2025 has all the ingredients for a critical year in privacy: new laws coupled with active regulators and legislators—both of whom are likely eager to get onto artificial intelligence (AI). As a companion piece to our 2024...more
With 2024 coming to an end, it is time to dust off the quill and ink to put together a recap on privacy and artificial intelligence (AI) developments....more
12/18/2024
/ Artificial Intelligence ,
Cookies ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Enforcement Priorities ,
Machine Learning ,
Personally Identifiable Information ,
Regulatory Agenda ,
Rulemaking Process ,
State Data Privacy Laws
The California Privacy Protection Agency (CPPA) is starting formal rulemaking (again) as they move beyond the pre-rulemaking drafts that were debated for a little over a year. During their November 8, 2024, board meeting, the...more
11/15/2024
/ California ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Office of Administrative Law Judges (OALJ) ,
Regulatory Agenda ,
Regulatory Requirements ,
Rulemaking Process ,
State Privacy Laws
Pennsylvania recently amended their data breach notification law in a way that turns the status quo on its head. The law, Senate Bill 824, adds an obligation to provide regulatory notice and tweaks the definition of personal...more
Pennsylvania's Amended Data Breach Law Upends Standard Framework -
Pennsylvania recently amended their data breach notification law in a way that turns the status quo on its head. The law, Senate Bill 824, adds an...more
Over the weekend, a bipartisan and bicameral group in Congress unveiled a privacy proposal—The American Privacy Rights Act of 2024 (APRA)—along with a brief summary. The APRA builds on existing privacy frameworks at the state...more
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently announced its first settlement agreement related to a ransomware attack. But it was not the ransomware that triggered OCR’s enforcement...more
On April 27th, Washington State’s governor signed the Washington State My Health My Data Act—a law the legislature nominally designed to increase healthcare privacy. But it does more than that. The law uses sweeping...more
Do you use Google Analytics? Do you tell consumers that you do not sell personal information? If you answered yes to both of those questions, then this alert is for you! The California attorney general recently took the...more
California’s legislature overwhelmingly passed (with veto-proof majorities) the California Age-Appropriate Design Code Act (AB 2273) to—at least in theory—regulate companies’ processing of children’s personal information. In...more
Let’s face it: CCPA compliance is not easy. And a recent study provides additional evidence for the commonsense conjecture that companies trying to just “follow the law” often do more or less than is required. In this alert,...more