CPRA Regulations Delayed. On June 29, 2023, two days before enforcement of the California Consumer Privacy Act (CCPA) was to begin, a Sacramento Superior Court issued a temporary injunction, enjoining enforcement of newly...more
Editor’s Note: Texas, Oregon, and Delaware became the latest states to pass a comprehensive privacy bill, while the CPRA, Connecticut, and Colorado’s privacy laws came into force. In the litigation world, the FTC filed an...more
7/20/2023
/ California Privacy Rights Act (CPRA) ,
Data Breach ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
Personal Data ,
Popular ,
Securities and Exchange Commission (SEC) ,
Small Business ,
State Data Privacy Laws
Background -
On July 1, an amendment to the Florida Electronic Health Records Exchange Act (the Act) will go into effect. The Act focuses on information safety and sets forth stringent requirements that prohibit health...more
Editor’s Note: Montana became the latest state to pass a comprehensive privacy bill, joining California, Virginia, Colorado, Connecticut, Utah, and Tennessee. Florida, too, passed a privacy bill, but with a much narrower...more
6/21/2023
/ Biometric Information ,
Consumer Privacy Rights ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
New Legislation ,
Popular ,
Regulatory Reform ,
State Data Privacy Laws
Editor’s Note: Indiana became the latest state to enact a comprehensive privacy law, with Montana and Tennessee close behind. Washington passed sweeping legislation — the My Health My Data Act — which included a private right...more
Online Tracking Technologies and HIPAA. In December 2022, the Department of Health and Human Services Office for Civil Rights (OCR) published a bulletin on the use of online tracking technologies (e.g., cookies or web...more
On April 27, the state of Washington enacted the My Health My Data Act (MHMDA), a comprehensive health privacy law that imposes broad restrictions on how “consumer health data” can be used by companies doing business in the...more
In recent months, there has been an explosion of artificial intelligence tools that have given even technophobes an opportunity to test AI’s power from the comfort of their favorite web browser.
Originally published in...more
Editor’s Note: Iowa became the sixth state in the nation to enact a comprehensive privacy law, and California’s latest privacy regulations came into effect. At the federal level, Congress experienced a leak of sensitive...more
Artificial intelligence (AI) has captured the imagination and generated excitement with consumers and businesses, but at the same time, developments in AI have also raised public concerns and spawned regulation that sometimes...more
Recently, the Iowa Legislature sent a bill to Iowa Governor Kim Reynolds for her signature that would make Iowa the sixth state to enact a comprehensive privacy law. The Iowa Senate unanimously passed Senate File 262 (SF 262)...more
Editor’s Note: The U.S. Marshals Service suffered a data breach, demonstrating that no one is immune from such an occurrence. In regulatory news, government agencies remained focused on privacy, as the SEC proposed amendments...more
On Oct. 17 and again on Nov. 3, the California Privacy Protection Agency, or CPPA, modified the text of the proposed regulations implementing the California Privacy Rights Act, or CPRA.
Originally published in Law360 on...more
“Stranger Things” has made many of us think back on the days when we waited at Blockbuster to pick the latest release of our favorite movies, sometimes at the return dropbox. And the use of the term “Borked” has probably not...more
Editor’s Note: In regulatory news, the Federal Trade Commission extended the deadline to comply with the Safeguards Rule, and Health and Human Services issued guidance for the use of online tracking technology under HIPAA. In...more
Editor’s Note: The California Privacy Protection Agency released amendments to its draft regulations, and the Consumer Finance Protection Bureau contemplates rulemaking on sharing financial data. In U.S. litigation, the first...more
Editor’s Note: In the U.S. laws and regulation space, the White House is focusing on privacy, evident through its session on accountability for big tech and the recent executive order highlighting cybersecurity risks....more
10/18/2022
/ Biometric Information ,
Biometric Information Privacy Act ,
CFIUS ,
COPPA ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
GAO ,
Popular ,
Proposed Regulation
On September 15, 2022, California Governor Gavin Newsom signed Assembly Bill 2273 — the California Age-Appropriate Design Code Act (ADCA) — into law. Inspired by the United Kingdom’s (U.K.) Age-Appropriate Design Code, the...more
Don't Hyperventilate. There are new United Kingdom (UK), European Union (EU), U.S., and global regulatory requirements that just went into effect or will be effective before or soon after year-end that will impact contracts...more
Exemption Extensions Failed. On August 31, California's legislature ended its 2022 session without adopting legislation to extend the California Consumer Privacy Act (CCPA) employee and business-to-business (B2B) personal...more
With the notice and cure set to expire on January 1, 2023, California Attorney General Rob Bonta (CA AG) provided a glimpse at what to expect with its first settlement of alleged violations of the California Consumer Privacy...more
9/1/2022
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Privacy Laws ,
Sephora ,
Statutory Violations
On July 29, New York State’s Department of Financial Services (NYDFS) released draft amendments (Draft Amendments) to its Part 500 Cybersecurity Regulation for financial service companies that, among others things: (1)...more
On August 11, the Consumer Financial Protection Bureau (CFPB) published a circular, answering the question “Can entities violate the prohibition on unfair acts or practices in the Consumer Financial Protection Act (CFPA) when...more
Editor’s Note: In the U.S. laws and regulation space, federal lawmakers continued to push the American Data Privacy and Protection Act forward, and the FTC pledged to enforce the law against the illegal use of highly...more
Background on the PIPL Security Assessment. On July 7, China’s top regulator, the Cyberspace Administration of China (CAC), released the final version of the Measures for Security Assessment of Data Exports (Security...more