On January 16, 2025, the Federal Trade Commission (FTC) issued a Final Rule updating the Children’s Online Privacy Protection (COPPA) Rule, significantly expanding compliance obligations for online services that collect, use,...more
The Department of Justice’s (DOJ) final rule implements President Biden’s Executive Order 14117 of February 28, 2024, on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data...more
2/24/2025
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Due Diligence ,
Executive Orders ,
Final Rules ,
Food and Drug Administration (FDA) ,
Foreign Entities ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
National Security ,
NIST ,
Personal Data ,
Sensitive Personal Information
The Department of Justice’s (DOJ) final rule implements President Biden’s Executive Order 14117 of February 28, 2024, on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data...more
2/20/2025
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Executive Orders ,
Final Rules ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
National Security ,
Regulatory Requirements ,
Sensitive Personal Information
On January 17, 2025, days before the inauguration, former President Joe Biden issued an executive order titled Strengthening and Promoting Innovation in the Nation's Cybersecurity (EO 14144). Building on previous efforts,...more
1/22/2025
/ Artificial Intelligence ,
China ,
Cybersecurity ,
Data Protection ,
Data Security ,
Executive Orders ,
Infrastructure ,
Internet of Things ,
National Security ,
Risk Management ,
Supply Chain
During the course of any lending transaction, lenders will conduct a due diligence review of the borrower, including reviewing any relevant “know-your-customer” information. In the context of a fund finance transaction, this...more
10/10/2024
/ Borrowers ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Due Diligence ,
EU ,
Financial Institutions ,
Firewalls ,
General Data Protection Regulation (GDPR) ,
Investors ,
Lenders ,
Multi-Factor Authentication ,
SaaS
On April 24, 2024, President Biden signed into law H.R. 815, a national security and foreign aid package which includes the “Protecting Americans’ Data from Foreign Adversaries Act of 2024” (“PADFA”). The Act establishes new...more
On April 4, 2024, Kentucky became the fifteenth state to enact a comprehensive data privacy law, with Governor Andy Beshear signing the Kentucky Consumer Data Protection Act (KCDPA) into law. The Kentucky law will go into...more
6/3/2024
/ Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Fair Credit Reporting Act (FCRA) ,
FERPA ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-In ,
Popular ,
Right of Access ,
Sensitive Personal Information ,
State Data Privacy Laws
In September 2023, Delaware became the seventh state in 2023 to enact comprehensive privacy law with the Delaware Personal Data Privacy Act (DPDPA), joining Indiana, Iowa, Montana, Oregon, Tennessee and Texas. The DPDPA will...more
5/14/2024
/ Consumer Privacy Rights ,
Covered Entities ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Data Security ,
EU ,
Exemptions ,
General Data Protection Regulation (GDPR) ,
Legislative Agendas ,
New Legislation ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
State and Local Government ,
State Privacy Laws
On January 16, 2024, New Jersey became the first state to enact a comprehensive data privacy law in the new year, with Gov. Phil Murphy (D-NJ) signing the New Jersey Privacy Act (NJPA) (SB 332) into law. The New Jersey law...more
2/14/2024
/ Confidential Information ,
Consent ,
Data Collection ,
Data Protection ,
Data Security ,
DPPA ,
EU ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Minors ,
New Jersey ,
Opt-In ,
Opt-Outs ,
Sensitive Personal Information ,
State Privacy Laws ,
Subcontractors
On February 1, 2024, the Federal Trade Commission (FTC) announced that it had reached a proposed settlement with that would require Blackbaud Inc. (“Blackbaud”) to delete personal data it does not need to retain and upgrade...more
2/7/2024
/ Certifications ,
Cyber Attacks ,
Cyber Incident Reporting ,
Data Deletion ,
Data Management ,
Data Protection ,
Data Retention ,
Data Security ,
Federal Trade Commission (FTC) ,
Personal Data ,
Ransomware ,
Settlement ,
Third-Party
On November 1, 2023, the New York Department of Financial Services (NYDFS) announced the adoption of amendments to its Cybersecurity Regulation 23 NYCRR Part 500 (“Amended Cybersecurity Rules” or “Amended Rules”). NYDFS...more
12/20/2023
/ Banks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
NYDFS ,
Popular ,
Ransomware ,
Regulatory Requirements ,
Risk Management
On May 11, 2023, Tennessee joined the rapidly growing ranks of U.S. states to enact a comprehensive data privacy law as Gov. Bill Lee (R-TN) signed the Tennessee Information Protection Act (TIPA) into law. Taking effect July...more
In a policy statement released on May 18, 2023, the Federal Trade Commission (FTC) warned of several consumer data privacy risks related to the increasing commercial use of biometrics technologies. The Commission unanimously...more
As state-level data protection legislation steadily expands, one of the country’s early comprehensive privacy laws to be enacted, the Connecticut Data Privacy Act (CTDPA), will take effect on July 1, 2023. The CTDPA imposes...more
On May 25, 2023, the New York Department of Financial Services (NYDFS) announced that OneMain Financial Group (OneMain) will pay a $4.25 million fine pursuant to a consent order to settle alleged violations of NYDFS’s...more
On May 4, 2023, an Idaho federal judge ruled that the Federal Trade Commission (FTC) needs stronger assertions of consumer harm in order for its data privacy suit against data broker/mobile analytics provider Kochava Inc....more
The U.S. Department of Health and Human Services (HHS) continues to play a central role in helping health care organizations defend against cybersecurity threats, issuing cybersecurity briefs and a new cybersecurity framework...more
On March 15, 2023, the Colorado Attorney General (AG) finalized its set of regulations implementing the Colorado Privacy Act (CPA) – the Colorado Privacy Act Rules (“Colorado Rules”). The Colorado Rules clarify and expand...more
On April 19, 2023, the New York Attorney General (AG) published “Protecting Consumer’s Personal Information: Tips for Businesses to Keep Data Safe and Secure,” outlining data security best practices based on the AG’s...more
On March 30, 2023, the California Privacy Protection Agency (CPPA) announced that the California Office of Administrative Law (OAL) has approved the CPPA’s regulations and filed them with the Secretary of State, completing...more
On March 15, 2023, the U.S. Securities and Exchange Commission (SEC) voted to propose three measures to protect customer information and hold covered institutions accountable for cyberattacks....more