As regulators worldwide continue to scrutinize the impact of AI on industries within their respective purviews, two key global agencies issued guidance in October 2024 that highlighted AI-based cybersecurity risks and best...more
10/30/2024
/ Artificial Intelligence ,
Banking Sector ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Financial Institutions ,
Financial Services Industry ,
Machine Learning ,
NYDFS ,
Risk Assessment ,
Risk Management
Late today the White House issued its Executive Order significantly enhancing the protection of Americans' bulk sensitive personal data from access by countries deemed as threats. It establishes a comprehensive framework to...more
On December 8, 2023, the EU announced that Parliament and Council negotiators “had reached a provisional agreement on the Artificial Intelligence Act.” Negotiators had been under pressure to resolve differences to maintain...more
Last week, the Securities and Exchange Commission (the “SEC”) proposed amendments to Regulation S-P (the “Proposal”) that would require registered investment advisers (“RIAs”), broker-dealers (“BDs”), investment companies...more
One internet search of the CCPA or the CPA reveals a plethora of articles outlining standard data protection requirements under those laws, from privacy notice requirements to new mandatory contractual provisions. But the...more
While there is no comprehensive, federal United States law governing privacy, there are several major state laws that are currently in place. To help our clients assess their compliance posture, we have published a quick,...more
3/16/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Personal Information ,
State Privacy Laws
In January of 2022, we recommended adding “updating privacy contracts” to your list of New Year’s resolutions. With 2023 around the corner and a number of new privacy laws and regulations going into effect, we have another...more
12/16/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Popular ,
State Privacy Laws
In our second installment of what privacy professionals should know before they start the summer, we provide you with highlights from the draft regulations from the California Privacy Protection Agency (“CPPA”) and...more
It’s been a blazing hot summer and privacy professionals have been sweating to keep up with all of the updates from the last few months. We all knew this was going to be a busy year with updating European data transfer...more
Connecticut’s new privacy law, an Act Concerning Personal Data Privacy and Online Monitoring, also known as the Connecticut Data Privacy Act (“CTDPA”), generally continues the pattern of non-California states enacting...more
State legislative activity kicked off with a frenetic pace in 2022 and it seemed that there would be a number of new comprehensive privacy laws this year. Surprisingly to some, many of those efforts in other states fizzled...more
Everybody is talking at you about ransomware, but you do not need to hear most of what they are saying, because they are talking about something they have not seen hundreds of times, so they have not been following the rapid...more
Although the California Consumer Privacy Act (“CCPA”) has been in effect since January 1, 2020 and subject to enforcement since July 1, 2020, it seemed until recently that compliance had been somewhat spotty. Well, it’s time...more
Most privacy eyes are currently focused on the new EU Model Clauses and forthcoming U.S. state laws that take effect in 2023. As the summer heats up, however, compliance professionals should look to the western U.S. states of...more
While all businesses have been grappling with cybersecurity challenges for years, cybersecurity has recently come into focus for retirement plans, health and welfare plans and other ERISA plans due to a new Department of...more
On November 3, 2020, California voters passed Proposition 24, the California Privacy Rights Act (“CPRA”).
The provision’s timeline is important to consider. The law would become effective on January 1, 2023 with enforcement...more
11/18/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Popular ,
Privacy Laws ,
Private Right of Action
Efforts to Delay the LGPD Fail -
As noted by our firm earlier this spring, Brazilian authorities have considered delaying the General Personal Data Protection Law’s (“Lei Geral de Proteção de Dados” or “LGPD”) effective...more
Any organization that relies on certification under the EU-U.S. Privacy Shield framework and/or entering into the Standard Contractual Clauses (“SCCs” or “Model Clauses”) to effectuate personal data transfers from the...more
7/22/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses
A recent federal district court decision underscores the importance of structuring breach investigations with the attorney work-product doctrine in mind. In In re Capital One Consumer Data Sec. Breach Litig., 2020 WL 3470261...more
With slightly less than one month before the July 1, 2020 enforcement date of the California Consumer Privacy Act (“CCPA”), California’s Attorney General announced on June 2, 2020 that he had submitted the proposed final...more
It’s us again, back with more operationally-focused pointers on the California Consumer Privacy Act (“CCPA”) now that the music has stopped once more and everybody is looking for a place to sit. On Friday February 7th, the...more
Amanda Witt represented the U.S. on an extraordinary panel in Dublin yesterday in which the participants – leaders in data protection from both sides of the Atlantic – learned from one another and from their national...more
When the smoke cleared from California’s privacy legislative battles that ended on September 13th, many were surprised to see another large alien life form snorting alongside the CCPA. AB 1202 requires the registration of...more
9/17/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Privacy ,
Data Security ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Registration Requirement
The privacy world has been abuzz about a great post on Brookings’ TechTank blog by Cameron Kerry and John Morris, Why data ownership is the wrong approach to protecting privacy. Poor Richard was impressed with its...more
Don’t worry about the new Nevada privacy law, SB 220 signed by the Governor last month, unless you’re selling personal information to a data broker, said no law firm whatsoever in its legal alert. At best they bury the lead,...more