General Background -
On May 17, 2024, Governor Jared Polis of Colorado enacted the Colorado Artificial Intelligence (AI) Act (CAIA), marking a significant milestone as what its sponsor calls a “chassis,” an initial...more
Late today the White House issued its Executive Order significantly enhancing the protection of Americans' bulk sensitive personal data from access by countries deemed as threats. It establishes a comprehensive framework to...more
On December 8, 2023, the EU announced that Parliament and Council negotiators “had reached a provisional agreement on the Artificial Intelligence Act.” Negotiators had been under pressure to resolve differences to maintain...more
Generative artificial intelligence (“GenAI”) and GenAI tools like ChatGPT have a significant opportunity to revolutionize how many organizations do business. GenAI tools allow users to brainstorm ideas, quickly generate...more
Background: The pandemic era ushered in exponential growth in the use of remote capabilities for all areas of life, with one of the most critical being the rise in telemedicine. Along with that expansion came an explosion in...more
Last week, the Securities and Exchange Commission (the “SEC”) proposed amendments to Regulation S-P (the “Proposal”) that would require registered investment advisers (“RIAs”), broker-dealers (“BDs”), investment companies...more
One internet search of the CCPA or the CPA reveals a plethora of articles outlining standard data protection requirements under those laws, from privacy notice requirements to new mandatory contractual provisions. But the...more
While there is no comprehensive, federal United States law governing privacy, there are several major state laws that are currently in place. To help our clients assess their compliance posture, we have published a quick,...more
3/16/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Personal Information ,
State Privacy Laws
In January of 2022, we recommended adding “updating privacy contracts” to your list of New Year’s resolutions. With 2023 around the corner and a number of new privacy laws and regulations going into effect, we have another...more
12/16/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Popular ,
State Privacy Laws
In our second installment of what privacy professionals should know before they start the summer, we provide you with highlights from the draft regulations from the California Privacy Protection Agency (“CPPA”) and...more
It’s been a blazing hot summer and privacy professionals have been sweating to keep up with all of the updates from the last few months. We all knew this was going to be a busy year with updating European data transfer...more
Connecticut’s new privacy law, an Act Concerning Personal Data Privacy and Online Monitoring, also known as the Connecticut Data Privacy Act (“CTDPA”), generally continues the pattern of non-California states enacting...more
State legislative activity kicked off with a frenetic pace in 2022 and it seemed that there would be a number of new comprehensive privacy laws this year. Surprisingly to some, many of those efforts in other states fizzled...more
Everybody is talking at you about ransomware, but you do not need to hear most of what they are saying, because they are talking about something they have not seen hundreds of times, so they have not been following the rapid...more
Although the California Consumer Privacy Act (“CCPA”) has been in effect since January 1, 2020 and subject to enforcement since July 1, 2020, it seemed until recently that compliance had been somewhat spotty. Well, it’s time...more
Most privacy eyes are currently focused on the new EU Model Clauses and forthcoming U.S. state laws that take effect in 2023. As the summer heats up, however, compliance professionals should look to the western U.S. states of...more
While all businesses have been grappling with cybersecurity challenges for years, cybersecurity has recently come into focus for retirement plans, health and welfare plans and other ERISA plans due to a new Department of...more
Virginia knocked off California’s crown as the only U.S. state to have a comprehensive, general consumer privacy law when Governor Ralph Northam signed the Virginia Consumer Data Protection Act (“CDPA”) into law on March 2,...more
On November 3, 2020, California voters passed Proposition 24, the California Privacy Rights Act (“CPRA”).
The provision’s timeline is important to consider. The law would become effective on January 1, 2023 with enforcement...more
11/18/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Popular ,
Privacy Laws ,
Private Right of Action
On Tuesday September 29, 2020, the California Governor signed AB 1281, which extends the CCPA’s personnel and “business communications” exceptions’ effective period for one additional year. Those exceptions were set to sunset...more
Efforts to Delay the LGPD Fail -
As noted by our firm earlier this spring, Brazilian authorities have considered delaying the General Personal Data Protection Law’s (“Lei Geral de Proteção de Dados” or “LGPD”) effective...more
With uncertainty surrounding efforts in the Senate to enact broad COVID-19-related immunity for all schools, colleges, charities and businesses in the Phase 4 Coronavirus relief act, the “HEALS Act,” organizations still need...more
A significant challenge for reopening the economy and returning to “normalcy” during the COVID-19 pandemic is addressing whether, when, and how schools and colleges will open this fall. As with the initial shelter-in-place...more
7/28/2020
/ Americans with Disabilities Act (ADA) ,
Coronavirus/COVID-19 ,
Distance Learning ,
Educational Institutions ,
Equal Employment Opportunity Commission (EEOC) ,
Families First Coronavirus Response Act (FFCRA) ,
Infectious Diseases ,
Public Health ,
School Closures ,
School Districts ,
State and Local Government
Any organization that relies on certification under the EU-U.S. Privacy Shield framework and/or entering into the Standard Contractual Clauses (“SCCs” or “Model Clauses”) to effectuate personal data transfers from the...more
7/22/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses
A recent federal district court decision underscores the importance of structuring breach investigations with the attorney work-product doctrine in mind. In In re Capital One Consumer Data Sec. Breach Litig., 2020 WL 3470261...more