticut General Assembly its report on the first six months of the Connecticut Data Privacy Act (“CTDPA”). While the report...more
This episode is part of our Cyber Adviser series, where we discuss emerging issues in the world of privacy and data security.
The privacy and cybersecurity landscape is evolving in the financial sector, from more specific...more
As we have previously posted, it has been an active year on the state privacy law front. Indeed, the number of states with privacy laws is about to nearly double in a matter of months, with Iowa, Indiana, Montana, and...more
The AI application ChatGPT quickly became a household name, but already is morphing into a more advanced version of generative AI. At the same time, Microsoft’s redesigned Bing search engine will soon run on a new,...more
On March 15, the Colorado Attorney General’s Office finalized the Colorado Privacy Act regulations. ...more
2022 proved to be an historic year for privacy and data security, and 2023 is likely to follow suit. With privacy compliance deadlines looming under three state laws, a surge in data privacy litigation, new federal...more
On Friday, January 27, California Attorney General Rob Bonta announced an investigative sweep of businesses that provide mobile apps, issuing warning letters to those that AG Banta alleges failed to comply with the California...more
With Colorado joining California as the only other state with rules implementing a comprehensive privacy law, businesses and practitioners have been anxiously watching to see whether a California-compliant privacy policy...more
2022 proved to be an historic year for privacy and data security. Connecticut and Utah joined the list of states that have now passed comprehensive data privacy laws, bringing the total to five (5) states. For the first...more
On December 22, 2022, France’s National Commission for Technology and Freedoms (“CNIL”) fined Microsoft’s Irish subsidiary 60 million euro for failure to comply with Article 82 of the French Data Protection Law (known as the...more
On December 21, the Colorado Attorney General released a revised draft of the Colorado Privacy Act Rules....more
On November 15, 2022, the FTC announced that it was extending by six months the deadline for companies to comply with some portions of the updated Safeguards Rule. The extension comes as a welcome relief to companies racing...more
On November 15, 2022, the FTC announced that it was extending by six months the deadline for companies to comply with some portions of the updated Safeguards Rule. The extension comes as a welcome relief to companies racing...more
On October 17, the California Privacy Protection Agency (“CPPA”) published the first revisions to the CPRA regulations. This draft includes an extensive list of proposed changes in advance of the CPPA Board public hearing,...more
Although the replacement for the Privacy Shield has garnered bigger headlines, the United States government also took another step towards a more coordinated international privacy framework by entering into the data access...more
On August 24, California Attorney General Rob Bonta announced a $1.2 million settlement with Sephora over allegations that the cosmetic retailer had violated the California Consumer Privacy Act (CCPA). This first public...more
With the CPRA set to become effective in a little more than three months, Ballard Spahr partners Phil Yannella and Greg Szewczyk discuss CPRA rule-making, the recent Sephora settlement, and outline key compliance steps that...more