The Tennessee Information Protection Act (TIPA) passed unanimously through both houses of the Tennessee legislature and was signed by Governor Bill Lee on May 11, 2023. Tennessee joins seven states in enacting a comprehensive...more
5/16/2023
/ Biometric Information ,
Consumer Privacy Rights ,
Controlled Substances Act ,
COPPA ,
Fair Credit Reporting Act (FCRA) ,
FERPA ,
Gramm-Leach-Blilely Act ,
HCQIA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
New Legislation ,
NIST ,
Noncompliance ,
Personal Information ,
State Privacy Laws ,
Title V
On April 27, 2023, Washington Governor Jay Inslee signed into law the My Health My Data Act (the "Act"), which will regulate the collection, use, and disclosure of "consumer health data" ("Consumer Health Data" or "CHD"). The...more
5/2/2023
/ Business Associates ,
Covered Entities ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Patient Privacy Rights ,
PHI ,
Private Right of Action
On April 11, 2023, the Department of Commerce, through the National Telecommunications and Information Administration (NTIA), issued a request for comments (RFC) on AI system accountability measures and policies. The “AI...more
Regulators, both in the United States and around the globe, are showing greater concern about the potential risks of using generative artificial intelligence (AI) systems for commercial and business purposes. The Federal...more
The California Privacy Protection Agency ("CPPA" or "Agency") is seeking preliminary comments on proposed rulemaking for risk assessments and cybersecurity audits for higher-risk data processing activities, and consumer...more
One can scarcely browse the internet without encountering a story on the use of Artificial Intelligence (AI) by businesses or websites. While recently most attention has focused on generative AI and the increasing use of chat...more
The FCC Broadband Data Taskforce recently released recommendations on best practices to submit bulk challenges to the Broadband Serviceable Location Fabric (BSL Fabric). The BSL Fabric is a dataset of geographic coordinates...more
On January 26, 2023, the National Institute of Standards and Technology (NIST) released the final version of its AI Risk Management Framework (RMF). ...more
The Federal Communications Commission ("FCC" or "Commission") has released its long-awaited Notice of Proposed Rulemaking ("NPRM") proposing to revise data breach reporting requirements for telecommunications carriers and...more
The FCC Broadband Data Task Force announced that the second Broadband Data Collection (BDC) filing window opened on January 3, 2023, and the required data submissions may be made at any time up until the deadline of March 1,...more
In late December, the New York City Department of Consumer and Worker Protection (DCWP or Department) issued revised rules to implement New York City Local Law 144 of 2021, which mandates bias audits of AI-enabled systems...more
On September 28, 2022, the European Commission published its proposal for a directive to amend the existing European Union (EU) Product Liability Directive that provides a system for compensating people who suffer physical...more
On September 28, 2022, the European Commission published its Proposal for an Artificial Intelligence Liability Directive. See European Commission, Proposal for a Directive on adapting non-contractual civil liability rules to...more
In March 2022, the US and EU announced they had agreed in principle to a new Trans-Atlantic Data Privacy Framework (Framework) intended to simplify transfers of personal information. After months of waiting for the final...more
The Colorado Attorney General's Office has published its much-anticipated proposed rules (Proposed Rules) implementing the Colorado Privacy Act (CPA), which, as we discussed in an earlier blog post, was enacted on July 7,...more
On August 29, 2022, the Federal Trade Commission (FTC) announced it had filed a complaint in Idaho federal district court against Kochava Inc., a data broker, seeking injunctive relief on account of alleged violations of...more
The Office of the California Attorney General (OAG) announced on August 24, 2022, a settlement with Sephora, Inc., as part of a recent enforcement sweep of online retailers. OAG alleged Sephora violated the California...more
On August 18, the National Institute of Standards and Technology (NIST) released a second draft of its Artificial Intelligence Risk Management Framework (the Second Draft) for public comment. The first draft was released in...more
The Federal Trade Commission has formally launched a rulemaking proceeding that nominally is focused on consumer privacy issues, but actually raises significant questions about the impact of artificial intelligence/machine...more
The Federal Trade Commission (FTC) may have just taken its first steps towards the creation of generally applicable federal privacy and security rules. On Aug. 11, 2022, the FTC published an advance notice of proposed...more
Following the U.S. Supreme Court's decision in Dobbs v. Jackson Women's Health Organization overruling Roe v. Wade, businesses and organizations that process personal data—including those outside the health or reproductive...more
Last week, the First Circuit issued a decision that could be destined for Supreme Court review, but that nonetheless will immediately impact the course of criminal defendants' Fourth Amendment rights, particularly concerning...more
On May 25, 2022, the European Commission announced the release of a new guidance document relating to standard contractual clauses (SCCs) and international data transfers. The guidance is included in a series of questions and...more
Update March 31, 2022: Utah Governor Spencer Cox signed the bill into law March 24, 2022.
With passage of the Utah Consumer Privacy Act (UCPA), Utah will become the fourth state to adopt omnibus consumer privacy...more
On March 16 and 17, 2022, the National Institute of Standards and Technology (NIST) released two documents as part of its effort to establish a voluntary framework for developing trustworthy and responsible artificial...more