On November 8, 2024, the California Privacy Protection Agency (CPPA) Board voted to adopt new regulations for data broker registration requirements. The CPPA Board also voted to advance proposed rules for insurance companies,...more
11/25/2024
/ Automated Decision Systems (ADS) ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Brokers ,
Data Privacy ,
Electronic Payment Transactions ,
Goods or Services ,
Minors ,
Mobile Apps ,
Mobile Health Apps ,
Wire Transfers
We continue to learn more about the courts’ perspective on claims under the California Information Privacy Act (“CIPA”). Last month, in Moody v. C2 Educational Systems Inc., the U.S. District Court for the Central District of...more
9/6/2024
/ CIPA ,
Cookies ,
Corporate Counsel ,
Data Collection ,
Electronic Communications ,
Electronic Monitoring ,
IP Addresses ,
TikTok ,
Tracking Systems ,
Websites ,
Wiretapping
The California Privacy Protection Agency (CPPA) Board met last week to discuss the latest updates on California Consumer Privacy Act (CCPA) draft regulations for cybersecurity audits, risk assessments, automated...more
On May 9, 2024, Paul Hastings participated in a panel on litigation trends and risk management at this spring’s Privacy+Security Forum. Panelists included Carter Simpson (Partner, Paul Hastings) and Matt Gardner (Senior...more
On May 8, 2024, Paul Hastings hosted the Cybersecurity Law Workshop at this spring’s Privacy + Security Forum featuring a panel on cybersecurity insurance trends and insights. The panel was moderated by Paul Hastings’ David...more
On May 8, 2024, Paul Hastings Hosted the Cybersecurity Law Workshop at this spring’s Privacy + Security Forum with a panel on cybersecurity regulatory trends and recent developments. The panel was moderated by Paul Hastings...more
On May 8, 2024, Paul Hastings Hosted the Cybersecurity Law Workshop at this spring’s Privacy + Security Forum with a panel on perspectives from cybersecurity regulators. The panel was moderated by Paul Hastings Global Chair...more
Two key members of Congress unveiled the latest iteration of a proposed nationwide comprehensive privacy and data protection bill this past week. House Energy and Commerce Chair Cathy McMorris Rodgers (R-WA) and Senate...more
4/12/2024
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Brokers ,
Data Privacy ,
Enforcement ,
Federal Trade Commission (FTC) ,
FTC Act ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Legislative Agendas ,
Privacy Laws ,
Proposed Legislation ,
Third-Party ,
Transparency
Last week, Paul Hastings attended the Securities and Exchange Commission (SEC) Speaks 2024 event presented by the Practising Law Institute (PLI) in cooperation with the SEC on April 1 and 2. The SEC Speaks program provides...more
4/9/2024
/ Artificial Intelligence ,
Corporate Governance ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Disclosure Requirements ,
Due Diligence ,
Form 10-K ,
Form 8-K ,
Information Technology ,
NASA ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (“CISA”) released proposed regulations requiring expansive new cybersecurity incident and ransomware payment reporting across sixteen “critical...more
4/2/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Security ,
Department of Defense (DOD) ,
DFARS ,
Federal Information Security Modernization Act (FISMA) ,
Healthcare ,
Information Technology ,
NERC ,
Popular ,
Proposed Regulation ,
Ransomware ,
Reporting Requirements ,
Water
The Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently announced a settlement under the Health Insurance Portability and Accountability Act (HIPAA) with Green Ridge Behavioral Health, LLC...more
3/5/2024
/ Civil Rights Act ,
Cyber Attacks ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Popular ,
Ransomware ,
Risk Assessment ,
Risk Management
The number of large data breaches, those involving 500 or more people, exposing protected health information has increased exponentially in the last few years, and ransomware and hacking are the primary cyber threats in...more
2/28/2024
/ Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Popular ,
Risk Assessment ,
Risk Management
The Federal Trade Commission (FTC) released a Notice of Proposed Rulemaking (“NPRM”) on December 20, 2023 that proposes changes to the Children’s Online Privacy Protection Act Rule (“COPPA Rule”). COPPA, in effect since 2000,...more
On July 26 2023, the Securities and Exchange Commission (SEC) adopted final rules intended to enhance and standardize disclosures of cybersecurity risk management, strategy, governance, and incident reporting by public...more
On December 14, 2023, Erik Gerding, Director, Division of Corporation Finance at the Securities and Exchange Commission (“SEC”) gave a speech on the SEC’s final rules (the “Final Rule(s)”) regarding cybersecurity risk...more
1/9/2024
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
FBI ,
Form 10-K ,
Form 8-K ,
Incident Response Plans ,
Popular ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC)
On November 27 2023, the California Privacy Protection Agency (“CPPA”) released the first draft of its automated decision-making (“ADMT”) rules (the “Draft Rules”) for those covered entities that must comply with the...more