On February 2, 2024, representatives from the European Union (EU) member states formally approved the final text of the EU Artificial Intelligence Act (the Act), which will be subject to final legislative approval in the...more
The AI executive order moves the U.S. closer to a broader unified approach on federal AI regulation, expanding on the AI Bill of Rights and NIST AI Risk Management Framework and focusing on the responsible development and...more
11/8/2023
/ Anti-Discrimination Policies ,
Artificial Intelligence ,
Biden Administration ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Defense Production Act ,
Department of Energy (DOE) ,
Department of Homeland Security (DHS) ,
ECOA ,
Executive Orders ,
Fair Credit Reporting Act (FCRA) ,
Fair Housing Act (FHA) ,
HUD ,
Infrastructure ,
National Security ,
NIST ,
OMB ,
Patent Trial and Appeal Board ,
Popular ,
Privacy Laws ,
Public Health ,
Risk Management ,
Security Standards ,
Technology Sector ,
U.S. Commerce Department
The Cybersecurity Administration of China ("CAC") and six other agencies jointly promulgated Interim Measures for the Administration of Generative Artificial Intelligence Services ("Generative AI Measures" or "Rules"), that...more
7/31/2023
/ Algorithms ,
Artificial Intelligence ,
China ,
Compliance ,
Consent ,
Corporate Counsel ,
Cybersecurity ,
Digital Service Providers ,
Intellectual Property Protection ,
Interim Rule ,
Labeling ,
Licensing Rights ,
Machine Learning ,
Personal Information ,
Research and Development ,
Technology Sector ,
Training
On April 11, 2023, the Department of Commerce, through the National Telecommunications and Information Administration (NTIA), issued a request for comments (RFC) on AI system accountability measures and policies. The “AI...more
The California Privacy Protection Agency ("CPPA" or "Agency") is seeking preliminary comments on proposed rulemaking for risk assessments and cybersecurity audits for higher-risk data processing activities, and consumer...more
On January 26, 2023, the National Institute of Standards and Technology (NIST) released the final version of its AI Risk Management Framework (RMF). ...more
The Federal Communications Commission ("FCC" or "Commission") has released its long-awaited Notice of Proposed Rulemaking ("NPRM") proposing to revise data breach reporting requirements for telecommunications carriers and...more
On September 28, 2022, the European Commission published its proposal for a directive to amend the existing European Union (EU) Product Liability Directive that provides a system for compensating people who suffer physical...more
In March 2022, the US and EU announced they had agreed in principle to a new Trans-Atlantic Data Privacy Framework (Framework) intended to simplify transfers of personal information. After months of waiting for the final...more
The Colorado Attorney General's Office has published its much-anticipated proposed rules (Proposed Rules) implementing the Colorado Privacy Act (CPA), which, as we discussed in an earlier blog post, was enacted on July 7,...more
The Office of the California Attorney General (OAG) announced on August 24, 2022, a settlement with Sephora, Inc., as part of a recent enforcement sweep of online retailers. OAG alleged Sephora violated the California...more
On August 18, the National Institute of Standards and Technology (NIST) released a second draft of its Artificial Intelligence Risk Management Framework (the Second Draft) for public comment. The first draft was released in...more
The Federal Trade Commission has formally launched a rulemaking proceeding that nominally is focused on consumer privacy issues, but actually raises significant questions about the impact of artificial intelligence/machine...more
On May 25, 2022, the European Commission announced the release of a new guidance document relating to standard contractual clauses (SCCs) and international data transfers. The guidance is included in a series of questions and...more
Update March 31, 2022: Utah Governor Spencer Cox signed the bill into law March 24, 2022.
With passage of the Utah Consumer Privacy Act (UCPA), Utah will become the fourth state to adopt omnibus consumer privacy...more
The California Office of Attorney General (OAG) on March 10, 2022, issued its first opinion interpreting the California Consumer Privacy Act (CCPA), addressing when businesses must disclose internally generated "inferences"...more
With passage of the Utah Consumer Privacy Act (UCPA), Utah will become the fourth state to adopt omnibus consumer privacy legislation—following California, Virginia, and Colorado— when Utah Governor Spencer Cox signs the...more
France's data protection authority (DPA), Commission Nationale de l'Informatique et des Libertés (CNIL), announced its ruling on February 10, 2022, that the use of Google Analytics by companies in the EU violates Article 44...more
Advances in artificial intelligence (AI) come with the promise of life-changing improvements in technologies such as smart buildings, autonomous vehicles, automated health diagnostics, and autonomous cybersecurity systems....more
Recent amendments to the State’s data breach statute give a hard deadline for a business to provide consumer notice, removes encryption safe harbor, exempts entities that are subject to the Health Insurance Portability and...more
4/21/2016
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Encryption ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Incident Response Plans ,
New Legislation ,
Notification Requirements ,
Personally Identifiable Information ,
Safe Harbors
As a privacy litigator, I could not help but observe an apparent contradiction in the way the Third Circuit allowed the FTC to pursue Wyndham Hotels for cybersecurity breaches under the FTC Act, but Judge Berman (SDNY)...more
9/11/2015
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Deflategate ,
Enforcement Actions ,
Federal Arbitration Act ,
Federal Trade Commission (FTC) ,
FTC v Wyndham ,
Hackers ,
New England Patriots ,
NFL ,
Tom Brady ,
Work Suspensions ,
Wyndham
In early September, Home Depot announced that it had suffered a severe security incident, which resulted in a massive data breach that exposed the payment card information of Home Depot customers across the United States and...more