The Department of Justice’s National Security Division (NSD) released several documents on April 11, 2025, to assist entities that must comply with the Final Rule regulating or prohibiting the transfer of bulk U.S. sensitive...more
Three months into 2025, there appears to be no slowdown in the flood of privacy legislation being considered and enacted by both Congress and state legislatures. Since the California Consumer Privacy Protection Act was passed...more
3/28/2025
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Data Privacy ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Online Safety for Children ,
Privacy Laws ,
Proposed Legislation ,
State Legislatures ,
State Privacy Laws
On February 21, 2025, Dubai-based Bybit, one of the world’s leading cryptocurrency exchanges, suffered a massive security breach, resulting in the loss of approximately $1.5 billion in Ethereum (ETH). The incident, which is...more
3/14/2025
/ Anti-Money Laundering ,
Cryptocurrency ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Digital Assets ,
Financial Crimes ,
National Security ,
Popular ,
Regulatory Oversight ,
Securities and Exchange Commission (SEC)
On February 10, 2025, the first class action complaint was filed under Washington state’s My Health My Data Act (“MHMDA”), over a year after the law was passed. See Maxwell v. Amazon.com, Inc. et al., Case No. 2:25-cv-261...more
Two weeks into a new presidential administration, action from the White House and new leadership at federal agencies is starting to have an impact on privacy and security issues. It is not uncommon for new administrations to...more
Paul Hastings released its SEC Cyber Incident Disclosure Report today, providing a unique look at how public companies have responded to new incident disclosure requirements. The Securities Exchange Commission (SEC) approved...more
12/19/2024
/ Compliance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 10-K ,
Form 10-Q ,
Form 8-K ,
Publicly-Traded Companies ,
Ransomware ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Whistleblowers
The Department of Justice (DOJ) recently raised the stakes for businesses under investigation who use artificial intelligence (AI). The Evaluation of Corporate Compliance Program (ECCP) outlines the criteria to be considered...more
The Swiss-U.S. Data Privacy Framework (Swiss-U.S. Framework) took a significant step to becoming operational this week, when Switzerland officially added the United States to its list of countries that provide “adequate...more
The Biden administration announced this week that it expects to release guidance in the future regarding the use of chatbots on company websites. As part of the “Time is Money” initiative to improve and streamline consumer...more
The California Privacy Protection Agency (CPPA) Board met last week to discuss the latest updates on California Consumer Privacy Act (CCPA) draft regulations for cybersecurity audits, risk assessments, automated...more
HHS announced modifications last week to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule, that will strengthen privacy protections for reproductive health care information. The Final...more
Two key members of Congress unveiled the latest iteration of a proposed nationwide comprehensive privacy and data protection bill this past week. House Energy and Commerce Chair Cathy McMorris Rodgers (R-WA) and Senate...more
4/12/2024
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Brokers ,
Data Privacy ,
Enforcement ,
Federal Trade Commission (FTC) ,
FTC Act ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Legislative Agendas ,
Privacy Laws ,
Proposed Legislation ,
Third-Party ,
Transparency
In just a few short weeks, a new front may emerge for biometrics litigation in the United States. On March 31, 2024, the My Health My Data Act (“MHMDA”) will go into effect in Washington for most entities that conduct...more
3/12/2024
/ Biometric Information ,
Consent ,
Consumer Protection Laws ,
Data Collection ,
Data Privacy ,
Data Sellers ,
Data-Sharing ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PHI ,
Privacy Policy ,
Right to Delete ,
Washington
The National Institute of Standards and Technology released an updated version of its Cybersecurity Framework, CSF 2.0. earlier this week. The CSF, initially launched in 2014, is a tool developed by NIST to help private...more
The Federal Trade Commission (FTC) released a Notice of Proposed Rulemaking (“NPRM”) on December 20, 2023 that proposes changes to the Children’s Online Privacy Protection Act Rule (“COPPA Rule”). COPPA, in effect since 2000,...more
Securities and Exchange Commission (SEC) rules regarding cyber incident reporting and cybersecurity risk management, strategy, and governance, officially went into effect this week for most public companies....more
On November 27 2023, the California Privacy Protection Agency (“CPPA”) released the first draft of its automated decision-making (“ADMT”) rules (the “Draft Rules”) for those covered entities that must comply with the...more
New reporting obligations for covered entities under New York Department of Financial Services (NYDFS) Part 500 Cybersecurity Regulations went into effect on December 1, 2023. These new requirements are one portion of the...more
The New York Department of Financial Services (NYDFS) adopted a long-expected amendment to its Part 500 Cybersecurity Regulations (Part 500) this week. These are the first significant changes to Part 500 since its inception...more
The Federal Trade Commission (the “FTC”) approved last week an amendment to its Safeguards Rule that will institute new data breach notification requirements for non-bank financial institutions....more
California Governor Gavin Newsom signed the Delete Act this week. The new law, passed by the legislature last month, revises the California Consumer Privacy Act by making it easier for residents to submit universal requests...more
10/12/2023
/ Audits ,
California ,
California Privacy Protection Agency (CPPA) ,
Data Brokers ,
Disclosure Requirements ,
Duty to Delete ,
Fair Credit Reporting Act (FCRA) ,
Governor Newsom ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
Personal Data
The SEC’s Cybersecurity Risk Management Strategy, Governance, and Incident Disclosure Rules were officially published in the Federal Register on August 4, 2023 and go into effect on September 5, 2023....more
On July 26, 2023, the U.S. Securities and Exchange Commission adopted enhanced disclosure requirements regarding cybersecurity risk management, strategy, governance and incident reporting for public companies. The final rules...more
The New York Department of Financial Services (“NYDFS”) released a “revised proposed second amendment” on June 28 that makes further changes to its Cybersecurity Regulation (“23 NYCRR Part 500”). Part 500 was first enacted in...more
Based on recent changes to its rulemaking agenda, the Securities Exchange Commission has postponed the much anticipated release of its final rules for Cybersecurity Risk Management, Strategy, Governance and Incident...more