When Colorado enacted the Colorado Privacy Act (CPA), it included “biometric data that may be processed for the purpose of uniquely identifying an individual.” However, the CPA as originally drafted did not cover the personal...more
In 2021, the Department of Labor (DOL) issued cybersecurity guidance for ERISA-covered retirement plans. The guidance expands the duties retirement plan fiduciaries have when selecting service providers. Specifically, the DOL...more
Last year the White House weighed in on the use of artificial intelligence (AI) in businesses. Since the executive order, several government entities including the Department of Labor have released guidance on the use of AI....more
Enacting what is perhaps the first comprehensive regulation of artificial intelligence (AI) at the state level in the United States, Colorado’s governor signed the Artificial Intelligence Act, Senate Bill (SB) 24-205, on May...more
5/21/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Bias ,
Colorado ,
Department of Labor (DOL) ,
Equal Employment Opportunity Commission (EEOC) ,
Healthcare ,
Lenders ,
New Regulations ,
Risk Management ,
Software Developers
As reported by CNN, a high school principal in Pikesville, Maryland, found his life and career turned upside down when in January a recording suggesting the principal made racially insensitive and antisemitic remarks went...more
On April 22, 2024, the federal Department of Health and Human Services’ Office for Civil Rights (OCR) announced a final rule enhancing privacy protections relating to reproductive health care. Specifically, the final rule...more
“Cybersecurity” has emerged as one of top risks facing organizations. Considering the steady stream of massive data breaches affecting millions (sometimes billions), the debilitating effects of ransomware on an organization’s...more
4/11/2024
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
FERPA ,
General Data Protection Regulation (GDPR) ,
Genetic Testing ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
Ransomware ,
Tracking Systems
On April 4, 2024, Kentucky’s Governor signed House Bill 15, which establishes a consumer data privacy law for the state. The state joins New Hampshire and New Jersey in passing comprehensive consumer privacy laws in 2024....more
In what is being called the American Privacy Rights Act (Act), some are suggesting this could be the one! For many years, Congress has been unable to come together to craft a national privacy law. There have been several...more
A manager texting one of his drivers who covered the truck’s inward facing camera while stopping for lunch – “you can’t cover the camera it’s against company rules” – is not unlawful under the National Labor Relations Act...more
The California Privacy Protection Agency (CPPA) issued its first enforcement advisory concerning the California Consumer Privacy Act (CCPA). In Enforcement Advisory No. 2024-01, the CPPA tackles a foundational principle –...more
As organizations continue to take steps to prevent cyberattacks, a near-universal recommendation is that they should implement multi-factor authentication (MFA), and for good reason. Organizations subject to the updated FTC...more
On Wednesday, March 13, 2024, Members of European Parliament endorsed the Artificial Intelligence Act (“AI Act”), with 523 votes in favor, 46 against, and 49 abstentions. This is the world’s first comprehensive AI law and...more
The explosion of generative AI has spawned a wide range of personal and professional tools and applications. One noteworthy (no pun intended) example of those tools and applications is notetakers that can capture, transcribe,...more
On March 6, 2024, New Hampshire’s Governor signed Senate Bill 255, which establishes a consumer data privacy law for the state. The Granite State joins the myriad of state consumer data privacy laws. It is the second state in...more
3/7/2024
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Corporate Counsel ,
Data Controller ,
Data Privacy ,
Governor Sununu ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
Personal Data ,
State Privacy Laws
On February 28, 2024, President Biden issued an Executive Order (EO) seeking to protect the sensitive personal data of Americans from potential exploitation by particular countries. The EO acknowledges that access to...more
3/6/2024
/ Artificial Intelligence ,
Cyber Crimes ,
Cybersecurity ,
Data Transfers ,
Department of Health and Human Services (HHS) ,
Department of Veterans Affairs ,
Executive Orders ,
Exploitation ,
National Security ,
Secretary of Defense ,
Sensitive Personal Information
On February 13, 2024, Nebraska’s Governor signed Legislative Bill 308, which enacts additional consumer protections for consumers in the state. It is similar to another genetic information law passed by Montana last year. ...more
In 2023, a California superior court halted enforcement of any final California Privacy Protection Agency regulation implemented until a period of 12 months from the date that individual regulations became final. Based on the...more
For healthcare providers and health systems covered by the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), a breach of unsecured protected health information (PHI)...more
1/29/2024
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Mining ,
Data Protection ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
PHI ,
Subcontractors ,
Vendors
To celebrate Data Privacy Day (January 28), we present our top ten data privacy and cybersecurity predictions for 2024.
1. AI regulations to protect data privacy.
Automated decision-making tools, smart cameras, wearables,...more
1/29/2024
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
Biometric Information Privacy Act ,
Class Action ,
COPPA ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Online Safety for Children ,
Popular ,
Risk Assessment ,
Risk Management ,
State Privacy Laws ,
Web Tracking
On January 16, 2024, New Jersey’s Governor signed Senate Bill (SB) 332, which establishes a consumer data privacy law for the state. New Jersey becomes the 13th state to pass a consumer data consumer privacy law. The law...more
Phishing has long been a favorite tactic for threat actors (hackers) to commence a cyberattack. The rapid expansion of more adaptable and available artificial intelligence (AI) technologies, such as natural language...more
1/5/2024
/ Artificial Intelligence ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Email ,
Employee Training ,
FBI ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Multi-Factor Authentication ,
OCR ,
Phishing Scams ,
Popular ,
Risk Management
As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our Top 10 most popular topics from 2023....more
12/21/2023
/ Artificial Intelligence ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers ,
Securities and Exchange Commission (SEC) ,
Sensitive Personal Information ,
SHIELD Act ,
UK ,
Workplace Privacy
According to a New York Times story this weekend, the Security Exchange Commission’s lawsuit against SolarWinds is driving discussions in boardrooms and corporate security departments of large organizations about the handling...more
11/20/2023
/ Board of Directors ,
Boilerplate Language ,
Chief Information Security Officer (CISO) ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Hackers ,
Incident Response Plans ,
Popular ,
Ransomware ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
SolarWinds
On October 30, 2023, President Biden issued an Executive Order regarding the Development and Use of Artificial Intelligence across the federal government. The Executive Order (EO) is intended to establish new standards for AI...more