The new Department of Justice (DOJ) Data Security Program (DSP) took effect on April 8....more
4/17/2025
/ Corporate Counsel ,
Covered Person ,
Cybersecurity ,
Data Brokers ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Due Diligence ,
New Guidance ,
Penalties ,
Risk Management
Under the Department of Justice’s (DOJ) “Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons” rules (the Rules), allowing access outside the United States...more
4/4/2025
/ China ,
Data Security ,
Department of Justice (DOJ) ,
Economic Sanctions ,
Enforcement ,
Final Rules ,
National Security ,
New Regulations ,
Personal Data ,
Regulatory Reform ,
Russia ,
Trump Administration
A groundbreaking new regulatory regime, imposing rules unlike any in existing U.S. law, may surprise many companies due to its sudden adoption and complexity. This article tries to simplify the changing regulatory landscape,...more
2/19/2025
/ China ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Federal Trade Commission (FTC) ,
Final Rules ,
Foreign Adversaries ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
International Data Transfers ,
National Security ,
Protecting Americans Data from Foreign Adversaries Act (PADFA) ,
Regulatory Reform ,
Regulatory Requirements
NIST Publishes Report on the Cybersecurity of Genomic Data. On December 20, 2023, the NIST National Cybersecurity Center of Excellence (NCCoE) published Final NIST IR 8432, Cybersecurity of Genomic Data. Informed by direction...more
2/13/2024
/ Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
Consumer Financial Products ,
Consumer Fraud ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
NIST ,
Personal Information ,
Personally Identifiable Information ,
Popular ,
Putative Class Actions
On January 16, New Jersey Governor Phil Murphy signed S332 (the act), making New Jersey the first state in 2024 to enact a comprehensive privacy law. Several other states are currently considering similar comprehensive...more
1/26/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Technology ,
New Jersey ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Reform ,
State Data Privacy Laws
On October 27, the Federal Trade Commission (FTC) announced a final rule amending the Standards for Safeguarding Customer Information (Safeguards Rule) under the Gramm-Leach-Bliley Act. The Safeguards Rule requires nonbanking...more
Editor’s Note: As the summer months come to an end, there has been no shortage of privacy news and updates. Oregon signed both a comprehensive privacy law and data broker law, and the SEC adopted new rules regarding the...more
9/15/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Fingerprints ,
Popular ,
Securities and Exchange Commission (SEC)
Editor’s Note: Montana became the latest state to pass a comprehensive privacy bill, joining California, Virginia, Colorado, Connecticut, Utah, and Tennessee. Florida, too, passed a privacy bill, but with a much narrower...more
6/21/2023
/ Biometric Information ,
Consumer Privacy Rights ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
New Legislation ,
Popular ,
Regulatory Reform ,
State Data Privacy Laws
On April 27, the state of Washington enacted the My Health My Data Act (MHMDA), a comprehensive health privacy law that imposes broad restrictions on how “consumer health data” can be used by companies doing business in the...more
In recent months, there has been an explosion of artificial intelligence tools that have given even technophobes an opportunity to test AI’s power from the comfort of their favorite web browser.
Originally published in...more
Editor’s Note: Iowa became the sixth state in the nation to enact a comprehensive privacy law, and California’s latest privacy regulations came into effect. At the federal level, Congress experienced a leak of sensitive...more
Recently, the Iowa Legislature sent a bill to Iowa Governor Kim Reynolds for her signature that would make Iowa the sixth state to enact a comprehensive privacy law. The Iowa Senate unanimously passed Senate File 262 (SF 262)...more
Editor’s Note: The U.S. Marshals Service suffered a data breach, demonstrating that no one is immune from such an occurrence. In regulatory news, government agencies remained focused on privacy, as the SEC proposed amendments...more
On Oct. 17 and again on Nov. 3, the California Privacy Protection Agency, or CPPA, modified the text of the proposed regulations implementing the California Privacy Rights Act, or CPRA.
Originally published in Law360 on...more
Editor’s Note: In regulatory news, the Federal Trade Commission extended the deadline to comply with the Safeguards Rule, and Health and Human Services issued guidance for the use of online tracking technology under HIPAA. In...more
Editor’s Note: The California Privacy Protection Agency released amendments to its draft regulations, and the Consumer Finance Protection Bureau contemplates rulemaking on sharing financial data. In U.S. litigation, the first...more
Editor’s Note: In the U.S. laws and regulation space, the White House is focusing on privacy, evident through its session on accountability for big tech and the recent executive order highlighting cybersecurity risks....more
10/18/2022
/ Biometric Information ,
Biometric Information Privacy Act ,
CFIUS ,
COPPA ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
GAO ,
Popular ,
Proposed Regulation
Exemption Extensions Failed. On August 31, California's legislature ended its 2022 session without adopting legislation to extend the California Consumer Privacy Act (CCPA) employee and business-to-business (B2B) personal...more
With the notice and cure set to expire on January 1, 2023, California Attorney General Rob Bonta (CA AG) provided a glimpse at what to expect with its first settlement of alleged violations of the California Consumer Privacy...more
9/1/2022
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Privacy Laws ,
Sephora ,
Statutory Violations
On August 11, the Consumer Financial Protection Bureau (CFPB) published a circular, answering the question “Can entities violate the prohibition on unfair acts or practices in the Consumer Financial Protection Act (CFPA) when...more
Editor’s Note: In the U.S. laws and regulation space, federal lawmakers continued to push the American Data Privacy and Protection Act forward, and the FTC pledged to enforce the law against the illegal use of highly...more
Background on the PIPL Security Assessment. On July 7, China’s top regulator, the Cyberspace Administration of China (CAC), released the final version of the Measures for Security Assessment of Data Exports (Security...more
Editor’s Note: In the U.S. laws and regulation space, federal lawmakers formally introduced bipartisan comprehensive federal privacy legislation titled, the American Data Privacy and Protection Act. Meanwhile, California...more
The California Privacy Rights Act (CPRA) established the California Privacy Protection Agency (CPPA), and requires the CPPA to adopt, amend, and rescind regulations on 22 topics — including, among other things, definitions,...more
The California Privacy Rights Action (CPRA) will significantly impact how entities process personal information requiring covered businesses to review and update their existing vendor agreements. The CPRA also includes...more